My Chemist Was Subject To A Data Breach Or Hack, How Do I Claim Damages?
If you’ve fallen victim to a pharmacy data breach, you may have suffered subsequent damage, ranging from financial losses to psychological harm. Providing that the data breach was a result of the pharmacy’s failings, you could be entitled to compensation.
If you find yourself in this situation, this article provides a guide to help you, with a particular focus on making a Gordons Chemist Pharmacy data breach claim. We’ll walk you through the claims process, covering everything from how to establish liability to how much compensation you could be entitled to.
Whether you’d like some more advice on any of the information provided in this article or you’re ready to start making your claim, please don’t hesitate to get in touch with our team at Legal Expert.
Our specialist advisors can provide you with a free consultation, with no obligation to proceed if you don’t want to. Why not see how our solicitors could help you take the first step towards the compensation you deserve today?
- Call 0800 073 8804 to speak to one of our advisors
- Fill out a contact form to receive a call back from us
- Email info@legalexpert.co.uk to begin a correspondence on your case
- Alternatively, just use the live chat feature on your screen to get an immediate response
Select A Section
- A Guide To Gordons Chemist Pharmacy Data Breach Claims
- What Is A Chemist Or Pharmacy Customer Data Breach?
- How Your Pharmacy Should Apply The GDPR
- How A Pharmacy May Have Breached The GDPR
- Examples Of Fines Which Have Been Issued By The ICO
- Should I Contact The ICO About My Personal Data Breach?
- What Could Your Data Breach Claim Against A Pharmacy Include?
- Working Out Your Data Breach Compensation Settlement
- No Win No Fee Gordons Chemist Pharmacy Data Breach Claims
- Find A Data Privacy Breach Solicitor
- Speak To A Data Privacy Breach Solicitor
- Further References Materials
A Guide To Gordons Chemist Pharmacy Data Breach Claims
In order to give you an understanding of Gordons Chemist data breach claims and how you could make one, we’ll begin by defining what we mean when we refer to data and data breaches.
We’ll then explain the legislation surrounding data protection in the UK and how any company handling your data owes you a duty of care to protect your privacy. To contextualise how a pharmacy data breach could happen, we’ll provide some examples ranging from cyber attacks to human error. In addition, we’ll include some past case studies of a similar nature to show you the impacts that a pharmacy data breach can have and how any company failures responsible may be addressed.
Next, we’ll outline the different types of damages that could be compensated as part of a Gordons Chemist data breach claim and how to calculate how much you may be entitled to. Finally, we’ll give you advice on how to claim, offering our top tips for finding legal help and how a No Win No Fee agreement could benefit you.
If you’re thinking about making a claim, we advise you to note the following or you could risk losing out on the compensation that you deserve:
- The limitation period for making a data breach claim is 6 years. Therefore, you must begin legal proceedings no longer than 6 years after the data breach was discovered or any claim that you make may be invalid.
- If your case involves a human rights breach, then this limitation period is reduced to 1 year.
Alternatively, why not save yourself the time and effort and contact our team at Legal Expert instead? Not only could our solicitors handle your case on your behalf, significantly easing the claims process, but their expertise could increase your claim’s chances of success.
What Is A Chemist Or Pharmacy Customer Data Breach?
From your national insurance number to your home address, your personal information could be used to identify you, whether that be indirectly or directly. In this article, this type of information is referred to as data.
A data breach describes the unauthorised disclosure, destruction, leaking or accessing of your personal information without your consent. If your pharmacy suffers a data breach, this could mean that details including your name, date of birth and medical records may be compromised as a result.
This could be done by hackers, targeting your data as part of a cyber attack. Typically, they tend to seek information like your bank or card details for financial gain. In extreme cases, you may even fall victim to an identity theft crime as a result of your data breach, causing irreparable damage to your credit record and other such persisting issues.
Alternatively, data breaches can be caused by human error, meaning those with the responsibility of protecting your privacy breached their duty to keep it safe and secure. For example, paperwork containing your personal information may have been left in view of others. Alternatively, insecure storage could result in the inappropriate accessing of or damage to your personal information.
If you’ve suffered a data breach and you believe your pharmacy’s failings to be responsible for it, you could be entitled to compensation. Please continue reading to learn more about data protection laws in the UK or get in touch with us today to see how our solicitors at Legal Expert could help you make a successful data breach claim.
How Your Pharmacy Should Apply The GDPR
As of 2018, the UK enacted the EU’s General Data Protection Regulation (GDPR) into its legislation as a framework for data protection and privacy practices. These rules are now in force under the Data Protection Act 2018, of which non-compliance is penalised through the issuing of fines.
To help you understand the different roles outlined in the GDPR, here are some definitions that we may make reference to in the context of a Gordons Chemist data breach claim:
- The data subject is the person whose personal information is being processed (you)
- The data controller is the organisation that decides how your personal information is used (Gordons Chemist, in this case)
- The data processor is the organisation responsible for processing your personal information on behalf of the data controller (typically third-party)
This legislation also aims to give you a better sense of control over your data, including what organisations can and can’t do with it. In attempts to make data protection practices more transparent, the way in which an organisation wishes to interact with your data must be outlined in an agreement.
In order for the organisation to proceed, they must have your consent before they do so. If you give an organisation permission to use your data, then they automatically owe you a duty of care to protect any personal information that they collect.
Despite GDPR regulations requiring organisations to have a sound system of data protection in place before they interact with your data, failures can still occur. In the case of a data breach, organisations must inform you if there’s a chance that you could have been affected. What’s more, they’re required to notify you within 72 hours of discovering the breach. Some other GDPR regulations include:
- Data processing practices must be lawful and transparent, keeping the data subject in control of how their personal information can and can’t be used
- Data must be securely protected (in some cases, this may require data to be encrypted)
- Data must only be used within the timeframe that the data subject agreed to
If you believe that your data breach was caused by Gordons Chemist’s failings to comply with GDPR regulations, you could be entitled to make a claim against them for your suffering if you can prove the breach and the harm caused. For more information on how a pharmacy data breach could happen, please continue reading or contact one of our specialist advisors at Legal Expert today.
How A Pharmacy May Have Breached The GDPR
As previously mentioned in this article, data breaches can be caused by a variety of factors, from cyberattacks to human error. Some examples that could put pharmacy data at risk include:
- Hackers could target your pharmacy’s database on which your personal details are stored, jeopardising the privacy of your information.
- If a pharmacy keeps your outdated personal details on record, they could risk sending your sensitive information to someone else by mistake.
- Pharmacy staff could inappropriately access your personal data without any valid reason to do so, which you won’t have consented to.
To illustrate using a real incident, we’ve included a past case of a pharmacy data breach to demonstrate how these incidents could happen.
The case involves Well Pharmacy, the largest independent pharmacy in the UK. In 2018, Well Pharmacy mistakenly emailed out personal details of over 24,000 of its employees. However, this was simply the result of human error.
The compromised data included names, home addresses, telephone numbers and email addresses, all of which could be used to identify each of the employees affected by the breach. Despite the emails being recalled as soon as the mistake was realised, the risk of employees’ personal details being viewed, shared or used without the subjects’ permission remains to this day.
Source: https://www.pharmaceutical-journal.com/news-and-analysis/news/well-pharmacy-apologises-after-leaking-personal-information-in-data-breach/20205935.article
Examples Of Fines Which Have Been Issued By The ICO
In this section, we’ll present another case study of a pharmacy data breach. However, this case was investigated by the Information Commissioner’s Office (ICO), so we’ve included their findings to illustrate how data protection failings can be penalised.
The case study involves Doorstep Dispensaree Ltd, a medical supplier for customers and care homes. In 2019, over 500,000 files containing confidential personal details were left in unlocked storage units, failing to protect them against unauthorised access. In addition, some of the documents had sustained significant water damage as a result of being inappropriately stored, meaning data was susceptible to accidental loss or destruction.
As the company was in breach of GDPR regulations, it was reported to the Information Commissioner’s Office (ICO) and underwent an investigation for carelessness. As they found their data protection practices to be negligent, subsequently jeopardising personal details including names, addresses and medical information, the ICO fined Doorstep Dispensaree Ltd £275,000.
Source: https://ico.org.uk/action-weve-taken/enforcement/doorstep-dispensaree-ltd-mpn/
Please continue reading for more information on the ICO and how they could help your Gordons Chemist data breach claim. Alternatively, please contact one of our specialist advisors at Legal Expert today for a free consultation on your situation.
Should I Contact The ICO About My Personal Data Breach?
If you believe an organisation to be in breach of GDPR regulations in their data protection practices, you could report them to the Information Commissioner’s Office (ICO). The ICO is an independent organisation providing guidance to organisations that interact with your data. They aim to ensure that GDPR regulations are being adhered to and issue fines for any failings that could compromise data in any way.
You could raise a concern with the ICO if you’ve suffered a data breach and you’d like to see whether the ICO believes the organisation in question was responsible for it. If you wish to make a Gordons Chemist data breach claim, you could potentially use the ICO’s findings against them to evidence your case.
However, please note that any of the ICO’s findings simply act as guidance. Therefore, they can’t be used as hard evidence. Even if the ICO finds an organisation liable for your data breach, this doesn’t guarantee that you have a successful claim against them.
Furthermore, the ICO doesn’t award compensation, regardless of their findings. As their purpose is simply advisory, their investigations only seek to encourage proper data protection practices rather than provide you with justice.
What Could Your Data Breach Claim Against A Pharmacy Include?
In most cases, compensation for data breach victims is calculated according to the following two types of damage—material and non-material damage.
- Material damage accounts for financial losses suffered as a result of your data breach. For example, if your card details were accessed by criminals, you may have been robbed or suffered irreparable damage to your credit record. In extreme cases, your personal data may have been used as part of identity theft.
- Non-material damage accounts for psychological harm suffered as a result of your data breach. For example, you could be experiencing Post-Traumatic Stress Disorder (PTSD) caused by your sensitive information being leaked without your consent.
At Legal Expert, our specialist advisors offer free consultations so you can see how much you could be entitled to receive. Please get in touch today to get an estimated settlement figure on your claim or continue reading the next section to learn more about data breach claim payouts.
Working Out Your Data Breach Compensation Settlement
As part of your Gordons Chemist data breach claim, you could be entitled to compensation for your suffering, regardless of whether any financial loss was incurred as a result.
In the past, data breach claims required monetary damage to have been caused in order for any compensation to be awarded. However, the case of Vidal-Hall and others v Google Inc in 2015 changed things, now allowing psychological harm caused to be compensated alone. In other words, non-material damage can now be compensated regardless of material damage.
Following this, data breach claims relating to non-material damage can be valued in accordance with personal injury claims, using the Judicial College Guidelines (JCG) as guidance. The table below provides some examples of awards for non-material damage:
Type of Suffering | Severity | Compensation Bracket | |
---|---|---|---|
Post-Traumatic Stress Disorder (PTSD) | Severe | £56,180 to £94,470 | The claimant’s trauma will affect their ability to function as before, being grossly disabling overall. |
Post-Traumatic Stress Disorder (PTSD) | Moderate | £7,680 to £21,730 | The claimant will experience lasting effects of their trauma but is projected to make a full recovery. |
Post-Traumatic Stress Disorder (PTSD) | Less severe | Up to £7,680 | Any of the claimant’s lasting symptoms will be minor, with a full recovery projected to be made in up to 2 years. |
As you can probably gather from this table, compensation for non-material damage is valued depending on the extent of your suffering. If you acquire legal help to give your claim the best chance of success, your solicitor will arrange for you to be medically examined by an independent expert to help accurately value your case. The resulting report will assess how you’ve been affected by the data breach and how your overall quality of life has been impacted.
If you’d be interested in learning how much compensation you could be entitled to, please get in touch with our team at Legal Expert today.
No Win No Fee Gordons Chemist Pharmacy Data Breach Claims
If you’re worried about legal fees or the financial risk involved in making a claim, our solicitors always work on a No Win No Fee basis to alleviate any anxieties you may have. At Legal Expert, we believe you should never have to be out of pocket for a data breach that wasn’t your fault. Instead, you should be able to pursue the compensation that you deserve without risking your money.
In case you’re unfamiliar with a No Win No Fee agreement, some benefits include:
- You don’t have to pay your solicitor if they don’t win your case
- There aren’t any hidden fees at any point of your claim
If our team believes that they can win your claim for you, they’ll take on your case on a No Win No Fee basis and begin collecting evidence right away. If they win your case, they’ll take what’s called a ‘success fee’, which is a small percentage of your settlement to cover legal fees. However, this fee will be outlined in your agreement to avoid any surprises and is capped by law to ensure you receive the maximum compensation that you deserve, so it’s nothing to worry about.
Find A Data Privacy Breach Solicitor
A solicitor can improve your claim’s chances of success, utilising their expertise and knowledge of the legal system to win you the compensation that you deserve. But how do you choose the best service for you?
You could ask for recommendations from family and friends or use online reviews to inform your decision. Or you could save yourself the time and get in touch with us at Legal Expert today. With years of experience and a plethora of positive reviews, why not see how our solicitors could help you today?
Speak To A Data Privacy Breach Solicitor
Our specialist advisors offer free consultations, with no obligation to proceed. So whether you’d like to begin your claim or get some more advice on your situation first, please don’t hesitate to get in touch with our team at Legal Expert today:
- Call 0800 073 8804 to speak to one of our advisors
- Fill out a contact form to receive a call back from us
- Email info@legalexpert.co.uk to begin a correspondence on your case
- Alternatively, just use the live chat feature on your screen to get an immediate response
Further References Materials
Thank you for reading our article on how to make a Gordons Chemist data breach claim. We hope you’ve found the information provided in this guide helpful. To finish, please see the additional resources we’ve provided below for more information:
For more information on the pieces of data protection legislation mentioned in this article, please click the links below:
To learn more about the services that we provide, please take a look at the articles linked below and see how we could help you:
- Professional negligence claims – our guide to claiming compensation for suffering as a result of professional negligence.
- Claim limitation periods – here you’ll find the latest time limits on compensation claims to help ensure you don’t lose out on the compensation that you deserve.
- No Win No Fee services – everything you need to know about a No Win No Fee agreement and why our solicitors at Legal Expert choose to work with clients on this basis.
Other Useful Guides
- Rochdale Council Data Breach
- Bracknell Council Data Breach
- Derbyshire County Council Data Breach
- Derbyshire Dales District Council Data Breach
- Durham County Council Data Breach
- Durham University Data Breach
- Easyleads Limited Data Breach
- Edinburgh Napier University Data Breach
- EE Data Breach Compensation Claims
- Falmouth University Data Breach
- Fatface Data Breach
- Flagship Group Data Breach Compensation Claims
- Glasgow Caledonian University Data Breach
- Go Compare Data Breach Compensation Claims
- Employer Personal Data Breach Compensation Claims
- Greater London Authority Data Breach
- Greater Manchester Combined Authority Data Breach
- Halton Borough Council Data Breach
- Harlow District Council Data Breach
- Harper Adams University Data Breach
- Medical Data Breach Compensation Claims
Guide by Mavers
Edited by Billing