Morrisons Pharmacy Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Morrisons Pharmacy Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Morrisons Pharmacy Data Breach

I Was Affected By A Morrisons Pharmacy Data Breach, How Do I Claim Damages?

This article is going to explain when Morrisons Pharmacy data breach compensation claims might be required. Ever since the implementation of the General Data Protection Regulation, or GDPR as you’ll often hear it called,  organisations need to obtain your permission to use your personal information.

The GDPR was passed into British law when The Data Protection Act 2018 was enacted and it now means that if your information is leaked in a data breach, you could be entitled to claim compensation.

Morrisons Pharmacy data breach claims guideThe rules of the GDPR mean that individuals now have a say in who can use their personal data, the reasons they can use it and who it’s allowed to be disclosed to.

Companies like Morrisons Pharmacy also have a duty under the new regulations to implement procedures and systems so that data remains secure. In most cases, your data is completely safe, but mistakes can happen which lead to data being exposed in ways you’ve not permitted. Therefore, we’ll look at how you could suffer following a data breach and when you might receive compensation.

Legal Expert is here to help you if you decide you’d like to make a claim. Our specialist advisors provide a no-obligation consultation about your case over the phone, a well as free legal advice. If the claim appears to have a chance of success, they’ll refer you to one of our solicitors. Should they agree to work on your case, they’ll do so on a No Win No Fee basis.

To discuss your options with an advisor today, please call us on 0800 073 8804. Alternatively, to find out more about making a data breach claim before calling, please read the rest of this guide.

Select A Section

A Guide To Data Breach Claims Against Morrisons Pharmacy

The way in which organisations obtain information about you has changed over recent years. Since the GDPR was launched you’ll probably notice that you’re being asked to agree to things a lot more. For instance, when you visit a new website, a pop-up box will ask you to agree to the use of tracking cookies.

In the same way, when you register for medical services, you’ll often need to tick boxes to agree to who your data can be shared with. These methods are used by companies so that they can fulfil their legal obligations under the GDPR. What’s vitally important is that once they’ve obtained your choices, they abide by them.

Over the course of this guide, we’ll show you why you might need to make a claim for a Morrisons Pharmacy data breach. To do this, we’ll look at what can cause a data breach to occur and the harm they can lead to. We’ll also look at how much compensation you could receive.

If you are going to start a claim, you need to know that there is a 6-year time limit to do so. The limitation period is just 1-year if the claim relates to a breach of your human rights.

Although 6-years is a long time, we always advise that it’s best to start a claim as soon as you’re able to. Not only will you find it easier to recall what’s happened and how you’ve been affected in the months after the event, but your solicitor will also find it easier to collect the evidence required to support your claim.

When you’ve read this guide about claiming for a Morrisons Pharmacy data breach, please feel free to contact our team if you have any outstanding questions or if you’d like to start your claim today.

What Is A Morrisons Pharmacy Data Breach?

Data breaches can happen in a variety of different ways and we’ll provide some real-life examples later on. In terms of the GDPR, a personal data breach is defined as a breach of security that causes your personal information to be lost, accessed, destroyed, altered or disclosed in ways that you have not approved. The reason the breach occurred could be accidental or down to a deliberate act and, importantly, could include physical information as well as electronic data. The Information Commissioner’s Office (ICO) has the legal power to fine organisations for data breaches even if no harm is caused.

You might think of a breach being caused by weak computer or network security that allows data to be hacked, but while that is one way a breach can happen, it’s also possible for data breaches to be caused as a result of human error.

For example, a data breach could happen if a letter containing personal information about you is posted to the wrong address. Another example is where documentation containing identifiable information is disposed of in the bin rather than being sent to a company who deals with confidential waste.

If a company finds out that a data breach has taken place which has the potential to put you at risk, they need to let you know what happened, the information that was disclosed and when the breach occurred. They also have a duty to let the ICO know about the breach too.

If you’d like to talk to us about a Morrisons Pharmacy data breach, please contact us today and let one of our team assess your potential case for free.

How A Pharmacy Should Protect Your Private Data

Within the 88-pages of the GDPR, there are some useful definitions which make it easier to understand who is responsible for your data. Here are some of those definitions:

  • The data subject – this is the person whose personal information will be processed by the company i.e. you if you’re the pharmacy’s customer.
  • A data controller – the company (Morrisons Pharmacy in this case) who is responsible for defining why and how your data will be processed.
  • The data processor – an individual or organisation who has the responsibility of processing the data on behalf of the data controller.

In addition to these roles, there are several data processing principles outlined within the GDPR, and they include:

  • Any form of data processing must have a legitimate purpose behind it and the data subject must be made aware of it.
  • The processing of data should be fair, lawful and transparent.
  • Personal information that has previously been processed must be kept up to date.
  • A data processor must only collect the minimum amount of information required to fulfil the processing requirement.
  • Data processing must be secure and confidential.
  • An organisation can only retain personal data for as long as was agreed at the point of processing it.
  • The data controller has to be able to show that they comply fully with these objectives.

If you’d like to let us know how you’ve been affected by a data breach so we can see if you’re eligible to start a claim, please contact us today.

How A Pharmacy My Be In Breach Of Data Laws

It’s now time to take a look at some examples of how a pharmacy data breach might happen. Here are some examples:

  • When emails, text messages or letters containing your personal information are sent to the wrong person.
  • If a computer with your details on the screen is left unlocked and non-pharmacy staff or members of the public view your information.
  • Where prescriptions or medical records are disposed of incorrectly.
  • If the computer system is affected by malware, ransomware or a virus.
  • Where your prescription is handed to the wrong patient and they’re able to identify you and possibly the illness you’re suffering from.

This is just a few examples of how a data breach could occur. If you believe you’ve suffered as a result of a data breach in a pharmacy and would like our help to start a claim, please call our team today.

Examples Of Fines Issued By The ICO To Pharmacies

As we discussed earlier in this article, the Information Commissioner’s Office can step in and investigate data breaches. They also have the power to fine any organisation who’ve broken data protection laws. In this section, we’ll look at some cases that the ICO have been involved with.

The first case, relating to Well Pharmacy, didn’t involve the loss of any patient data at all. Instead, this breach of the GDPR was related to staff records which were mistakenly sent out in an email.

The attachment contained the names, phone numbers, payroll numbers, addresses and email address of around 24,000 members of locum workers and staff.

Once the mistake was spotted, the company made attempts to recall the message but still had to report the incident to the ICO and carry out its own investigation.


In a separate case, the ICO had to fine a pharmacy in London £275,000 after 500,000 patient records were found in unlocked cabinets at the back of its property. The documents were reported to be water damaged which meant they hadn’t been stored appropriately and they appeared to have been there for a long time.

While the company had argued that the courtyard in which the containers were kept was locked, the ICO report highlighted that tenants of the adjoining residential flats could easily bypass security measures by entering the courtyard through a fire exit.

Reporting A Data Breach To The Information Commissioner’s Office

If you would like to make a claim against a pharmacy following a data breach, you may need to gather evidence to show what happened. This is not something you’re likely to be able to do yourself and you may only find the information you need if you complain to the company involved or the ICO.

When you complain to the pharmacy, they should respond with the findings of their investigation. If you’re not satisfied with their response, their letter should explain who you can escalate the complaint to. After you’ve complained at the highest level possible within the pharmacy, you could ask the ICO to investigate if you’re still not happy with the outcome.

Information on the ICO website states that you should contact them when it’s been 3-months since the last contact with the pharmacy. If you leave it too long, the ICO might choose not to investigate so please bear that in mind.

Another thing to bear in mind is the only way in which you’ll receive compensation is to raise a case directly against the pharmacy in question. That’s because the ICO is not able to award compensation for a data breach; all they can do is fine the company for any security lapses.

If it’s been 3-months since you had meaningful contact with the pharmacy, why not call Legal Expert if you’ve decided that you’d like to make a claim. If your case is taken on, your solicitor will review the case and decide whether to try and reach a settlement on your behalf directly with the company involved. However, it may prove necessary to use an ICO investigation to help prove what happened.

What May Be Claimed If Subject To A Pharmacy Data Breach, Leak Or Hack?

It’s now time to take a look at what you could claim for in a data breach compensation claim. We’ll also look at potential compensation amounts and how using a No Win No Fee agreement could make the claim less risky.

When your solicitor requests compensation for you, they’ll usually split the claim into two parts:

  • Material damages are claimed when you’ve suffered an actual financial loss following the data breach i.e. you’ve lost money or your credit rating has been affected.
  • Non-material damages are claimed if you’ve suffered psychological injuries due to the breach.

There are a lot of different things you could ask to be compensated for but we can’t list them all here due to the fact that people are affected in different ways, which means no two claims are the same.

For example, when your solicitor assesses the value of your financial losses, they may have to consider future losses as well. This could be the case if your personal details were used by a cybercriminal to obtain finance which could affect your credit file for years to come.

Similarly, when considering a claim for psychological damage, your solicitor will need to ask a medical specialist to assess how anxiety, depression or stress have affected your relationships, work, everyday life or education.

If you start a claim with Legal Expert, and it’s accepted, your solicitor will assess your claim with you and let you know everything that you could claim for so why not contact us to get started today?

Check The Value Of A Pharmacy Data Breach Damages Claim

Now we’re going to show you how much compensation could potentially be paid in a data breach claim. Unlike some claims, a data breach claim can be made for non-material damages even if you haven’t suffered a financial loss. The right to do so came from a Court of Appeal hearing, Vidal-Hall and others v Google Inc [2015], in which the judges also decided that settlements should be awarded for psychological harm stemming from a data breach in accordance with personal injury claims.

Therefore, we’ve created the table below that shows some example compensation figures for different psychological injuries which could be caused by a data breach. The values listed are taken from the Judicial College Guidelines which is a document that courts and lawyers use to help decide settlement amounts.

Claim Injury Level Compensation Details
General Psychiatric Injury Severe £51,460 to £108,620 For this type of claim, the victim will have received a poor medical prognosis. They will suffer with marked problems relating to relationships and have problems coping with life, work and education. They are highly likely to be vulnerable in the future and there will be little hope of treatment helping them.
General Psychiatric Injury Moderately Severe £17,900 to £51,460 For this type of claim, the victim will suffer significant problems to those listed above but the medical prognosis will more optimistic.
PTSD Severe £56,180 to £94,470 The claimant will suffer with permanent PTSD symptoms in this category such as nightmares, flashbacks, mood disorders and sleep disturbance. These symptoms will prevent the claimant from returning to work or pre-trauma levels.
PTSD Moderately Severe £21,730 to £56,180 In this category, there will be some chance of recovery with the help of a medical specialist leading to a better prognosis than above.
PTSD Less Severe Up to £7,680 This category is used when the claimant has just about recovered (in around 1 to 2-years) from the main symptoms and only has minor issues remaining.

One of the key roles your solicitor has is that they need to provide sufficient evidence that proves the extent of your suffering. That means that as part of the claims process, your solicitor will ask you to attend a local medical assessment.

During the appointment, a medical specialist will ask you questions about the impact of the data breach and they may also refer to your medical records. Once they’ve completed the appointment, a report will be written containing their findings and sent to your solicitor.

No Win No Fee Data Protection Breach Claims Against Morrisons Pharmacy

If you’re one of the many people who worry about the costs involved when making a data breach claim, we can help! That’s because our team of solicitors provide their service on a No Win No Fee basis for any claim they accept. Not only does that mean your financial risk is reduced but you’ll also find the whole process a lot less stressful too.

Your solicitor will, of course, need to verify your case has good grounds before agreeing to a No Win No Fee service. Once they’ve done so, they’ll prepare a Conditional Fee Agreement (CFA) for you.

The CFA will list the services that the solicitor will carry out for you and explain that:

  • No payment is required upfront.
  • There are no hidden fees or solicitor’s fees during the claims process.
  • You won’t have to pay solicitor’s fees should the claim fail.

In addition, the CFA will tell you about the ‘success fee’ that’s payable in the event that your solicitor wins the case for you. It is a small percentage of your compensation which is used to cover the solicitor’s costs. So you know how much you’ll pay at the start of your claim, the success fee percentage (which is capped by law) is listed in the CFA.

Finding A GDPR Or Data Protection Breach Solicitor

OK, we’ve told you why you can claim and how much you might be paid but how do you select the best solicitor to take your case on? Some people look for the law firm who is most local to them, some choose to read online reviews, and others simply ask a friend for a recommendation. While each of these could help you, you might not get the solicitor you were hoping for and the whole process could become quite time-consuming.

To make the process a lot simpler, you could just call the team at Legal Expert. You’ll be able to ask as many questions as you like before agreeing to let us represent you and you might be referred to one of our specialist solicitors too. Remember, our team of solicitors will work for you on a No Win No Fee basis if they take your claim on.

Contact A Medical Data Breach Solicitor

To start your claim today or to ask questions about the claims process you can:

Extra Pharmacy Claims Resources

You’ve now completed this article about Morrisons Pharmacy data breach claims. In this last section, we’ve added some additional guides and links which we think you might find useful:

Morrisons Accident Claims – Advice on claiming for personal injuries following an accident in Morrisons.

Prescription Error Claims – Details on how to claim compensation if you suffer after being given the incorrect medicine.

Supermarket Accident Claims – Information on how you could claim compensation for injuries sustained in a supermarket accident.

Correcting Data – Advice from the ICO on how to have personal data corrected.

Pharmacy Standards – Information from the General Pharmaceutical Council about professional standards in pharmacies.

Employer Records – Government advice on what personal information an employer can keep without your permission.

Other Useful Compensation Guides

Guide by Hambridge

Edited by Billing

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts