We've been featured in:

  • bbc logo
  • daily mail logo
  • itv logo
  • skynews logo

Disciplinary Information Data Breach – Can I Claim Compensation?

By Cat Way. Last Updated 30th October 2024. This guide will provide advice on whether you can claim compensation if your employer is liable for a disciplinary information data breach. It is normal for employers to collect, process, and store their employees’ personal data for operational purposes, including their disciplinary information. However, if an employer breaches your data because they failed to put the required precautions in place to keep it safe, then you may be eligible to claim compensation.

So, contact Legal Expert today if your disciplinary information has been exposed in a data breach that has affected you. An advisor will be happy to speak to you about your ordeal. And, if we can see that your employer owes you compensation, we can provide you with an experienced data breach solicitor to handle your claim.

A data breach solicitor behind a digital diagram with padlocks and the word 'data breach' on the diagram.

Select A Section

What Is A Disciplinary Information Data Breach

Personal data relates to information that can identify you as a person, such as your name and national insurance number. Whereas special category data is personal data that needs extra protection because it is sensitive, such as biometric data or data revealing your ethnic origin. Disciplinary information can consist of both personal data and special category data, as these records vary depending on the specific incident.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), data controllers and processors must safely store, handle, and process personal data. 

Data controllers, often an organisation, decide how and why personal data needs to be processed. Data processors act on the data controller’s behalf to actually process personal data. Data controllers can also be data processors, or they can outsource this task to an external third party. 

If a data controller or processor fails to adhere to the UK GDPR and DPA 2018, this is known as wrongful conduct. Some instances of wrongful conduct could lead to a personal data breach. 

Article 4 of the UK GDPR defines a personal data breach as a breach of security that leads to the accidental or unlawful loss, disclosure of, alteration, destruction of, or unauthorised access to someone’s personal data. 

As such, to make a disciplinary information data breach compensation claim, you must meet each of the criteria found in Article 82 of the UK GDPR:

  1. A data controller or processor failed to comply with the data protection laws. 
  2. There was a personal data breach because of this. 
  3. Because of the personal data breach, you suffered either emotionally and/or financially. 

So, contact us if your personal data has been compromised in a disciplinary information data breach. Our advisors can determine whether you’re eligible for compensation.

Is A Disciplinary Record Personal Data?

Disciplinary information is data about disciplinary action against an employee at work. Including information about disciplinary procedures or disciplinary hearings, the employer took out against the employee. Disciplinary information can be highly sensitive because it reveals private information about the employee’s conduct at work.

When personal or special category data are involved in a data breach caused because those responsible for the information failed to protect it accordingly then a data breach claim may be pursued.

How Common Are Breaches Of Data Privacy?

The Cyber Security Breaches Survey 2021 can help us understand how common data breaches or attacks are in the UK. Over 1,400 businesses and almost 500 charities took part in this survey.

  • Of those surveyed 39% of businesses and 26% of charities reported having a cyber security breach or attack during 2021.
  • Medium-sized businesses were the most likely to suffer a cyber security breach or attack. Indeed, 65% of medium-sized businesses that took part reported a cyber security breach or attacks over this period.
  • Moreover, 51% of high-income charities reported a cyber security breach or attack in 2021.

How To Report A GDPR Breach Involving Disciplinary Data

Normally if an organisation suffers a breach that includes personal information of a data subject that will have an impact on their rights they will inform you without undue delay. Moreover, the employer should report this type of data breach to the ICO within 72 hours.

If you suspect that your personal information held by your employer has been breached at work, you should contact your employer to raise your concerns. Subsequently, your employer should provide advice on whether this is the case and what information has been breached. If you believe your employer is not doing enough to rectify the problem, you can escalate the complaint.

But if you are unsatisfied with your employer’s actions, you can complain to the ICO. However, please contact the Information Commissioner’s Office within three months of the last communication with your employer, as the ICO is unlikely to investigate an older complaint.

What’s more, you can contact us about claiming for a disciplinary information data breach. Please call our claims helpline today to speak with an advisor.

How Can I Prove A Disciplinary Information Data Breach?

In order to make a disciplinary information data breach claim, you must be able to provide proof that the breach not only occurred as a result of wrongful conduct but that it affected your personal data and caused you harm. Some examples of evidence that you could collect include:

  • A letter of notification from the organisation responsible, stating that the breach occurred and that it affected your personal data.
  • Medical records or the results of an independent medical assessment that illustrate how the breach has harmed you emotionally.
  • The findings from an ICO investigation of the breach.
  • Any correspondence with the organisation responsible regarding the data breach.
  • Financial documents that show how the breach has affected your finances, such as payslips, invoices, and bank statements.

One of the benefits of working with a solicitor on your data breach compensation claim is that they can help you gather evidence that is relevant to your case. To find out if you could be eligible to work with one of our solicitors, get in touch with our team of advisors today.

How Could Your Employer Expose Your Disciplinary Information?

Accidents or “human error” often cause data breaches at work. Unfortunately, other data breaches happen because of lack of training, poor cyber security defences, fraudulent activities, cybercriminals and so on and so forth. Let’s look at how a potential disciplinary information data breach could occur:

  • An employer could send disciplinary information to the wrong email address.
  • An employer can lose your data. For example, a colleague loses documents containing disciplinary information in a public place.
  • Or, a disgruntled employee may publicly expose disciplinary information data to get revenge on the company.
  • On the other hand, hackers may unlawfully access an employee database and hold the information for ransom.

As we have previously stated to make a data breach claim against your employer, firstly, you need to demonstrate that personal or sensitive data was breached. Secondly, your employer is liable for the breach because they failed to adhere to data protection laws. Lastly, you suffered mental and/or financial losses as a result.

What Disciplinary Information Could Your Employer Breach?

Organisations must keep personal data safe to protect their stakeholder’s privacy. Moreover, protecting personal data helps protect the data subject from fraud or identity theft.

Disciplinary information can include:

  • The employee’s name, address, DOB,
  • National insurance number
  • An employee’s disciplinary record
  • Information about disciplinary proceedings
  • Information about the employee’s performance reviews
  • Data regarding suspensions and other disciplinary measures the employer has taken against the employee.
  • Moreover, the data breach can expose any medical considerations.

Data Breach Compensation Payouts – Examples

You can use the table as a data breach compensation calculator to estimate how much you can claim in non-material damages. The table includes compensation brackets guidelines for psychological damages.

Form Of Psychological InjurySeverityValue
Multiple serious types of psychological harm and material damageSeriousUp to £250,000+
Psychiatric damage generallySevere (a)£66,920 to £141,240
Moderately severe (b)£23,270 to £66,920
Moderate (c)£7,150 to £23,270
Less severe (d)£1,880 to £7,150
Post-Traumatic Stress DisorderSevere (a)£73,050 to £122,850
Moderately severe (b)£28,250 to £73,050
Moderate (c)£9,980 to £28,250
Less severe (d)£4,820 to £9,980

We used guidelines from the Judicial College to create the table (the top row has not come from the JCG however). Data breach solicitors also use Judicial College guidelines to help them value data breach claims. However, if your claim is successful, your compensation may be lower or higher than the table’s contents, as all claims are unique. Please call our helpline, and we can offer you further advice.

There are two types of data breach compensation you can receive:

  • Firstly material damages compensate claimants for financial losses. For example, if fraudsters used your personal data to target you, you may be able to claim back any money you lost.
  • Secondly, non-material damages compensate people for any emotional distress or psychological injuries that the data breach caused.

Find Out More About Making Disciplinary Information Data Breach Claims

To find out if you can make a disciplinary information data breach claim, please contact Legal Expert today. And if we can see that you have legitimate grounds to claim compensation, we will appoint a skilled data breach lawyer to work on your claim.

You can make a No Win No Fee claim. You will only pay a success fee if your data breach claim is successful. So, you are taking less of a gamble with your finances.

You would need to sign a Conditional Fee Agreement. This agreement includes all the terms and conditions of a No Win No Fee service. There are no upfront fees to pay for the solicitor to start working on your case. If for whatever reason the case fails then you do not have to pay for the service the No Win No Fee solicitor has provided. Only when the case succeeds will you pay a success fee.

Please contact us today to inquire about making a No Win No Fee claim for a workplace data breach. You can use the details below to reach out to us.

Where To Read More About Data Breaches

Please read these online guides if you want to know more about claiming compensation for a data breach.

We appreciate you reading our guide to whether you can claim for a disciplinary information data breach.

Meet The Team

  • Patrick Mallon legal expert author

    Patrick Mallon (BA, PgDl) is a Grade A personal injury solicitor and head of our EL/PL department, which handles accidents at work and public liability claims, such as slips, trips and falls. He qualified in 2005 and has over 20 years of experience. Patrick is an expert No Win No Fee lawyer and well-known for his successful case, Billie Mae Smith v McDonalds. You can learn all about Patrick, his qualifications and his experience as a solicitor here. Get in touch today for free to see how Patrick and the team can help you.

    View all posts Personal Injury Solicitor