Pharmacy Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Pharmacy Data Breach
My Pharmacy Was Subject To A Data Breach, How Do I Claim Compensation?
In this article, we’re going to look at when you might receive compensation for a pharmacy data breach. Since the General Data Protection Regulation (GDPR) was introduced (and enacted into law here by the Data Protection Act 2018), individuals have been given a lot more control over who can request their data, how long it is kept for and who it is shared with. Throughout this guide, we’ll look at when you could make a data breach claim if you find out that your personal information has been leaked.
The GDPR places a duty on pharmacies (and other organisations who hold data) to ensure that they have sound systems and processes in place to secure your data. They are also obliged to inform you and in some cases the Information Commissioner’s Office (ICO) when a data breach has happened.
While most pharmacies have secure systems in place, data breaches are still possible, and they’re usually caused by simple mistakes. If your data is exposed in a breach, then you could go on to seek compensation for the harm caused.
Legal Expert is here to help if you decide that a claim is necessary. Our advisors offer a no-obligation assessment of any claim along with free claims advice. If the claim appears viable, you’ll be referred to a specialist solicitor who could offer a No Win No Fee service if they accept your claim.
Please call us today on 0800 073 8804 if you’d to begin a pharmacy data breach claim. Otherwise, please carry on reading to find out more.
Select A Section
- A Guide To Pharmacy Data Breach Claims
- What Is A Breach Of Pharmacy Customer Data?
- How The GDPR Relates To Pharmacies
- How Pharmacies Could Breach The GDPR And Data Protection Law
- Examples Of ICO Fines Received By Pharmacies
- Making A Complaint To The Information Commissioner’s Office
- What Could You Claim For After A Medical Data Breach Or Leak?
- Working Out How Much Compensation Data Breach Victims Could Claim
- No Win No Fee Pharmacy Data Protection Breach Claims
- Finding Data Protection Breach Solicitors
- Contact A Data Breach Solicitor
- Extra Resources
A Guide To Pharmacy Data Breach Claims
The GDPR affects most of us on a daily basis. While it’s a good thing because it helps to protect our data, it can be annoying at times too! It’s the reason that those pop-up boxes appear on websites asking you to allow tracking cookies to be used. When a website asks you to agree, they are complying with their duties under the GDPR.
In the same way, when you register with a pharmacy or you sign up to a new service they’re offering, you’ll likely be asked to fill out some forms. They might be online or paper-based and they’ll probably have questions or tick-boxes regarding your data. In general, you’ll be asked if the pharmacy can use your data for different purposes such as sharing it with the likes of the NHS or marketing preferences. Once your preferences have been recorded, it’s important that the pharmacy only uses your information in the ways that you’ve agreed.
As we progress, we’ll provide data breach examples, explain the data breach claims process and explain why making a claim is different from the GDPR fines process.
This article will help you to understand how a pharmacy data breach might occur, when you might be allowed to claim compensation, and what amount might be awarded. The time limit for making a data breach is 6-years (or 1-year for claims relating to human rights breaches). While that’s a long period of time, our advice is that starting earlier will make it easier to remember what happened after you became aware of the data breach by the pharmacy.
What Is A Breach Of Pharmacy Customer Data?
The easiest way to define a data breach is when any type of information, which contains your personal information, is accessed, disclosed, lost or destroyed in a way which you have not authorised. It doesn’t matter if the reason for the data breach was accidental or a deliberate act, it could mean you’re entitled to ask for compensation.
Remember, if there is a pharmacy data breach, it could contain sensitive or personal information about you such as your personal details or the medication you’ve been prescribed. If that information reaches the wrong hands, it could cause distress, embarrassment or even used in crimes such that affect your finances for many years.
Most people probably think of a data breach happening because the data is hacked in a cybersecurity breach or cyberattack. While that is a possibility, it’s more likely that a privacy violation will happen because of human error. For instance, a data breach could happen simply because a printout containing your name, address and telephone number was left on the pharmacy counter and read by another customer. Another example might be where the pharmacy emails or posts a letter intended for you to another patient’s address.
If you are made aware of a pharmacy data breach that has affected you, please call Legal Expert for free advice on starting a data breach compensation claim. We’ll guide you through the process of making a personal data breach claim and could refer you to a specialist solicitor if your case has a reasonable chance of success.
How The GDPR Relates To Pharmacies
The GDPR affects most organisations in the UK, including pharmacies. It’s designed to provide individuals with some control over who holds their data, how it’s used and when it’s shared. The phrase ‘personal data’ means any type of information that can directly, or indirectly, help to identify you. For instance, personal data can include your name, address, email address, biometric information, gender or ethnicity.
There are several roles defined within the GDPR rules. Anybody identified as a data processor is bound by several key principles regarding data, which include:
- Any data subject i.e. the patient, has to be informed of the purpose behind why information about them is going to be processed.
- Data must only be retained for as long as defined at the point of collection.
- Any personal information needs to be kept up to date.
- It’s important that only the minimum amount of data is collected.
- Collection of data should be confidential and secure.
- Processing of any data should be fair, transparent and lawful.
- The data controller (or person holding the data) should be able to demonstrate compliance of these principles.
As explained earlier, data breaches don’t just occur because of computer or network security issues. For instance, the principle that data should be stored securely could mean that a pharmacy has a lockable cabinet if storing paper records containing your personal information.
If you suspect that a pharmacy data breach has occurred because your pharmacy has broken GDPR rules, then you might be entitled to seek compensation for any harm caused. If that’s the case, why don’t you pick up the phone and call Legal Expert for free advice today?
How Pharmacies Could Breach The GDPR And Data Protection Law
We’ve already discussed some ways in which data breaches in pharmacies can occur but, in this section, we’re going to provide some more specific examples. Although the GDPR is relatively new, all staff within a pharmacy should now have been trained fully on their legal obligations under the law. Therefore, if your personal information is disclosed in a way you’ve not approved, you could go on to start a claim.
Here is a list of situations that could lead to a pharmacy data breach:
- Pharmacy employees accessing your records when there’s no medical requirement to do so.
- If the pharmacy sells or shares your information to another organisation.
- Where your prescription or records containing identifiable information are left in public view.
- If a member of the pharmacy staff leaves your records on their computer screen while away from their desk and its visible to customers.
- Computer problems like ransomware, a cyberattack, malware or viruses.
- If another patient receives a letter that should have been sent to you in the post or by email.
When mistakes happen, it’s possible you, or the pharmacy might never find out. If the pharmacy does discover what’s happened though, they should contact you to tell you about the data breach and explain what details were accessed.
Examples Of ICO Fines Received By Pharmacies
Now we’re going to look at cases where the ICO has issued a fine for breaking GDPR rules. In the first case, a London pharmacy data breach led to the issuing of a £275,000 fine by the ICO. Doorstep Dispensaree Ltd is a pharmacy that provides medications to care homes and individual customers.
It was fined because approximately 500,000 documents were found in unlocked storage containers at its premises in Edgware, London. Some of the documents dated back to June 2016. As the containers were outside, some of the documents were water damaged.
The reason for the fine was that the documents contained patient names, addresses, NHS numbers, dates of birth, prescription information and medical information relating to an unknown number of patients.
The ICO Doorstep Dispensaree investigation was started after concerns were raised by the Medicines and Healthcare Regulatory Agency.
In a slightly different case, where it’s unknown if a fine was issued by the ICO, the Well Pharmacy group sent identifiable personal data relating to 24,000 staff in an email.
A document attached to the email had a list of names, email addresses, phone numbers, home addresses and payroll numbers for each member of staff. While the email was immediately recalled, there is a chance that the leaked information is still at large. The Well Pharmacy data breach was being investigated by the company and they had informed the ICO and were waiting for feedback.
Making A Complaint To The Information Commissioner’s Office
When you find out about a data breach containing your personal information, you may well decide that you’d like to claim compensation for any harm it has caused. While you’re well within your rights to do so, you might find it difficult to identify why the breach happened and what information was leaked.
One way you could try to obtain this information is to make an official complaint to the pharmacy. They should investigate what happened and provide you with some answers. If you’re unhappy with the information provided, you could take your claim to the Information Commissioner’s Office (ICO) and ask them to investigate what happened.
If this is the route you’re going to take, you need to be aware that the ICO doesn’t usually investigate cases that have taken a long time to reach them. Therefore, you should let them know what’s happened around 3-months after your last meaningful contact with the pharmacy.
One thing you should bear in mind is that while the ICO can fine companies in the UK, they can’t award you any compensation. That’s why we advise you to hire a solicitor to begin a claim against the pharmacy directly.
In some cases, your solicitor could negotiate on your behalf and try to settle the claim with the pharmacy without the need for an ICO investigation. In other cases, it might be useful to have the results from the ICO to make proving what happened easier. When you discuss your claim with your solicitor, they’ll explain what process they would like to follow. Therefore, we’d advise checking with a solicitor before making a formal complaint.
What Could You Claim For After A Medical Data Breach Or Leak?
So far in our article, we’ve tried to answer the question, “Can I get compensation for a data breach?” Over the next two sections, we’re going to review what you can claim for and how much might be paid. When you make a data breach claim, it is possible to seek damages for:
- Material Damage. This usually relates to any financial losses you’ve incurred as a direct result of the data breach. For instance, you might’ve lost out if your data was used in an identity theft crime.
- Non-material damage. This will relate to any psychological injuries that have been caused by the data breach, such as anxiety, sleeplessness or depression.
The way in which you have suffered will be unique to your case so we can’t explain exactly what you can claim for in this guide. However, once your claim has been assessed by one of our solicitors, you’ll be told what can be included. Importantly, unlike other types of claims, you are able to seek compensation even if there has been no financial impact.
If your claim is accepted, your solicitor will need to assess how you’ve been affected. For instance, they’ll consider whether anxiety, stress, distress or depression has caused you to struggle with life, education or work and whether it’s caused problems with your friends or family. Furthermore, if there’s been a financial impact, your solicitor will consider whether this is a long-term issue that could affect your ability to obtain credit, for instance.
As you can see from the information above, the process of claiming for a data breach isn’t as straightforward as you might think. Therefore, why not let one of our specialist solicitors manage your claim for you? Their experience and knowledge could prove vital in helping you secure the right amount of compensation for your case.
Working Out How Much Compensation Data Breach Victims Could Claim
Proving how much compensation should be paid for a data breach is quite a tricky thing to do. However, a case at the Court of Appeal (Vidal-Hall and others v Google Inc ) established that it’s possible to compensate a victim for a data breach even if they didn’t incur any financial losses. That means it’s possible to claim for any psychological harm caused by the breach and the judgment by the court suggests that payments should be made in line with personal injury law.
Therefore, we’ve listed some example compensation figures that could be relevant in the table below. The figures are taken from a document that courts, insurers and solicitors use when valuing claims called the Judicial College Guidelines (JCG).
|Claim||Severity||Range of Compensation||Additional comments|
|Psychiatric Damage (general)||Moderate||£5,500 to £17,900||In this category, the claimant will have struggled to cope with life events and relationships, but there will be good prognosis and there will already have been a marked improvement.|
|Psychiatric Damage (general)||Moderately Severe||£17,900 to £51,460||This award is for where there the claimant has struggled to deal with life, work or education and managing relationships. There may also be some future vulnerability but overall the prognosis will be optimistic.|
|Psychiatric Damage (general)||Severe||£51,460 to £108,620||Compensation in this category is awarded for cases where the prognosis is poor and there are marked problems with the claimant's ability to maintain relationships, where there is future vulnerability and where the claimant struggles to cope with life, work or education.|
|Post-Traumatic Stress Disorder||Moderately Severe||£21,730 to £56,180||While the effects of PTSD are like to lead to significant disability for the foreseeable future, there should be some improvement with professional support.|
|Post-Traumatic Stress Disorder||Moderate||£7,680 to £21,730||This category is for cases where the claimant has largely recovered and, if there are any continuing symptoms, they won't be grossly disabling.|
As the JCG base settlements on the severity of your illness, your solicitor will need to provide evidence that demonstrates exactly how you’ve suffered. To do this, during the claims process, you’ll be asked to attend a local medical assessment. During the appointment, a medical specialist such as a psychiatrist will ask questions about the effect the data breach has had on you. They’ll also review any relevant medical records. After the appointment is over, a report will be written with the specialist’s findings and sent to your solicitor.
No Win No Fee Pharmacy Data Protection Breach Claims
We know from experience that many potential claimants never make a claim because they’re too worried about losing money if their claim fails. To ease that worry, and to reduce your financial risk when claiming, our team of solicitors offer a No Win No Fee service for any claim they accept.
They will, of course, need to review the case before agreeing to work on that basis but, once they’re happy to continue, they’ll provide you with a Conditional Fee Agreement (CFA) to sign.
The CFA is the contract that is used to fund the solicitor’s work. It provides you with many benefits, including:
- You won’t be charged any upfront fees.
- You won’t be asked to pay solicitor’s fees while the claim continues.
- If the claim is unsuccessful, you’re not liable for any solicitor’s fees.
Should the claim be won, and you receive compensation, the solicitor will retain a small portion known as a success fee to cover their work. So that you’re aware of the percentage you’ll pay, the success fee (which is limited by law) is listed in the CFA clearly.
Finding Data Protection Breach Solicitors
When looking for a solicitor to help you claim, you might search for local data breach solicitors, read reviews or ask friends for their recommendations. While these could all help you find the right law firm to help you, it’s possible to save yourself time by calling Legal Expert instead.
Contact A Data Breach Solicitor
To contact Legal Expert to discuss your claim you can:
- Call us on 0800 073 8804 and speak to a fully trained advisor.
- Start an online claim and we’ll call you back at a suitable time.
- Ask an online advisor for advice using our live chat feature.
- Email us on email@example.com with a summary of your claim.
Finally, we’d like to provide you with some additional resources and guides that we think could prove useful. Please contact us if there’s anything else you’d like to know.
Pharmacy Compensation Claims – This guide explains when a mistake caused by a pharmacy could lead to compensation.
NHS Claim Time Limits – A guide which explains what time limits apply to different types of claims.
Hospital Negligence Claims – Information on lodging a compensation claim against a hospital whose negligence has caused you to suffer.
Pharmacy Complaints – Guidance on the correct process to follow if you’d like to complain about a pharmacist.
Pharmacy Inspections – The Care Quality Commission (CQC) inspect and provide ratings for individual pharmacies.
Find A Local Pharmacy – An online tool from the NHS that allows you to locate pharmacies near you.
Guide by Hambridge
Edited by Billing