Well Pharmacy Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Well Pharmacy Data Breach
I Was Subject To The Well Pharmacy Data Breach, Could I Be Compensated?
This article is going to help you understand when you could make a Well Pharmacy data breach claim. Since the introduction of the General Data Protection Regulation (GDPR), things have changed in regard to how companies manage the personal information they hold on you. The changes were enacted into UK law by The Data Protection Act 2018 which now means if a data breach involving your personal information takes place, you could be able to ask for compensation for any harm that has been caused.
Since the introduction of the new rules, you have a lot more say over who can keep information about you, the purposes that it can be used for and who else it can be shared with. The GDPR also puts an onus on companies like Well Pharmacy to have systems and processes in place to try and ensure data they hold remains safe. In general, that’s how things work and there are no problems, but we’ll review what sorts of mistakes could happen that might lead to personal data about you leaking. We’ll also review the amount of compensation that could be paid following a data breach.
Legal Expert can guide you through the claims process. Our service starts with a no-obligation telephone assessment of your case. Then an advisor will provide you with free advice on your claim options. If they believe there’s a chance your claim might be won, they could connect you with one of our specialist solicitors. If they agree to take your claim on, they’ll represent you on a No Win No Fee basis.
To discuss making a claim for a data breach in a pharmacy today, please call us on 0800 073 8804. Alternatively, please continue reading to find out more.
Select A Section
- A Guide To Data Breach Claims Against Well Pharmacy
- What Is A Well Pharmacy Data Breach?
- How Pharmacies Can Check They Are Complying With The GDPR
- How Pharmacies Could Fail To Protect Your Private Data
- Details Of The Well Pharmacy Data Breach
- What Has To Be Reported To The Information Commissioner?
- What Compensation Could You Be Eligible To For A Data Breach?
- How Much Could Your Data Breach Claim Be Worth?
- No Win No Fee Data Breach Compensation Claims Against Well Pharmacy
- How To Find The Right Data Breach Solicitor
- Talk To A Member Of Our Team
- Where To Find Out More About Medical Claims
A Guide To Data Breach Claims Against Well Pharmacy
When you sign up to a new service, register with a website, make use of NHS services, buy a product online or make use of pharmacy services, you’ll often notice sections relating to the GDPR. While these things can mean signing up takes a little longer, it does mean that the organisation in question is fulfilling their data protection duties. Once you’ve finished filling in forms, and the company has recorded your GDPR preferences, they must only use the data they hold on you in ways that you’ve agreed to.
As we continue through this article, we’re going to look at what can lead to a Well Pharmacy data breach. We’ll look at what could cause a breach to happen, what harm it may cause you and the cases which could lead to a compensation payment being made. Additionally, we’ll let you know about the role of the Information Commissioner’s Office (ICO) regarding data breach investigations and fines.
We should tell you that there is a limitation period associated with data breach claims. It is a 6-year period for standard claims or 1-year if you are lodging a claim for a breach of your human rights. The 6-year period is quite a long time, but we’ll always advise clients to begin their claim as soon as possible. By doing so, you will find it so much easier to remember how you’ve been affected by the data breach than you will years later. Also, if you start your claim sooner rather than later, your solicitor will probably find it much easier to obtain the evidence required to support your claim.
What Is A Well Pharmacy Data Breach?
Data breaches can happen in any number of ways and we’ll provide some examples of how they could happen in a pharmacy later on.
The GDPR defines a personal data breach as a security breach which results in personal information being altered, lost, destroyed, accessed or disclosed in ways that you have not previously authorised. The data breach might involve physical documentation or data stored electronically, and the act which caused it to happen may have been deliberate, unlawful or accidental.
It is a very common assumption that data breaches are the result of computer problems or hackers trying to access thousands of records at a time. However, they’re just as likely to happen due to human mistakes involving paper-based records.
For instance, if a pharmacy were to write to you but send the letter containing personal information about you to the wrong customer, then a data breach has happened. Another scenario might be where documents are simply thrown out in the rubbish and end up in the public domain rather than being securely shredded.
If the pharmacy identifies that a data breach has happened, they need to assess if there’s any risk of harm to the patients involved. If there is, they are obliged to report the incident to the ICO and the patient, informing them when the breach took place, the type of information that was accessed, and what caused the breach to take place.
How Pharmacies Can Check They Are Complying With The GDPR
The GDPR might not be the most interesting read you’ll ever find but it does contain some important information regarding roles relating to data protection. They include:
- The data subject is the individual whose personal information is going to be collected, stored and processed.
- A data controller is a company who needs to define why data is going to processed and how the task will be carried out.
- The data processor is an individual or a company who has the role of processing personal data on behalf of the data controller.
Alongside those roles, the GDPR defines a set of data processing principles:
- Any processing of personal data must have a legitimate reason behind it and the data subject must be aware of it.
- If personal information is to be stored, it must be kept up to date.
- Data processing must be lawful, fair and transparent to the data subject.
- Processing needs to be carried out in a confidential and secure way.
- Only the minimum amount of information required to meet the objectives of the task should be processed.
- The data that is collected must only be stored for the time agreed when it was processed.
- Data controllers need to show full compliance with this set of principles.
How Pharmacies Could Fail To Protect Your Private Data
Now we’re going to look at some real-life scenarios which could result in a data breach by a pharmacy. This list is not comprehensive but here are a few examples:
- When another patient is given your prescription, which means they can identify you and the illness you’re suffering from.
- If the pharmacy’s computers are attacked by viruses, ransomware or malware.
- Where documentation containing personally identifiable information is thrown away rather than being professionally destroyed.
- If a copy of your prescription or a printed copy of your files are left on the shop counter for others to see.
- When your pharmacy records are accessed with no medical reason to do so.
- If a computer is left unlocked allowing non-pharmacy staff to read information about you.
Details Of The Well Pharmacy Data Breach
As we mentioned earlier, the Information Commissioner’s Office is able to investigate data protection breaches and issue fines to companies it finds have broken the rules. In this section, we’re going to look at a case involving Well Pharmacy. The case we’ve chosen shows that personal data breaches don’t just apply to patients or customers, they can also cause problems for members of staff.
In this case, the company were responsible for the names, phone numbers, addresses, email addresses and payroll numbers of 24,000 staff being sent in an email to an undisclosed number of pharmacists. The details listed above were contained in an attachment sent with the email.
As soon as the data breach was identified, steps were taken to try and recall the email but Well Pharmacy still had to refer itself to the ICO and have since launched an internal investigation into what caused the incident to happen.
A safeguarding manager at Well Pharmacy apologised to staff in an email saying that he was, “…truly sorry this has happened.” The email also confirmed that national insurance details, dates of birth and bank details hadn’t been included in the attachment.
It is not clear from this story whether the ICO has taken any action following the breach, but it does have the power to fine companies up to 20 million euros or 4% of its annual turnover.
What Has To Be Reported To The Information Commissioner?
If you are looking to find evidence to support your data breach claim, there are a number of ways you can do so. You could complain directly to the pharmacy that you believe has leaked your personal information or you could contact the ICO and ask them to investigate.
Before you can approach the ICO, you will need to make a formal complaint to the pharmacy first. Once you’ve done so, you should receive a letter containing their findings. If you don’t agree or are unhappy with the response, their letter should provide you with an escalation route that you should follow.
Once you’ve been through their complaints process completely, you can ask the ICO to take a look at what’s happened. Their advice is that you should get in touch around 3-months after your last communication with the pharmacy. Something you should be aware of, though, is that the ICO might turn your complaint away if you’ve left it a long time before approaching them.
Another thing we should tell you is that there is no way in which the ICO can issue you with a compensation payment. That’s the case even if they agree with your complaint and fine the organisation in question. Therefore, the only way you’ll be able to receive compensation is if you make your own legal claim against the pharmacy.
If you decide to work with Legal Expert and your claim is accepted, your solicitor will look at the best method of claiming in your case. For instance, they may decide that a compensation claim can be made directly with the pharmacy so that they can try and settle amicably. If that doesn’t appear to be likely, your solicitor might suggest making a formal ICO compliant to help identify what’s happened.
What Compensation Could You Be Eligible To For A Data Breach?
Now that we’ve shown you why a data breach claim might be made, we’re going to spend the next few sections looking at what can be included in a claim, the potential amount of compensation that you might receive and how No Win No Fee agreements could help make the process a lot less stressful.
Your solicitor will usually split a data breach claim into two parts:
- Material damages claims might be used when you want to claim for financial losses that have resulted from the data breach.
- Non-material damages claims could be made if you have suffered psychological harm because of the data breach.
In fact, there are many different elements that can be claimed for, but we won’t list them all here because we know that every claim is unique, and each claimant is affected differently to the next. That means that your solicitor will need to assess your claim properly before advising what you might be entitled to claim for.
For example, if you’re case is related to psychological harm, your solicitor will need to review medical evidence to show if the anxiety, stress or depression caused by the data breach has affected you in everyday life, work or education. They’ll also assess what impact it has caused on your personal and work relationships.
In claims relating to money, your solicitor will look not only at losses you’ve already sustained but any that might happen in the future. For example, if a cybercriminal accessed your personal records and used them to take out a loan, your credit file might be impacted for many years to come.
How Much Could Your Data Breach Claim Be Worth?
So, now we’re going to consider how much compensation could be paid following a data breach.
It’s important to note that, unlike some claims, you’re able to claim for psychological damage suffered as a result of a data breach even if you’ve not had any financial losses. That rule was set by the Court of Appeal when reviewing the case Vidal-Hall and others v Google Inc . They decided that harm could be claimed for without pecuniary losses and that awards should be paid in line with personal injury law.
To show you how much compensation could be paid for some relevant injuries, we’ve provided the table below. It has figures which have been taken from a document used by solicitors and courts to help decide settlement amounts called the Judicial College Guidelines.
|Type of Injury||Severity||Compensation Bracket||Additional Details|
|Psychiatric Injury||Severe||£51,460 to £108,620||Receiving this award will mean the victim has been given a poor medical prognosis. They will have marked problems with education, work and everyday life and there will be issues surrounding personal relationships. Treatment won't really help and the victim will remain vulnerable in the future.|
|Psychiatric Injury||Moderately Severe||£17,900 to £51,460||The awards made in this bracket will be for victim's who show similar symptoms to above but where their prognosis will be more optimistic.|
|Psychiatric Injury||Moderate||£5,500 to £17,900||Awards made in this bracket will feature similar symptoms to the severe category but there will already have been a good amount of recovery and the victim's prognosis will be good.|
|Psychiatric Injury||Less Severe||Up to £5,500||The awards made in this bracket will be based on how long the disability continued for and how long daily activities and sleep were affected.|
To try and ensure you are compensated fairly, your solicitor will need to provide enough evidence to show the true extent of your suffering. Therefore, as part of the claims process, you will be asked to visit a local medical specialist. During their assessment, the specialist will review any medical notes available to them and ask you questions about how you’ve suffered.
Once the appointment has concluded, a report will be sent to your solicitor with the details of the specialist’s findings. Due to the high importance of these reports, medical assessments are required in all cases.
No Win No Fee Data Breach Compensation Claims Against Well Pharmacy
If you want to make a claim but have concerns about how much a solicitor will charge, you needn’t worry. If you work with Legal Expert, our specialists will provide you with a No Win No Fee service if your claim is accepted. Not only does that remove a lot of the financial risk, but it also makes everything a lot less stressful.
Before agreeing to work on this basis, your solicitor will have to check there’s a reasonable chance of winning the claim. Once they’ve completed their checks, you’ll be provided with a Conditional Fee Agreement or CFA to sign. Within the CFA, you’ll find details of the work the solicitor will carry out for you and it will also make it clear that:
- There are no fees to pay upfront.
- No hidden charges or solicitor’s fees will be requested as the claim continues.
- If the claim is lost, you aren’t liable for any solicitor’s fees at all.
Should the solicitor achieve a positive outcome meaning you receive compensation, they will retain a small percentage to cover their costs. This is detailed in the CFA as a success fee and the exact percentage will be listed so there are no surprises when your settlement is finalised. In addition, we should tell you that success fees are capped by law.
How To Find The Right Data Breach Solicitor
The easiest method of finding a solicitor with the experience and expertise to make your claim for you is to call Legal Expert. Our team has decades of experience representing our clients for all types of claims. If your case is taken on, your solicitor will provide regular updates as the claim progresses and they’ll be available to answer any questions that might arise.
Talk To A Member Of Our Team
If you’re ready to begin or have questions about making a claim, you can:
- Call us for free advice on 0800 073 8804.
- Ask one of our online advisors for support via the live chat feature.
- Email us with a summary of your claim to firstname.lastname@example.org.
- Ask for a call back from a specialist advisor by starting an online claim.
Where To Find Out More About Medical Claims
In this final part of our guide about claiming for a Well Pharmacy data breach, we thought it would be a good idea to provide you with some links and resources which help you further.
NHS Claim Time Limits – Information about how long you have to make different types of claims against the NHS.
Pharmacy Negligence Claims – Details on when you could claim for suffering caused by negligence in a pharmacy.
Shop Accident Claims – Advice on claiming for injuries sustained in an accident in a shop.
Stress, Anxiety & Depression – Information from the NHS about dealing with mental health issues.
Pharmacy Complaints – The official complaints procedure to follow if you have concerns about a pharmacist.
Report A Data Breach – This is the official advice from the ICO on how to complain to them about a data breach.
Guide by Hambridge
Edited by Billing