Wrong Email Address Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Wrong Email Address Data Breach Claims

By Danielle Jordan. Last Updated 3rd February 2023. In this guide, we are going to focus on wrong email address data breach claims. Emails are widely used to share information with others. They are popular because they are cheaper and faster than sending letters in the post.

Wrong email address data breach claims guide

Wrong email address data breach claims guide

A data controller is a person or organisation that processes the personal data of others. Many companies and organisations along with public bodies are considered data controllers. If an email is sent by a data controller containing personally identifiable information, the rules of the UK General Data Protection Regulation (UK GDPR) will apply. Data protection laws are policed by the Information Commissioner’s Office (ICO). While the ICO has powers to fine organisations that breach data privacy, they can’t award compensation. Therefore, we’ll explain how to take legal action yourself.

Email Address Data Protection Breaches

If you have suffered because of a wrong email data breach, we could help. To start, we’ll review your case and provide free legal advice on a no-obligation basis. Then, if your claim is suitable, we could appoint one of our data breach solicitors to it. Importantly, any claim they take on will be processed on a No Win No Fee basis.

If you’d like to talk to us right away about claiming, you can reach us on 0800 073 8804. If you’d rather know more about your options before calling, please continue reading.

Select A Section

A Guide To Wrong Email Address Data Breach Claims

According to new data protection laws like the Data Protection Act 2018 which runs alongside UK GDPR, organisations (or data controllers) that process personal data such as contact details need to ensure this is kept secure and safe.

A breach of GDPR could take place if an email intended for one person is sent to the wrong recipient and contains personal information. That’s because if that email contains personally identifiable information, it could cause problems for the intended recipient. In such cases, they may have grounds to start a wrong email address data breach claim.

To be eligible to do so, they would need to show how they have suffered because of the breach. For example, if an email from your employer about disciplinary action against you was sent to a colleague by mistake, it could cause a lot of stress and embarrassment, especially if the information was shared around your office.

If you do decide to claim, you’ll need to be aware of the time limits. Generally, you’ll have 6-years to begin your claim. However, in some instances, time limits can be as little as one year so you may wish to check with us before taking action.

Once you have completed this article, please call if you’d like to begin a claim or if you have any questions.

Rates Of Data Breaches

You might not think that sending emails to the wrong address is all that common. However, recent data from the ICO shows that there were 405 reports of such breaches in the first financial quarter of 2021. To see where these breaches occurred, take a look at the graph below:

Wrong email address data breach statistics

Wrong email address data breach statistics

Is An Email Address Personal Data?

You might wonder, ‘is an email address personal data?’. Under the UK GDPR, an email address is considered information that could be used to personally identify someone. Therefore, if someone sent an email to the wrong person, this could be classed as a data protection breach. Additionally, sharing an email address without proper authorisation may be a breach of the UK GDPR.

However, some email addresses are not protected by UK GDPR. For example, an email address that does not feature someone’s name, or an email address that contains @info or @admin, would not be considered personal data.

Following a data protection breach, you could potentially claim if you suffered financially or psychologically as a result. Get in touch for free legal advice if you have been affected by an email data breach. Our advisors are available to help 24/7.

Is Sending An Email To The Wrong Address A Data Breach?

A common type of data breach is when an email that consists of your personally identifiable information is sent to the wrong recipient.

Importantly, if the data controller encrypts any personal information in the email before sending it, then a compensation claim might not be possible. Only where personal data can be read by the recipient would mean a data breach has occurred.

However, encryption is only possible within the body of the email. The TO, FROM, SUBJECT and DATE fields cannot be obfuscated. Therefore, if these fields could identify you and what the email was about, a data breach may have occurred.

As you can see, whether you are eligible to claim can be confusing. Therefore, why not call our team today for a free case review?

Types Of Wrong Email Address Data Breach Claims

To help clarify how email address data breaches could happen, we are going to supply some examples in this section. If you cannot see a case similar to yours, don’t worry – you could still be entitled to claim compensation. Call our team if you’re unsure and they’ll review your options with you.

Emailing the wrong person

As we have shown already, this is one of the most common causes of email data breaches. Where the email contains personally identifiable information, a data breach is likely to have occurred. If you have suffered embarrassment, distress or suffered financially because of the email, call our team today.

Sending service emails as marketing emails

As part of the UK GDPR, generally, when you supply personal information to a data controller, you are able to limit how they use it. That means you can ask not to receive marketing emails. In a recent case, the ICO has fined a large credit card company £90,000 for sending over 4 million marketing emails, which the company described as servicing emails, to customers who’d opted out.

Opening web links/attachments

Phishing emails aim to get you to provide security credentials so that criminals can access your online accounts. If a company is targeted by a phishing scam, it could make its customer databases vulnerable. As such, criminals could potentially log in to them and access any personal data.

Failing to get consent to use an email address

As part of the UK GDPR, data controllers usually need to ask for your permission before using personal data such as your email address (there may be other lawful reasons to do so without your consent). If your email is stored without a lawful basis the organisation could be investigated by the ICO.

If you believe you have grounds to seek damages, why not give our team a call for advice on your options?

How Can Email Data Breaches Be Prevented?

As we have explained, data breach claims are only possible if the organisation responsible for the breach allowed it to happen through their own actions (or lack of action). Therefore, it would be prudent to take steps to prevent wrong email address data breach incidents before they occur.

Steps that could be taken include:

  • Ensuring there is a strong data security policy within the organisation. Furthermore, ensuring all staff are trained regularly on how to comply with it.
  • Limiting access to personal data to those who need to access it. This means that where an employee doesn’t need to access information about customers for their role, restrict their security credentials.
  • As part of the UK GDPR, personal data is not allowed to be stored for longer than it is required. Therefore, organisations should have retention policies in place so that old email addresses that are no longer required are deleted promptly.
  • Empower staff to ask questions if they are not sure about how to fulfil a task compliantly. Making staff feel easy about talking to managers or senior figures within an organisation can reduce panic or stress when processing personal data.

Can You Sue For A UK GDPR Breach?

When a data breach occurs, you do automatically become eligible for compensation. Instead, you will need to show that:

  • Your personal data was breached.
  • The incident occurred because of a company’s data security failings
  • As a result of the data breach, you lost out financially and/or you suffered distress.

As an example, an HIV clinic in London sent a bulk email to a group. The clinic failed to use the BCC field. 730 out of 781 emails sent meant full names were disclosed. Due to the nature of the clinic’s work, this could cause some stress and mental health issues.

(source: https://www.wired.co.uk/article/56-dean-street-fine-data-protection-hiv)

How Are Material And Non-Material Damages Different?

The UK GDPR allows for two types of compensation to be claimed. They are:

  • Material damages. This is compensation that covers any monetary losses. It could include expenses you’ve incurred or money stolen by criminals.
  • Non-material damages. Compensation to cover any distress caused by the data breach. We’ll provide some compensation guidelines for this element in the next section.

While it would be nice if you could just ask the defendant for a set amount of compensation, the process isn’t as easy as that. Every part of your claim must be justified and backed by evidence.

When claiming for material damages in a data breach claim, you could claim for any money that’s been taken from your account. For non-material damages, you could ask to be compensated for any diagnosed illnesses that were caused by the breach.

However, it’s important that you don’t stop there. As you can only make one claim, you must think about any future suffering too. During your claim, you may be asked to have a medical assessment. An independent medical specialist can provide a prognosis. If their report says that you’re likely to suffer from anxiety for the next 2-years, for example, then this suffering should be claimed for too.

Our solicitors have the experience and skills to try and ensure that all aspects of your suffering are considered before your claim is filed. If you’d like to know how we could help with your claim, please call today.

Wrong Email Address Data Breach Claims Calculator

In this section, we want to show you how much data breach compensation could be paid for any psychological injuries (non-material damages). Before we do, let’s take a look at some recent court cases for guidance:

  • In the case of Vidal-Hall and others v Google Inc [2015], the court stated that compensation can be considered for psychological injuries caused by a data breach. Furthermore, the court ruled that claims are possible where no money was lost in the data breach. This was a change from previous cases.
  • In the case of Gulati & Others v MGN Limited [2015], the court stated that any compensation paid for psychological injuries should be paid at the same level as in personal injury claims.

table id=4499 /]

Our compensation table is based on data from the Judicial College Guideline as this is used when settling personal injury claims. If you have any questions about how much compensation you might receive, please call today.

Email Sent To Wrong Address – Can I Claim With A No Win No Fee Lawyer?

Now that we’ve answered your question, “is an email address personal information”, you may want to know more about claiming for a data breach. As we stated already, you could be eligible for compensation if your personal information was sent to the wrong email and you suffered harm, such as financial losses or post traumatic stress disorder (PTSD) or other mental health conditions as a result.

You may wish to have the support of a lawyer that specialises in data protection breaches for the claiming process. A data breach lawyer may offer to represent your claim under a type of No Win No Fee arrangement known as a Conditional Fee Agreement (CFA).

Under a CFA, your lawyer generally will not charge upfront for their services. They typically won’t ask for you to cover ongoing fees either. If they succeed in recovering compensation, they will take a success fee from your award. The amount they can take is limited by the law. If your lawyer fails to recover compensation, they usually won’t ask you to pay for their services.

If you suffered harm because an email was sent to the wrong address, call our advisors. The advice they offer is completely free. Additionally, if your personal data was sent to the wrong email address, they can assess your claim’s feasibility. If it seems like your claim could reasonably recover compensation, they can put you in touch with our solicitors.

To speak to an advisor:

Get In Touch

Thank you for reading our article on wrong email address data breach claims. If you would like us to help you take legal action, there are several ways to contact us. You can:

We operate our claims line 24-hours a day, 7-days a week. When you get in touch, we will review your case and explain your options for free. If you have a valid data breach claim, we could appoint a No Win No Fee solicitor from our team.

Learn More About Wrong Email Address Data Breach Claims

In this section, we have supplied some further resources that might help if you do decide to make a claim. Additionally, we’ve added a few more of our data breach guides as well.

The Data Protection Act 2018 – Another law that gives individuals rights about how their personal information is processed.

Email Marketing – ICO guidance on the rules around using emails to send marketing information.

Anxiety – Support and advice from the NHS on how to cope with anxiety.

Lost Personal Data – This guide explains your rights if an organisation loses your personal information.

Employer Data Breaches – Information on how to claim if you’re harmed because of a data breach by your employer.

Reporting Data Breaches – A review of when and how you should report a data breach.

FAQs On Wrong Email Address Data Breaches

To help you further, we have answered some questions that might help with wrong email data breach claims.

What happens if you accidentally breached GDPR?

Where a company spots a reportable data breach, it needs to inform the ICO without undue delay. This goes for incidents caused deliberately, illegally or accidentally. They must explain what has happened, who has been affected and what steps have been taken to rectify the situation.

Can I get compensation for a data breach?

Data breaches on their own don’t entitle you to seek compensation. However, under the rules of the UK GDPR, you could claim for any distress (non-material damages) caused by a breach and financial harm (material damages).  To be eligible to claim, the organisation involved in the breach must have allowed it to happen through its actions or inactions.

Are personal email addresses covered by the UK GDPR?

The UK GDPR covers any personally identifiable information. As such, an email address could be included within its scope. For example, if your email address is john.smith@company.com, it would be easy for others to identify you from it.

What happens if you send your personal information to the wrong email?

If you send an email to the wrong person and it contains your personal information, it could result in some embarrassment and anxiety. If you have done so, you should try to recall the message if your email has the ability to do so. You may also want to contact the recipient and ask them to delete the message and apologise for your mistake.

Other Useful Guides

Thank you for reading our guide on wrong email address data breach claims. For more information on your options, please speak with an advisor.

Written By Hambridge

Edited By Melissa.

    Contact Us

    Fill in your details below for a free callback

    Trustpilot

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts

    Our Top Legal Guides