Wrong Email Address Data Breach Claims
In this guide, we are going to focus on wrong email address data breach claims. Emails are widely used to share information with others. They are popular because they are cheaper and faster than sending letters in the post.
A data controller is a person or organisation that processes the personal data of others. Many companies and organisations along with public bodies are considered data controllers. If an email is sent by a data controller containing personally identifiable information, the rules of the UK General Data Protection Regulation (UK GDPR) will apply. Data protection laws are policed by the Information Commissioner’s Office (ICO). While the ICO has powers to fine organisations that breach data privacy, they can’t award compensation. Therefore, we’ll explain how to take legal action yourself.
Email Address Data Protection Breaches
If you have suffered because of a wrong email data breach, we could help. To start, we’ll review your case and provide free legal advice on a no-obligation basis. Then, if your claim is suitable, we could appoint one of our data breach solicitors to it. Importantly, any claim they take on will be processed on a No Win No Fee basis.
If you’d like to talk to us right away about claiming, you can reach us on 0800 073 8804. If you’d rather know more about your options before calling, please continue reading.
Select A Section
- A Guide To Wrong Email Address Data Breach Claims
- Rates Of Data Breaches
- What Is A Wrong Email Address Data Breach?
- Is Sending An Email To The Wrong Address A Data Breach?
- Types Of Wrong Email Address Data Breach Claims
- What Factors Could Cause Wrong Email Address Data Breaches
- How Can Email Data Breaches Be Prevented?
- Can You Sue For A UK GDPR Breach?
- How Are Material And Non-Material Damages Different?
- Wrong Email Address Data Breach Claims Calculator
- No Win No Fee Wrong Email Address Data Breach Claims
- Get In Touch
- Learn More About Wrong Email Address Data Breach Claims
- FAQs On Wrong Email Address Data Breaches
A Guide To Wrong Email Address Data Breach Claims
According to new data protection laws like the Data Protection Act 2018 which runs alongside UK GDPR, organisations (or data controllers) that process personal data such as contact details need to ensure this is kept secure and safe.
A breach of GDPR could take place if an email intended for one person is sent to the wrong recipient and contains personal information. That’s because if that email contains personally identifiable information, it could cause problems for the intended recipient. In such cases, they may have grounds to start a wrong email address data breach claim.
To be eligible to do so, they would need to show how they have suffered because of the breach. For example, if an email from your employer about disciplinary action against you was sent to a colleague by mistake, it could cause a lot of stress and embarrassment, especially if the information was shared around your office.
If you do decide to claim, you’ll need to be aware of the time limits. Generally, you’ll have 6-years to begin your claim. However, in some instances, time limits can be as little as one year so you may wish to check with us before taking action.
Rates Of Data Breaches
You might not think that sending emails to the wrong address is all that common. However, recent data from the ICO shows that there were 405 reports of such breaches in the first financial quarter of 2021. To see where these breaches occurred, take a look at the graph below:
What Is A Wrong Email Address Data Breach?
Wrong email address data breaches occur when an accidental, deliberate or illegal action result in personally identifiable information being emailed to the incorrect recipient. If a data subject suffers as a result of the data breach, they could be entitled to claim compensation for any distress and negative financial consequences. It may be that they have to prove liability in the first instance.
Is Sending An Email To The Wrong Address A Data Breach?
A common type of data breach is when an email that consists of your personally identifiable information is sent to the wrong recipient.
Importantly, if the data controller encrypts any personal information in the email before sending it, then a compensation claim might not be possible. Only where personal data can be read by the recipient would mean a data breach has occurred.
However, encryption is only possible within the body of the email. The TO, FROM, SUBJECT and DATE fields cannot be obfuscated. Therefore, if these fields could identify you and what the email was about, a data breach may have occurred.
Types Of Wrong Email Address Data Breach Claims
To help clarify how email address data breaches could happen, we are going to supply some examples in this section. If you cannot see a case similar to yours, don’t worry – you could still be entitled to claim compensation. Call our team if you’re unsure and they’ll review your options with you.
Emailing the wrong person
As we have shown already, this is one of the most common causes of email data breaches. Where the email contains personally identifiable information, a data breach is likely to have occurred. If you have suffered embarrassment, distress or suffered financially because of the email, call our team today.
Sending service emails as marketing emails
As part of the UK GDPR, generally, when you supply personal information to a data controller, you are able to limit how they use it. That means you can ask not to receive marketing emails. In a recent case, the ICO has fined a large credit card company £90,000 for sending over 4 million marketing emails, which the company described as servicing emails, to customers who’d opted out.
Opening web links/attachments
Phishing emails aim to get you to provide security credentials so that criminals can access your online accounts. If a company is targeted by a phishing scam, it could make its customer databases vulnerable. As such, criminals could potentially log in to them and access any personal data.
Failing to get consent to use an email address
As part of the UK GDPR, data controllers usually need to ask for your permission before using personal data such as your email address (there may be other lawful reasons to do so without your consent). If your email is stored without a lawful basis the organisation could be investigated by the ICO.
What Factors Could Cause Wrong Email Address Data Breaches
When processing personal information, organisations need to plan properly to try and keep it secure. By doing so, they could reduce the chance of data breaches occurring. In this section, we’ll look at some factors that should be considered. They include:
- Work Environment.
The way in which an office is set up and works could help prevent data breaches involving email addresses. For example, there should be good IT systems in place to allow for personal information to be shared safely where needed.
- Opportunity for mistakes.
It might seem obvious to say but human errors can only happen if there is the opportunity for them to do so. Therefore, a good way of preventing wrong email address data breach incidents is to limit who has access to the customer database. If an untrained member of staff can’t access personal information, then they can’t cause data breaches.
- Training / Lack of awareness.
Many data breaches occur simply because a member of staff is not aware of what their role is or what they are allowed to do. By training staff properly in data protection methods, many accidental data breaches might be avoided.
How Can Email Data Breaches Be Prevented?
As we have explained, data breach claims are only possible if the organisation responsible for the breach allowed it to happen through their own actions (or lack of action). Therefore, it would be prudent to take steps to prevent wrong email address data breach incidents before they occur.
Steps that could be taken include:
- Ensuring there is a strong data security policy within the organisation. Furthermore, ensuring all staff are trained regularly on how to comply with it.
- Limiting access to personal data to those who need to access it. This means that where an employee doesn’t need to access information about customers for their role, restrict their security credentials.
- As part of the UK GDPR, personal data is not allowed to be stored for longer than it is required. Therefore, organisations should have retention policies in place so that old email addresses that are no longer required are deleted promptly.
- Empower staff to ask questions if they are not sure about how to fulfil a task compliantly. Making staff feel easy about talking to managers or senior figures within an organisation can reduce panic or stress when processing personal data.
Can You Sue For A UK GDPR Breach?
When a data breach occurs, you do automatically become eligible for compensation. Instead, you will need to show that:
- Your personal data was breached.
- The incident occurred because of a company’s data security failings
- As a result of the data breach, you lost out financially and/or you suffered distress.
As an example, an HIV clinic in London sent a bulk email to a group. The clinic failed to use the BCC field. 730 out of 781 emails sent meant full names were disclosed. Due to the nature of the clinic’s work, this could cause some stress and mental health issues.
How Are Material And Non-Material Damages Different?
The UK GDPR allows for two types of compensation to be claimed. They are:
- Material damages. This is compensation that covers any monetary losses. It could include expenses you’ve incurred or money stolen by criminals.
- Non-material damages. Compensation to cover any distress caused by the data breach. We’ll provide some compensation guidelines for this element in the next section.
While it would be nice if you could just ask the defendant for a set amount of compensation, the process isn’t as easy as that. Every part of your claim must be justified and backed by evidence.
When claiming for material damages in a data breach claim, you could claim for any money that’s been taken from your account. For non-material damages, you could ask to be compensated for any diagnosed illnesses that were caused by the breach.
However, it’s important that you don’t stop there. As you can only make one claim, you must think about any future suffering too. During your claim, you may be asked to have a medical assessment. An independent medical specialist can provide a prognosis. If their report says that you’re likely to suffer from anxiety for the next 2-years, for example, then this suffering should be claimed for too.
Our solicitors have the experience and skills to try and ensure that all aspects of your suffering are considered before your claim is filed. If you’d like to know how we could help with your claim, please call today.
Wrong Email Address Data Breach Claims Calculator
In this section, we want to show you how much data breach compensation could be paid for any psychological injuries (non-material damages). Before we do, let’s take a look at some recent court cases for guidance:
- In the case of Vidal-Hall and others v Google Inc , the court stated that compensation can be considered for psychological injuries caused by a data breach. Furthermore, the court ruled that claims are possible where no money was lost in the data breach. This was a change from previous cases.
- In the case of Gulati & Others v MGN Limited , the court stated that any compensation paid for psychological injuries should be paid at the same level as in personal injury claims.
|Type of Injury||Severity Level||Compensation (range)||Additional Details|
|Psychiatric Injuries||The main consideration used in assessing psychiatric harm are 1) Ability to cope (life, work, education); 2) Relationship problems; 3) Future vulnerability; 4) Whether treatment will help; 5) Medical prognosis|
|Severe (a)||£51,460 to £108,620||The victim will be given a very poor prognosis because of serious problems in all factors.|
|Moderately Severe (b)||£17,900 to £51,460||The victim will be given a more optimistic prognosis. However, they will still have significant issues with all factors.|
|Post-Traumatic Stress Disorder||Severe (a)||£56,180 to £94,470||Permanent PTSD symptoms that will prevent a return to pre-trauma functioning levels. Also, there will be no chance of working.|
|Moderately Severe (b)||£21,730 to £56,180||Similar symptoms again but the claimant should see a good level of improvement with professional support|
|Moderate (c)||£7,680 to £21,730||In this compensation range, the claimant will have recovered from most symptoms.|
Our compensation table is based on data from the Judicial College Guideline as this is used when settling personal injury claims. If you have any questions about how much compensation you might receive, please call today.
No Win No Fee Wrong Email Address Data Breach Claims
If you work with Legal Expert, they provide a No Win No Fee service for every claim they accept.
Before starting work on your claim, a solicitor will review whether it has a reasonable chance of success. If they decide to work for you, a Conditional Fee Agreement (CFA) will be sent. It will contain details about what needs to be achieved before you pay for your solicitor’s work.
In cases with a positive outcome, you’ll pay a success fee to your solicitor. This is documented in the CFA. It is a fixed percentage of your compensation that will be deducted by your solicitor. So you’re not overcharged, success fees are legally capped.
Should your case fail, you won’t have to pay any of your solicitor’s fees at all. Please call today to check if your case can be processed on a No Win No Fee basis.
Get In Touch
Thank you for reading our article on wrong email address data breach claims. If you would like us to help you take legal action, there are several ways to contact us. You can:
- Call our advice centre on 0800 073 8804 to discuss your case with a specialist.
- Send an email to firstname.lastname@example.org.
- Use live chat to discuss your case online.
- Arrange a call back by completing our enquiry form.
We operate our claims line 24-hours a day, 7-days a week. When you get in touch, we will review your case and explain your options for free. If you have a valid data breach claim, we could appoint a No Win No Fee solicitor from our team.
Learn More About Wrong Email Address Data Breach Claims
In this section, we have supplied some further resources that might help if you do decide to make a claim. Additionally, we’ve added a few more of our data breach guides as well.
The Data Protection Act 2018 – Another law that gives individuals rights about how their personal information is processed.
Email Marketing – ICO guidance on the rules around using emails to send marketing information.
Anxiety – Support and advice from the NHS on how to cope with anxiety.
Lost Personal Data – This guide explains your rights if an organisation loses your personal information.
Employer Data Breaches – Information on how to claim if you’re harmed because of a data breach by your employer.
Reporting Data Breaches – A review of when and how you should report a data breach.
FAQs On Wrong Email Address Data Breaches
To help you further, we have answered some questions that might help with wrong email data breach claims.
What happens if you accidentally breached GDPR?
Where a company spots a reportable data breach, it needs to inform the ICO without undue delay. This goes for incidents caused deliberately, illegally or accidentally. They must explain what has happened, who has been affected and what steps have been taken to rectify the situation.
Can I get compensation for a data breach?
Data breaches on their own don’t entitle you to seek compensation. However, under the rules of the UK GDPR, you could claim for any distress (non-material damages) caused by a breach and financial harm (material damages). To be eligible to claim, the organisation involved in the breach must have allowed it to happen through its actions or inactions.
Are personal email addresses covered by the UK GDPR?
The UK GDPR covers any personally identifiable information. As such, an email address could be included within its scope. For example, if your email address is email@example.com, it would be easy for others to identify you from it.
What happens if you send your personal information to the wrong email?
If you send an email to the wrong person and it contains your personal information, it could result in some embarrassment and anxiety. If you have done so, you should try to recall the message if your email has the ability to do so. You may also want to contact the recipient and ask them to delete the message and apologise for your mistake.
Other Useful Guides
- Loughborough University Data Breach Compensation Claims
- GP Data Breach Compensation Claims
- Comparison Site Data Breach Compensation Claims
- Pharmacy Data Breach Compensation Claims
- Microsoft Data Breach Compensation Claims
- Post Office Data Breach Compensation Claims
- Stalker Data Breach Compensation Claims
- Oxford Brookes University Data Breach Compensation Claims
- Mortgage Company Data Breach Compensation Claim
- Optician Data Breach Compensation Claims
- Loan Company Data Breach Compensation Claims
Thank you for reading our guide on wrong email address data breach claims. For more information on your options, please speak with an advisor.
Written By Hambridge
Edited By Melissa.