My Personal Data Was Sent To The Wrong Person – How Much Compensation?

Has your personal data been sent to the wrong person? Has this caused you emotional stress or even financial losses? If so, you may be able to make a data breach compensation claim.

Key Points On Personal Data Sent To The Wrong Person

  • Personal data is the information which could be used to identify an individual such as, name, address,  and national insurance number.
  • You could be awarded compensation for your material damage, non-material damage or both.
  • Organisations must adhere to data protection laws when processing the personal data of UK residents.
  • You could make your data compensation breach claim with a No Win No Fee solicitor from our panel.

To discuss your particular circumstances and receive free advice today, you can contact one of our friendly advisors:

Personal data was sent to wrong person which led to data breach.

Browse Our Guide Or Jump To A Section

  1. What Constitutes A Data Breach?
  2. Can You Claim Compensation For Personal Information Sent To The Wrong Person?
  3. How Much Compensation You Can Claim For A Data Breach.
  4. Understanding UK GDPR.
  5. Legal Implications Of Data Breaches In The UK.
  6. How To File A Data Breach Claim.
  7. More Information On Personal Data Breaches

What Constitutes A Data Breach?

A personal data breach as any security incident which impacts the integrity, availability and confidentiality of personal data. This could be accidental or deliberate.

Personal data is the information which could be utilised to identify an individual. This also includes information which could be used for identification in conjunction with other information. Some examples are:

  • Name
  • Address
  • Email address (unless it’s an organisational email address)
  • National Insurance Number

Any organisation that processes your personal data must adhere to the regulations and rules set out within the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). These sit together as data protection law.

If an organisation fails to adhere to these laws, this could lead to a breach.

Was your personal data sent to the wrong person via a misdirected fax? Contact our advisory team today to see how we could help you.

Can You Claim Compensation For Personal Information Sent To The Wrong Person?

If your personal data was sent to the wrong person via email or the wrong postal address, for example, you may be able to make a claim.

However, in order to have a valid claim, you will need to prove the following:

  • An organisation failed to adhere to the rules and obligations set out in data protection law.
  • This lead to your personal data being breached.
  • This then caused you to suffer financial losses, mental harm or both.

For example, due to human error, your GP surgery sends a letter containing your personal data regarding your medical records to another patient with a similar name to yours, due to not double checking. This causes you to suffer from anxiety and have to pay for therapy.

To see whether you could be eligible to make a personal data breach claim, you can contact our advisors.

How Much Compensation You Can Claim For A Data Breach

Your data breach compensation could compensate you for two types of damage:

  • Non-Material Damage: This is the mental harm you have suffered, such as depression, stress or post-traumatic stress disorder.
  • Material Damage: This is the financial harm you have suffered.

Those responsible for calculating your compensation for your mental harm may refer to the guideline compensation brackets for psychological injuries listed within the Judicial College Guidelines (JCG).

We have listed these compensation guidelines from the JCG for psychological injuries within the table below. Please note that the first entry has not been taken from the JCG.

InjuryCompensation Guidelines
Extreme Psychological Harm and Financial LossesUp to £500,000+
Severe Psychiatric Damage£66,920 to £141,240
Moderately Severe Psychiatric Damage£23,270 to £66,920
Moderate Psychiatric Damage£7,150 to £23,270
Less Severe Psychiatric Damage£1,880 to £7,150
Severe PTSD£73,050 to £122,850
Moderately Severe PTSD£28,250 to £73,050
Moderate PTSD£9,980 to £28,250
Less Severe PTSD£4,820 to £9,980

Some examples of material damage you could be compensated for include:

  • Cost of relocation if you feared for your safety after the data breach of your home address.
  • The expenses you incurred to attend therapy and counselling sessions, including the cost of travelling for your sessions and medications.
  • Loss of earnings due to any time taken off by you for recovery or safety.
  • The expenses incurred to install security equipment in your house for safety purposes.

To see whether you could claim compensation after your personal data was sent to the wrong person, you can contact our advsiors.

Possible compensation amount for data breach if personal data sent to wrong person

Understanding UK GDPR

The UK GDPR aims to protect individuals’ rights and freedoms and regulates how organisations can collect, share and use personal data.

Article 5 of the UK GDPR sets out some regulations that organisations must adhere to, such as:

  • Data processing should be conducted lawfully, transparently and fairly.
  • The data should be collected for a clear, specified and legitimate purpose.
  • Data minimisation should be conducted. This means that the data collected should be limited to the amount which is adequate for the purpose.
  • Any data being held of processed should be accurate and up-to-date. Any data that is not should be decreased or rectified without delay.
  • Data should not be held for longer than is necessary.

The Role Of The ICO

The Information Commissioner’s Office (ICO) is an independent body which enforces data protection law. They have the power to investigate data breach reports and to impose fines on organisations for data breaches.

You can also make a complaint to the ICO regarding a data breach.

Wondering if you can sue a company for data breach after they sent your personal data to the wrong person? Contact our advisors today for free advice.

Legal Implications Of Data Breaches In The UK

If an organisation fails to adhere to data protection laws, and this leads to a data breach that affects an individual’s rights and freedoms, they could be issued a penalty from the ICO.

Any penalty issued by the ICO is intended to be effective, dissuasive, proportionate and will be decided on a case-by-case basis.

There is a higher maximum and standard maximum that could be issued:

  • Higher maximum: £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year (whichever is higher).
  • Standard maximum: £8.7 million or 2% of the total annual worldwide turnover in the preceding financial year (whichever is higher).

Preventing Future Data Breaches: What Organisations Must Do

There are various steps that organisations can take to help prevent data breaches from occurring, such as:

  • Ensure all staff are up to date with data protection training.
  • Regularly updating cyber security systems and backing up digitally stored data.
  • Ensuring all physical data is stored and locked away correctly.
  • Keeping only the required data and destroying it promptly after use.

To see whether you may have a valid claim after your personal data was sent to the wrong person, you can contact our advisors.

How To File A Data Breach Claim

There are various steps that you can take to help support your when making a personal data breach claim.

Firstly, if you have discovered the breach yourself, you should report it to the organisation responsible and in the report ask them to clarify what data was affected, how it happened and what they are doing to prevent a similar breach from occurring again. Keep hold of any correspondence to use as evidence in your claim.

Alternatively, if you have been informed of the breach via a notification letter, you should keep hold of this as evidence.

If the ICO investigated the breach, their findings could also be used as evidence.

Proving Damages From Personal Data Mishandling

In addition to providing your personal data was breached, you also need to prove what harm you have suffered.

For your non-material damage, this could include:

  • Medical records.
  • Psychological assessments.
  • Diagnosis letter from a psychologist.

For your material damage, this could include:

  • Payslips proving a loss of earnings.
  • Invoices.
  • Bank statements.

How Long Do You Have To Make A GDPR Claim In The UK?

You must also ensure your claim is started within the time limit. This is generally up to 6 years.

Finding A Solicitor For GDPR Breach Compensation Claims

If your personal data was sent to the wrong person, it’s recommended that you hire a solicitor to make a data breach claim. Our panel of solicitors have years of experience working on various types of data breach claims. Some of the things they could help you with include:

  • Gathering evidence.
  • Submitting your claim in the time limit.
  • Negotiating your compensation settlement.

Furthermore, by offering you a Conditional Fee Agreement (CFA) they can work on your claim on a No Win No Fee basis. This means:

  • You will not pay them anything upfront for them to begin working on your claim.
  • There is nothing to pay for their services as the claim progresses.
  • You will not pay them for their completed work should the claim fail.
  • You will pay a success fee to them if they win your claim. This fee will be taken from your compensation as a percentage that is limited by the law.

To see whether a solicitor on our panel could help you, contact our advisors today:

Solicitor and client discussing making a No Win No Fee data claim for personal data sent to wrong person

More Information On Personal Data Breaches

More data breach claims guides by us:

Here are some external links to help you:

Thank you for reading this guide on whether you could claim if your personal data was sent to the wrong person.