My Criminal Convictions Were Exposed In A Data Breach – Can I Claim Compensation?
By Stephen Hudson. Last Updated 24th June 2024. This guide will provide information on seeking compensation following a criminal conviction data breach. To be eligible to make a valid data breach claim the onus will be on you to prove how there was a failure to keep this type of information safe and why it led to psychological and/ or financial damage.
If this has happened to you, you may be considering making a claim for the harm you experienced. We will explore the process of doing so, including the evidence you may need to gather to support your claim.
This guide will also provide examples of personal data breaches to help you understand whether you’re eligible to claim.
We’ve also included information on what your data breach compensation payout may comprise.
If you have any questions, please get in touch with our team. An advisor can provide further clarification on anything of which you’re unsure after reading. Get in touch by:
- Using our online claim form
- Calling a specialist for free claims advice on 0800 073 8804
- Asking an online advisor for support via the live chat function below.
Select A Section
- What Is A Criminal Conviction Data Breach?
- Who Could Hold Or Access Criminal Conviction Data?
- How To Report A Breach Of Your Criminal Record
- How To Claim For A Criminal Conviction Data Breach
- How Is Data Breach Compensation Calculated?
- Start A Claim For Your Criminal Convictions Data Breach
What Is A Criminal Conviction Data Breach?
The Information Commissioner’s Office is the UK’s independent authority that gives advice and guidance to organisations that decide why and how personal data is collected (data controllers) on handling personal data. They are the governing body for data protection laws and information privacy and can fine data controllers when they fail to adhere to applicable laws.
The ICO defines a personal data breach as a security incident that means your personal data is lost, altered, disclosed, destroyed, or accessed without authorisation in an accidental or unlawful way. These actions can be deliberate, especially when it comes to cybercriminals accessing personal data.
For instance, if someone receives a criminal conviction, they will have this put on their criminal record. An organisation, such as a school, could request a standard Disclosure and Barring Service (DBS) to check which shows spent and unspent convictions.
However, the school should ensure this information is kept safe and isn’t subject to a breach. Given its sensitive nature, if this information is breached, the impact could be detrimental to someone’s psychological wellbeing as well as their financial position.
Who Could Hold Or Access Criminal Conviction Data?
The UK General Data Protection Regulation (UK GDPR) provides extra protection for personal data that relates to criminal convictions and offences, as well as related security measures.
The ICO refers to this data as criminal offence data. It covers any personal data which is linked to an individual’s criminal convictions.
There are various organisations that could hold this type of personal data, including:
- The police: Criminal convictions are kept by police in two main systems; firstly, the Police National Computer (PNC) and, secondly, the Police National Database (PND).
- Employers: Employers can check your criminal convictions using a DBS check.
Additionally, in order to check your DBS certificate, an employer would need to verify your identity and obtain your written or verbal consent.
If you’d like to find out whether an organisation holds specific personal data about you, you can make a request. We have explored the process of doing so in the section below.
How To Access Your Criminal Records Data
Under Section 45 of the Data Protection Act 2018, it is within your right to ask for the information held about you from a data controller. This process is referred to as a Subject Access Request (SAR).
If you want to access information that the police hold about you the ICO recommends making your request to your local police. However, for information held on the PNC, you would need to make your request to ACRO Criminal Records Office.
When making your request, you should ensure that the details of the information you need are clearly outlined. Furthermore, the request should be made directly to the organisation that holds the information.
However, it’s important to note, that there are some exemptions that allow data controllers to withhold information in certain circumstances.
How To Report A Breach Of Your Criminal Record
To report a personal data breach, the ICO recommends taking the following steps:
- Contact the organisation: You should contact the organisation responsible for a data breach of your criminal convictions. If you receive no response or are not satisfied with the response, you could make a report to the ICO directly.
- Report the incident to the ICO: When you make a complaint to the ICO, they may decide to conduct an independent investigation of the breach. If they do, their findings could be used as evidence if you have a valid claim.
For more information on the steps you could take following a criminal convictions data breach, get in touch on the number above.
How To Claim For A Criminal Conviction Data Breach
A criminal conviction data breach could have impacted you in several ways. In light of this, you may consider making a claim for compensation. However, in order to hold a valid personal data breach claim, you must be able to prove liability. You will need to illustrate who you think is liable for the breach. If a data controller did all they could to protect your personal information a claim is less likely.
We’ve included some tips on making a claim in the list below:
- Gather evidence: This could include any communication you have had with the organisation about the incident. Also, you could provide evidence of financial damage such as bank statements. Or medical records for proving your ill health.
- Seek legal advice: An experienced data breach solicitor could help you obtain the evidence needed to support your claim. Additionally, they could provide guidance on the steps involved in seeking compensation.
Additionally, you should also be aware of the time limit for putting forward a claim following a data breach. Generally, this is six years or one year if claiming against a public body.
For any additional information on the time limit or the evidence, you could gather, contact our team of advisors now.
How Is Data Breach Compensation Calculated?
If you have grounds to make a criminal records data breach claim, you may have questions about how much compensation you could claim if your claim is successful.
Compensation for a data protection breach may cover two types of damage – material and non-material. Material damage is any financial loss you have incurred because of the breach.
Due to a case heard at the Court of Appeal in 2015, Vidal-Hall and others v Google Inc, you can claim compensation for psychiatric harm (non-material damage) without also having experienced any financial damage. For instance, if you have suffered stress due to a data breach or post-traumatic stress disorder, then you may be eligible to claim for such psychological injuries.
To provide some indication of what could be offered for non-material damages, you can view the compensation brackets in the table below which are based on the Judicial College Guidelines (JCG).
The JCG is used by legal professionals to help value injuries for claims. However, these brackets should only be viewed as a rough guide to potential payouts. The actual settlement you may receive will depend on the factors that are unique to your specific case.
For more information on what your claim may comprise, discuss your case with a member of our team today. They can provide a free valuation of your claim and give an estimate of what your claim might be worth.
Start A Claim For Your Criminal Convictions Data Breach
A No Win No Fee agreement offers a way to receive legal representation following a criminal convictions data breach without paying a solicitor upfront for their services.
Solicitors who offer these services also don’t require ongoing costs while your claim proceeds and, you only pay a legally capped success fee from your compensation if you are successful in your claim. You won’t need to pay the fee to your solicitor if your claim is unsuccessful.
Our No Win No Fee solicitors can represent your claim if it’s found your case is strong enough to pursue. Get in touch with our advisors and they can assess whether one of our solicitors could take your case. You can reach them by:
- Calling 0800 073 8804 to speak with a specialist.
- Asking our online advisors for advice via live chat.
- Filling out our online claim form with your query.
Data Breach Claim Resources
Here are some additional resources you may find useful following a personal data breach.
- Criminal record checks when you apply for a role – Find out more about who can check your criminal record in this government guide.
- Subject Access Request – Learn more about making a SAR
- Action the ICO has taken – Find out more about the action the ICO has taken against organisations.
Please see below for some more of our other guides that you may find helpful.
- Lost and Stolen Devices Data Breach Claims — A guide on making lost and stolen device data breach claims.
- Employer Personal Data Breach Compensation Claims – Learn more about how an employer could have breached your personal data in our guide.
If you have any more questions about a criminal convictions data breach, get in touch now. Our advisors can provide further clarification on anything of which you’re still unsure after reading.