My Data Privacy Was Breached By Boots Advantage Card, Could I Claim Compensation?
In the past few years, we’ve been given more control over how our personal information is handled by companies because of the General Data Protection Regulation or, as it’s more commonly referred to, GDPR. It became legally binding when it was enacted into British law by The Data Protection Act 2018 which now means if a data breach occurs which causes you harm, you could be allowed to seek compensation. In this guide, we’re going to review when Boots Advantage Card data breach claims might be possible.
The GDPR gives you a lot more control over who holds data about you, what it’s used for and who else can access it than previous laws. Companies like Boots now need to have systems and procedures in place to ensure any personal information is stored securely and kept confidential.
Failure to do so could lead to information about you being leaked and used by individuals or organisations you’ve not permitted. Therefore, we’ll review why a data breach might occur, the harm they can cause and when it might be possible to request compensation for that harm.
Should you decide that you’d like to claim compensation for a data breach, Legal Expert can help you through the claims process. We can cover all aspects of the claim starting with a no-obligation assessment of your claim with free legal advice. Then, if your claim seems viable, it could be passed to one of our specialist solicitors. If they decide to accept your claim, they’ll work for you on a No Win No Fee basis.
To start a claim for a Boots data breach right away, why not contact our specialists on 0800 073 8804 today. Alternatively, you’ll find all the information you’ll need to understand pharmacy data breach claims in the rest of this guide.
Select A Section
- A Guide To Data Protection Breach Claims Against Boots Advantage Card
- What Is A Data Protection Breach Claim Against Boots Advantage Card?
- What Is Required For Businesses To Comply With The GDPR?
- What Was The Cyberattack On Boots Advantage Card Data?
- What Could The ICO Do About A Complaint?
- Could I Be Compensated As The Victim Of A Data Breach?
- Calculating Awards For Data Breach Compensation
- How To Deal With Your Data Breach And Get Legal Help
- No Win No Fee Data Protection Breach Claims Against Boots Advantage Card
- Contact Us And Claim For A Data Breach
- Data Breach Claim Victim Resources
A Guide To Data Protection Breach Claims Against Boots Advantage Card
Organisations who use your personal information in any way need you to grant them permission before they do so. The methods in which they ask varies from company to company. For instance, online companies might use a pop-up box on their website to explain why they use data about you and to ask you to permit them to do so. In shops like pharmacies, you might fill in a form or questionnaire when registering that has several tick boxes so you can outline your data sharing preferences. It is vital that any company who’s obtained your choices relating to data sharing abides by them and doesn’t use your data for other purposes.
In this guide will provide examples of how Boots Advantage Card data breach claims could happen. We’ll look at the harmful effects of data breaches, the different causes and what types of privacy breach could lead to a compensation claim. Additionally, we’ll review the role of the Information Commissioner’s Office (ICO) in issuing fines to companies who have broken data security laws.
The time limit for making a data breach claim is 6-years. If you’re making a claim related to a breach of your human rights, this limitation period is reduced to 1-year. Legal Expert always advises potential claimants to start their claim as soon as they’re able to do so. That’s because you’ll find it so much easier to remember the effects of a data breach at the time you find out than you will 6-years later. Also, your solicitor will appreciate you starting early because it will mean they will have more time to collate evidence to support the claim.
Once you’ve finished reading our guide, please contact a member of our team if you have any queries or to begin your data breach claim.
What Is A Data Protection Breach Claim Against Boots Advantage Card?
Boots Advantage Card data breach claims could be triggered in many different ways, but what is a data breach exactly? The GDPR refers to them as breaches of security which mean that personal data is destroyed, altered, lost, disclosed or accessed in ways that you’ve not previously authorised.
A data breach can involve physical data (printed documentation for instance) or electronic data and the act which caused the privacy breach might have been deliberate or accidental. The ICO could fine a company for data breaches even if they don’t result in any harm.
When discussing breaches of data, it’s fairly common to jump to the assumption that computers are involved in some way. However, human errors are just as likely to be the reason that your data is exposed. We’ll provide examples of this later on but one example might be where documentation containing your personal information is left in public view (on the shop counter perhaps) and another customer sees it.
If the pharmacy finds out about a data breach, and there’s a potential it could cause harm, they need to let the patient and the ICO know what data was leaked, when the breach took place and how it happened.
Legal Expert is able to help with Boots Advantage Card data breach claims provided you have clear evidence of the breach and harm caused. So please contact a member of our team today if you’d like a free assessment of your case.
What Is Required For Businesses To Comply With The GDPR?
As with a lot of legislation, the GDPR is a long piece of documentation that you’ll probably never read in full unless you’re a lawyer! However, there are some key roles defined within it which help understand who’s responsible for your data. They include:
- A data controller – this is the organisation who defines the means and reasons for processing personal data.
- The data processer – this could be a company or individual who conducts data processing for the data controller.
- The data subject – in this scenario, the data subject is the patient. They are the person whose personal information is going to be processed.
In addition, the GDPR includes several principles relating to data processing, including:
- The data subject must be told of a legitimate reason behind why their personal information is going to be processed.
- All personal data needs to be checked and kept up to date.
- The data should be kept only as long as was agreed at the time it was processed.
- Data processing needs to be transparent to the data subject, fair and within the law.
- Data should be processed confidentially and securely (which may include encrypting data).
- The data processor should collect the minimum data required to achieve its objectives.
- Data controllers need to be able to demonstrate that they are in compliance with these data principles.
If you’re considering starting a pharmacy data breach claim, please speak to a member of our team. You’ll receive a no-obligation assessment of your case along with completely free legal advice.
What Was The Cyberattack On Boots Advantage Card Data?
As mentioned earlier, there are quite a few ways a data breach could happen and not all of them are related to computer or network security. Here are just a few examples that could lead to Boots Advantage Card data breach claims:
- When personally identifiable information about you is emailed or posted to another customer by mistake.
- If documentation with personal information about you is dropped or left in an area of the store that customers can access.
- Where a pharmacist or another member of staff looks up your personal details without good reason.
- If the computer network becomes infected with a virus, ransomware or malware and your details are accessed.
- When another customer is given your prescription and it can be used to identify you and what you’re being treated for.
- If a computer screen is left unlocked and non-pharmacy staff can view your personal details.
There has been a data breach within the Boots group as well. It was in relation to their advantage card loyalty scheme. While no financial information was accessed, hackers tried to log in to around 150,000 accounts.
Rather than exploiting the security systems of the Boots computer network, the hackers had stolen user account credentials from other websites and tried to log in to gain access to the advantage card systems.
It’s unclear whether the ICO was informed of the breach but Boots took immediate action and suspended all accounts while they investigate the cause.
Source: https://www.bbc.co.uk/news/technology-51742079
Should you believe your personal information has been leaked by Boots and have suffered harm as a result, get in touch with Legal Expert for free advice on your options.
What Could The ICO Do About A Complaint?
As discussed earlier, the Information Commissioner’s Office has the power to issue fines to companies who breach data protection laws. In one case, a London pharmacy, Doorstep Dispensaree Ltd, was handed a £275,000 fine for keeping confidential records in unlocked containers within a courtyard at the back of its property.
There were around 500,000 documents found in refuse bags, a cardboard box and crates within the containers. The information that was found included the name, medical information, address, date of birth and prescription details of the data subjects including vulnerable and elderly care home patients.
As well as the data breach, the ICO findings suggested that the company’s data protection policies were out of date.
Source: https://www.lexology.com/library/detail.aspx?g=cceef2ed-7d21-4309-a078-cb46846d2115
If you decide that a compensation claim is the route you want to follow after being affected by a data breach, there are a couple of things you’re able to do to help determine what led to the breach. They include:
- Complaining to Boots directly.
- Involving the Information Commissioner’s Office.
When you make a complaint to the company directly, you’ll need to wait for them to respond to you following an internal investigation. If you’re not happy with the outcome, their final response letter should advise you if there are any ways in which you could escalate the complaint. If after you’ve exhausted all possible avenues within Boots, you could take your complaint to the ICO.
The ICO says that you need to get in touch with them around 3-months after your last discussion with the company you’re complaining about. Also, they could refuse to become involved if there is an unduly long delay in the complaint reaching them.
Something you should know, though, is that a complaint to either Boots or the ICO will not mean you’ll be paid compensation for the harm caused by the data breach. For that to happen, you’ll need to raise an official claim to Boots directly. If it’s been 3-months since you last had meaningful communication with Boots, you could ask us if a claim is possible.
If your claim has merit, a solicitor could review your case for you and try to reach an amicable agreement with Boots without an ICO investigation. In other cases, they might suggest the more formal route might be beneficial to your claim.
To find out whether you’re eligible to claim compensation for a data breach, why not enquire with us today?
Could I Be Compensated As The Victim Of A Data Breach?
You’ve now come to the part of the guide where we’ll look at compensation amounts, what you can claim for and when you can claim using a No Win No Fee agreement.
When your solicitor submits your claim, they’ll usually claim for material damages, non-material damages or both. The first is used to claim for financial losses incurred as a result of the data breach and the second aims to secure compensation for any psychological injuries that you’ve had to deal with.
What could be included in your claim will differ from any other case and that’s why we can’t tell you everything you could include here. If your claim is taken on, though, your solicitor will let you know once everything’s been assessed properly.
The types of considerations they’ll need to make include working out the impact of any anxiety, stress or depression has had on everyday life, work, education and any impact on relationships you have with colleagues, friends or family.
Additionally, long-term financial impact needs to be assessed at the same time as losses you’ve already suffered. For example, if your details were used to apply for finance, your credit file might be affected for many years to come.
If you would like Legal Expert to review your case and a solicitor to check what compensation you could be eligible to claim, please get in touch with a member of our team. They’ll refer you to a specialist solicitor if they believe your claim could be viable.
Calculating Awards For Data Breach Compensation
Now that we’ve assessed what compensation could be claimed for, let’s move on to look at potential compensation figures. There was an important case heard in the Court of Appeal (Vidal-Hall and others v Google Inc [2015]) which means you are now able to claim compensation for any psychological harm caused even if you’ve not suffered a financial loss because of the data breach. The judgment also said that any compensation awarded should be based on figures used in personal injury law.
Therefore, the table you’ll see below contains example compensation figures for some relevant injuries that could be sustained after a data breach. The data used in the table has been extracted from a document used when valuing claims called the Judicial College Guidelines.
Claim Type | Level | Settlement Range | Details |
---|---|---|---|
Psychiatric Injury (General) | Severe | £51,460 to £108,620 | Compensation awards in this category are used when the claimant has received a poor prognosis. Work, education and the ability to cope will have been affected, there will be future vulnerability and a low likelihood of treatment helping. |
Psychiatric Injury (General) | Less Severe | To £5,500 | This category covers cases where sleep and daily activities were affected. The length of the disability will also be considered. |
PTSD (Post-Traumatic Stress Disorder) | Severe | £56,180 to £94,470 | Compensation awards in this category will be used when every aspect of the claimant’s life is affected and work is not possible. The effects will be permanent and there will be no prospect of returning to pre-trauma levels. |
PTSD (Post-Traumatic Stress Disorder) | Moderately Severe | £21,730 to £56,180 | The symptoms in this compensation range will cause significant disabilities but the award is lower than above because a better prognosis will be made and there will be a chance of improvement with professional support. |
PTSD (Post-Traumatic Stress Disorder) | Less Severe | £3,710 to £7,680 | Compensation awards in this category are used when the claimant has almost fully recovered after a period of a year or two. Any ongoing issues will be minor. |
When you make your claim, your solicitor needs to use medical evidence to help substantiate the level of your suffering. Therefore, as part of the claims process, you’ll be invited to attend a medical assessment held locally to you. A medical specialist will look into your medical records and ask questions about how you’ve been affected.
Following the appointment, a file will be created which contains details of the medical specialist’s findings and sent to your solicitor. Due to the importance of the report, a medical assessment is required in all cases.
How To Deal With Your Data Breach And Get Legal Help
If you have decided that you want to begin a claim, the next thing you might want to do is choose a solicitor to help you, but where do you begin? Some good ideas include asking family or friends for recommendations, reading solicitor reviews online or simply picking the most local law firm to take your claim on.
While each of those steps has a chance of working out for you, they could all cost you a lot of time, especially if you’re not happy with the results. Why not save yourself the time and hassle of searching and call Legal Expert today? Our team of solicitors have decades of experience which you could benefit from. If your claim is accepted, your solicitor will do all they can to try and make sure you’re awarded a fair amount of compensation for your suffering.
No Win No Fee Data Protection Breach Claims Against Boots Advantage Card
If you’re thinking that the cost of making Boots Advantage Card data breach claims might be expensive or risky, don’t worry. Our team of solicitors offer to help reduce both financial risk and stress levels by working on a No Win No Fee basis for claims that they take on.
The first thing that will happen is that the solicitor will review your claim with you to check if there is a chance of claiming successfully. When both parties are happy to proceed, you’ll be given a Conditional Fee Agreement or CFA to sign.
The CFA contains all of the information about what work the solicitor will do and explains that:
- There’s no requirement for any upfront fee to be paid.
- There are no hidden charges or solicitor’s fees during the course of the claim.
- In the event that the claim fails, you won’t have to cover any of your solicitor’s fees at all.
When your case is won, and compensation is paid, the CFA will explain that your solicitor will keep a small percentage to cover their costs. This success fee is listed in the CFA so you’ll know how much you’ll pay from the start and, to put your mind at ease, the amount that can be deducted is legally capped.
Contact Us And Claim For A Data Breach
If you’d like Legal Expert on your side and would like to discuss your case today, you can:
- Call and speak with a fully trained advisor on 0800 073 8804
- Ask one of our online advisors about your options in our live chat applet.
- Email us with information about your claim to info@legalexpert.co.uk.
- Claim online and arrange for a call back from an advisor at a suitable time.
We understand how difficult it can be to find the time to discuss a claim so you can get in touch with us 24-hours a day, 7-days a week.
Data Breach Claim Victim Resources
This is the final part of our guide about Boots Advantage Card data breach claims. To provide extra assistance, we’ve listed some additional resources and guides which could be useful, below:
Wrong Medication Claims – Details on how to claim compensation for suffering caused if Boots gave you the wrong medication.
NHS Staff PPE Claims – Information about when NHS staff could seek compensation for injuries caused by a lack of personal protective equipment.
Shop Accident Claims – A guide about claiming compensation for injuries sustained in a shop.
Freedom Of Information Requests – Government guidance on how FOI requests are handled.
Identity Theft – An ICO article on how criminals could use your personal information.
General Pharmaceutical Council – The organisation you could complain to about concerns in pharmacies.
Other Useful Compensation Guides
- University of Nottingham Data Breach
- Capital One Data Breach Compensation Claims
- St George’s Healthcare NHS Trust Data Breach
- Sunderland City Council Data Breach
- Abertay University Data Breach
- Aberystwyth University Data Breach
- Ashford Borough Council Data Breach
- Bangor University Data Breach
- Bath Spa University Data Breach
- Bedford Borough Council Data Breach
- Birmingham Council Data Breach
- Bishop Grosseteste University Data Breach
- Can I Get Compensation For Loss of Medical Records?
- Bournemouth Borough Council Data Breach
- Bradford Council Data Breach
- Brighton and Sussex University Hospitals NHS Trust Data Breach
- Brunel University Data Breach
- Buckinghamshire Council Data Breach
- Butlins Data Breach Compensation Claims
- Canterbury Christchurch University Data Breach
- Easyjet Data Breach Compensation Claims
Guide by Mavers
Edited by Billing