We've been featured in:

Making A Data Breach Claim For Sending A Fax To The Wrong Person

In this guide, we’re going to review when a data breach claim for sending a fax to the wrong person may be justified. We’ll also look at what type of damage could be claimed and how much you might be paid.

Would you be surprised to know that fax machines are still used today? While they are old technology, some businesses and public bodies still use them. The security offered by these devices was designed well before the UK General Data Protection Regulation (UK GDPR) was introduced but communications sent in this way still have to adhere to the new rules.

Breaches Of Data Security Involving Faxes

Sending a fax to the wrong person data breach claims guide

Sending a fax to the wrong person data breach claims guide

The UK GDPR along with the Data Protection Act 2018 are laws governed by the Information Commissioner’s Office (ICO). Together, these laws set out how organisations (data controllers) can use your personal data.

If the rules are broken, the ICO might decide to take action. That could lead to a financial penalty as well as enforcement action. However, the ICO cannot award compensation to you regardless of the consequences of the data breach. For that reason, you may wish to take your own legal action.

If you have suffered damage to your mental health or finances after a fax containing your personal information was sent incorrectly, we could help you claim. Our team will happily review your case and give legal advice for free.

Where there is a reasonable chance of success, we could appoint a data breach lawyer from our team. If they agree to work for you, it will be on a No Win No Fee basis.

Interested in discussing your claim right away? If so, please call us on 0800 073 8804 today, write to us about your claim online, or chat now using our live chat service.

Alternatively, please read on to find out how mistakes involving faxes can result in a data breach claim.

Select A Section

A Guide To Data Breach Claims For Sending A Fax To The Wrong Person

According to the latest data protection laws, organisations need a lawful basis to process personal data. This is any information that could identify you. For example, the UK GDPR covers files or documents that contain your name, address, telephone number, email address, bank account number or NHS number.

Where the rules are broken you may be able to claim data breach compensation if the incident causes you to suffer damage to your finances or mental health.

An example might be where your medical records are sent to the wrong fax number. In this instance, you may have the grounds to make a data breach claim for the sending of a fax to the wrong number. That’s because medical records will contain personal information and could lead to distress or anxiety if they are read by an unauthorised third party.

As we continue, we’ll look at other examples of data breaches involving faxes that could justify a compensation claim. We’ll also provide more details on what type of suffering you could claim for.

Something that you should consider is that data breach claims must be started within the relevant time limits. For some claims, that is as long as a 6-year period. However, claims for data breaches by public bodies could have as little as 1-year in which they must be started. It is worth clarifying how long you have to claim with one of our advisors if you contact us.

When you have completed this article, please let us know if you have any questions. Our team are ready to review your claim for free and provide legal advice on your options.

How Common Are Sensitive Information Data Breaches?

As fax machines are very old technology, you might think data breaches involving them aren’t that common. However, you’d be surprised how many industries still rely on them to send invoices, contracts and medical records.

Although there are no specific statistics relating to fax machine data breaches, the ICO does record those involving documents posted or faxed incorrectly. In the first financial quarter of 2021, there were 219 incidents according to the ICO’s latest figures.

In the graph below, we’ve broken these incidents down to show which sectors they were most common in. As you can see, the top 3 sectors include health, local government and finance.

Sending Fax To The Wrong Person Data Breaches

What Is A Data Breach Claim For Sending A Fax To The Wrong Person?

A data breach relating to the sending of a fax to the wrong person is where personally identifiable data is accessed, lost, changed, destroyed or disclosed because a document was sent to the wrong number. Where that leads to problems for the data subject, they may have grounds to seek compensation.

Misdirected Faxes Containing Medical Data

One key area where faxes have been used to transfer important documents is in the health service. While the government has ordered all fax machines to be scrapped by April 2020, there has been no clear announcement as to whether they have been completely removed.

In the past, they were used by:

  • GPs to refer patients to hospitals.
  • Hospitals to arrange patient transfers.
  • Pharmacies to send or receive prescription information.
  • NHS trusts.

If you believe you have been harmed by a data breach involving any of these services, please call our team today if you’d like us to check your options for free.

Causes Of Fax Data Breaches

In this section, we are going to look at some of the reasons why mistakes can happen when sending faxes.

Human Error

One of the most basic mistakes that could cause a fax to be sent incorrectly is human error. This could simply be a matter of entering the wrong fax number or forgetting which organisation the fax should go to.

Poor Administrative Processes

With any paper-based exercise, there should be clear processes in place with how the task is handled. Simply placing faxes in a pile next to the fax machine could easily result in faxes going astray, or loose pages being sent to the wrong destination.

Misdelivery Of Data

As well as faxing to the right recipient, it is important that the correct data is sent too. For example, if a fax is being sent from a care home to a GP surgery, there is no need to include the patient’s payment details with their medical records.

The rules of the UK GDPR say that whenever personal data is processed, only the minimum amount required to fulfil the task should be handled.

What Factors Could Cause Sending A Fax To The Wrong Person?

As part of any new task, project or function a company performs, they should think about whether personal data is required and how it will be processed. By doing so, they could stop a data protection breach from happening. Some of the factors they should consider include:

  • Methods of processing data.
    Although faxes are still commonly used, companies should check if there is a better method of transmitting data that is more secure. As mentioned earlier, faxes offer no form of encryption so checking that the fax has arrived can be time-consuming.
  • Training of staff.
    Again, training staff is vital when it comes to processing personal data. Training should form part of any new project so that staff understand the type of data they’ll be handling and how it should be processed. This can relate to redacting information prior to sending.
  • Opportunity for mistakes.
    One of the easiest ways to prevent data protection errors is to remove the opportunity for them to happen. For example, to prevent faxes from being sent to the wrong person, the fax machine could be password protected to stop untrained staff from using it. Additionally, where possible, the fax machine could be set up to only allow calls to specific phone numbers to reduce the risk of errors.
  • Monitoring and updating.
    Once a process has been established within an organisation, it should be monitored and regularly reviewed. By doing so, if there are any problems, the process can be modified to help ensure data protection compliance.

Guidance To Prevent The Sending Of A Fax To The Wrong Person

To make a data breach claim for sending a fax to the wrong person, the data subject would need to show that the organisation they blame allowed the breach to happen through its own actions (or lack of action).

Therefore, it would seem a good idea for organisations to implement measures to reduce the risk of such breaches. Many companies will appoint a data breach officer to help with this. As part of their role, they may:

  • Define a clear data protection policy and train all staff on it.
  • Monitor personal data usage to make sure the company complies with its data protection responsibilities.
  • Set up a retention policy so personal data is never kept longer than necessary. This is a requirement of the UK GDPR.
  • Be the point of contact for any data protection complaints from customers.
  • Be the liaison with the ICO.
  • Set up a plan of what to do if a data breach occurs.

While these measures may seem time-consuming, they could help prevent data breaches where faxes are sent to the wrong person. Furthermore, they could prevent the company from receiving a hefty ICO fine.

NHS Fax Data Breaches

As mentioned earlier, faxes have been used in medical facilities for quite some time. In this section, we are going to provide information about a breach that resulted in a £90,000 fine, according to reports.

The ICO issued the fine to Central London Community Healthcare (CLCH) NHS Trust. The incident was reported to be a serious data breach where patient information was faxed to the wrong number. In total, 59 faxes were sent.

The information that ended up with the wrong person included details of resuscitation instructions, medical diagnoses and information relating to the patient’s domestic situations.

The ICO fined the health trust for failing to provide the individual responsible with adequate data protection training. They also found that there weren’t sufficient checks in place to ensure faxes were arriving with the correct recipient.

Source: https://www.wired-gov.net/wg/wg-news-1.nsf/article/London+NHS+Trust+fined+90000+for+serious+data+breach+22052012160827?open

Example Of Non-Material And Materials Damages

It would be really nice if claiming compensation for a data breach was as easy as telling the defendant how much money you’d like to be paid. However, the claims process is a bit more complex than that. Every part of your claim must be explained, justified and backed by evidence.

It’s possible to seek compensation for two forms of damage:

  • Material damage. The amount you’ll claim for any financial losses, costs or expenses.
  • Non-material damage. Where your claim focuses on any psychological injuries such as stress or anxiety.

Material damage is usually quite straightforward to calculate. For example, you can provide receipts or bank statements to show your losses. This might be the case if money is stolen from you by criminals using your personal data in identity theft.

For non-material damage, you’ll need to use medical records to prove what mental conditions you’ve been diagnosed with as a result of the data breach.

But that’s not the end of the claim though. Some consideration needs to be given to any future suffering too as you can only make a single claim. Therefore, during the claims process, if you’ve suffered mentally, you’ll need a medical assessment. This will be performed by an independent medical expert. They will use your medical records to review how you’ve suffered. They’ll also ask how your injuries have affected you. If their prognosis shows that you’ll be affected by mental injuries in the medium to long term, this could be factored into your claim.

We believe it’s important to ensure everything is included within your claim. We also believe your best chance of being properly compensated is by having a data breach lawyer on your side. If you’d like to work with one of our data breach specialists, why not call today to see if your case will be accepted?

Calculating A Data Breach Claim For Sending A Fax To The Wrong Person

In this section, we’re going to consider how much compensation might be payable for damage inflicted by a wrong fax data breach. To learn how awards are made in data breach claims, we need to look at a couple of recent court cases and their outcomes.

In 2015, in the case of Vidal-Hall and others v Google Inc at the Court of Appeal, it was held that:

  • Claimants are able to sue for psychiatric damage caused by data breaches, even when no money has been lost because of the incident.
  • This is a move away from previous rulings where a monetary loss was needed before an injury claim could be made.

In a separate case, Gulati & Others v MGN Limited [2015], the court stated that:

  • Compensation for psychiatric injuries could be valued with reference to injuries in personal injury claims.

Therefore, the compensation table below use personal injury claim figures as found in guidelines from the Judicial College:

Edit
Type Of Injury Severity Compensation Bracket
General Psychiatric Damage (a) Severe £51,460 to £108,620
General Psychiatric Damage (b) Moderately Severe £17,900 to £51,460
General Psychiatric Damage (c) Moderate £5,500 to £17,900
General Psychiatric Damage (d) Less Severe Up to £5,500
Post-Traumatic Stress Disorder (a) Severe £56,180 to £94,470
Post-Traumatic Stress Disorder (b) Moderately Severe £21,730 to £56,180
Post-Traumatic Stress Disorder (c) Moderate £7,680 to £21,730
Post-Traumatic Stress Disorder (d) Less Severe Up to £7,680

If you’d like us to review your claim and assess how much you might be paid, please call our team to find out your options. You can also try using our compensation calculator tool.

No Win No Fee Data Breach Claim For Sending A Fax To The Wrong Person

The one thing that is most off-putting about taking legal action is the thought of losing money on solicitor’s fees. To ease that worry, our team of solicitors offer a No Win No Fee service for all claims they take on. That means you will find the claim less stressful as your financial risk will be reduced.

When you get in touch, the merits of your case will need to be reviewed. If the solicitor agrees to represent you, they’ll give you a Conditional Fee Agreement (CFA). The purpose of this contract is to show you what your solicitor will need to do before you need to pay them—in other words, the conditions they need to meet to get paid. Essentially, it will make it clear that solicitor’s fees aren’t payable unless you receive compensation.

Where that happens, your solicitor will deduct a small success fee from the compensation. This will be listed in the CFA as a percentage of the settlement you receive. Importantly, you don’t need to worry about being overcharged as success fees are capped by law.

If your claim doesn’t end in success, you won’t be responsible for any of your solicitor’s fees.

Would you like an advisor to check your eligibility to claim through our No Win No Fee service? If so, please get in touch today.

Getting In Touch About Your Case

We hope that you now understand why you could make a data breach claim for the sending of a fax to the wrong person. If you’d like Legal Expert’s support with your claim, you can:

For your convenience, we operate our claims line 24-7. Therefore, please feel free to call when it’s most convenient.

Learn More

You have almost completed this article about making a data breach claim for sending a fax to the wrong person. Therefore, we have added a few more articles below that you might find useful if you decide to proceed.

Fax Data Breaches – This guide from the ICO provides more information on how faxes could result in data breaches.

The Privacy And Electronic Communications Regulations 2003 – Legislation relating to how communications are sent electronically.

Support For Stress – Information from the NHS on what support is available for stress.

Loss Of Personal Data – Advice on claiming if your personal data is lost by an organisation.

Social Services GDPR Data Breaches – Information on how a breach by social services could be claimed for.

Post-Traumatic Stress Disorder – An explanation about why a data breach could lead to a PTSD claim.

FAQs – Data Breach Claim For Sending A Fax To The Wrong Person

Are fax data breaches reported to the ICO?

All data breaches that could affect a data subject’s rights are reportable to the ICO. Therefore, if a fax was sent to the wrong recipient and it contained personally identifiable data, it should be treated as a data breach and reported accordingly.

Is it safe to send sensitive information by fax?

Faxes operate on old technology and, as a result, are not very secure. While the information is transmitting, it could be intercepted as there is no form of encryption or security. Furthermore, it is possible that if the recipient leaves the document on their fax machine for some time, it could be accessed by unauthorised parties.

Do data breach laws cover faxes?

The UK GDPR applies to any file or document containing data that could identify an individual or data subject. That means that as well as computer files, any physical documents such as letters, surveys and faxes also fall within the scope of the new laws.

Who pays my compensation for sending the wrong fax?

While the ICO has powers to issue fines of up to £17.5 million following data breaches, it can’t get involved in compensation claims. Therefore, if you have been affected by a UK GDPR breach, you could ask a data breach lawyer to help you claim. If compensation is secured, it will be paid by the organisation responsible for your personal data.

Thanks for reading about how to make a data breach claim for sending a fax to the wrong person.

Guide by Hambridge

Edited by Billing