We've been featured in:

A Guide On How To Sue The Government For A Data Breach

Our guide examines how to sue the government for a data breach and when you could be eligible to pursue compensation.

The government is made up of many different departments. Each of these departments stores and processes multiple types of personal data for many people. Examples include information relating to state pensions, benefits, and national insurance as well as your name, postal address, and ethnic or racial origin. In some cases, the data is more sensitive. As such, if a government department is affected by a data breach, there could be severe consequences. 

As we move through this guide, we examine the obligations the government has under data protection laws and how a breach could occur if these aren’t adhered to. Furthermore, we explain what a data breach is and what information could be affected. 

Compensation in a successful data breach claim can be awarded for two different types of damage, the financial damage incurred and/or the psychological harm. We discuss how compensation is calculated for the different ways you have been impacted later in our guide. We also briefly touch on the evidence you could use to show what damage occurred and how you were affected.

To finish off our guide, we explore the No Win No Fee agreement offered by our experienced data breach solicitors, with particular emphasis on how you can benefit when instructing one of our solicitors to represent you under such a contract.

Claims for data breaches can be complex, which is why our advisors are available to address your concerns at any time of the day. They can also provide a free consultation on whether you have a valid data breach claim. You can speak to a member of our team and ask any questions about data breach claims via the details provided here:

'Data breach' written in block capitals inside a cloud of computer terminology.

Select A Section

  1. How To Sue The Government For A Data Breach
  2. Examples Of Potential Government Data Breaches
  3. What Evidence Could You Provide To Support A Claim?
  4. Calculating Data Breach Compensation Payouts
  5. How To Sue The Government For A Data Breach With A No Win No Fee Solicitor
  6. Find Out More About More About Claims For Data Breaches

How To Sue The Government For A Data Breach

Before we explain how to sue the government for a data breach, we need to explain what a data breach. A personal data breach is defined in general terms as a security incident that affects the availability, integrity or confidentiality of personal data. This definition is given by the Information Commissioner’s Office (ICO), the UK’s independent body for upholding information rights.

There are 3 relevant parties when discussing data breaches, these are:

  • Data controllers: The organisation that decides when, how and why your data will be stored or processed. 
  • Data processors: These are external organisations that are contracted by the data controller to process the data on their behalf. It is important to note that not all controllers use external processing services, and may decide to process data themselves.
  • Data subjects: The living identifiable individuals to whom the personal data relates.

Data controllers and processors have strict obligations under both the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Failing to adhere to these obligations is known as wrongful conduct which could cause a personal data breach.

It’s not always possible to claim for a data breach. There are criteria that need to be met to begin a personal data breach claim. These are as follows:

  1. There was a failure by either the data controller or processor to uphold the standards set out by the UK GDPR and the DPA.
  2. This failure caused a breach in which your personal data was affected. 
  3. You suffered a financial loss, psychiatric harm or both as a result of this breach.

Our advisory team can offer a free assessment of your eligibility to start a claim. They can also offer free advice and answer any questions you may have. Our advisors are available 24 hours a day via the contact details provided above.

Time Limits In Data Breach Claims

Data breach time limits mean you typically have 6 years to start legal proceedings, but this drops to 1 year if you are claiming against a public body. There may be some exceptions that can apply in some circumstances.

For further advice on the time limits in data breach claims and exceptions that may potentially apply, speak to our advisors today.

Examples Of Potential Government Data Breaches

As we outlined in our introduction, different government departments hold a vast amount of personal data on residents. This data could be put at risk if a government department fails to adhere to its obligations under data protection law. 

Personal data is defined by the ICO as information that can be used to identify a living natural person. This can include names, addresses, contact information and details of bank or credit cards. Article 9 of the UK GDPR also makes provision for “special category data.” This is personal data that is deemed as more sensitive and, therefore, necessitates a higher degree of protection. Examples include data on your racial and ethnic origin, trade union membership, religious beliefs and your health.

We have provided a few examples of how government data breaches could potentially happen here:

  • Wrong address data breach: Administrative errors resulted in a letter containing information regarding your child benefit payments being sent to the wrong address.
  • Unauthorised access data breach: Failures to upgrade security software resulted in hundreds of case files containing immigration information being exposed in a cyber attack.
  • Loss of paperwork data breach: A government employer was carrying documents in an unlocked briefcase on a train. They left the case on the train when they disembarked. Unauthorised persons therefore gained access to your personal data as a result of this human error data breach incident.

To learn more about claiming data breach compensation in your particular circumstances, speak to an advisor today using the contact information given below. They can discuss your specific case and determine whether you meet the eligibility criteria for starting a claim.

A man sitting at table on his laptop with a data breach warning appearing on the screen.

What Evidence Could You Provide To Support A Claim?

A key part of understanding how to sue the government for a data breach is looking at collecting evidence to support a potential claim. As well as showing that your personal data was compromised in a breach caused by wrongful conduct, your assembled evidence will need to demonstrate the impact this breach had on you financially and/or emotionally.

You can see some examples of the evidence you could collect here:

  • Correspondence from the data controller notifying you that a data breach has occurred and what data was affected. This usually comes in the form of a written letter or email.
  • Financial records such as your bank statements that show suspicious or unauthorised activity in your accounts, or payslips to show any lost earnings incurred if you had to take time off work to recover from the mental impact of the breach.
  • Medical evidence showing you suffered psychological harm. such as distress, anxiety, or stress, as a result of having your data breached.

What Steps Can I Take After A Data Breach?

Data controllers are required to inform all data subjects affected if the data protection rights and freedoms of those subjects have been put at risk. They must do so without undue delay. There is also an obligation to inform the ICO within 72 hours from when they discovered the breach had occurred, if it meets the reporting threshold.

As a data subject, it is your right to express concerns regarding a data controller’s conduct at any time. If you are dissatisfied with their response, you can raise a complaint with the ICO.

While the ICO does not award compensation, they can take punitive actions against data controllers who do not meet data protection laws. You can use the findings from their investigation as evidence to strengthen your case, if they choose to investigate your complaint.

One of our experienced No Win No Fee data breach solicitors could assist with gathering evidence if you have a valid claim. Speak to our advisors for a free assessment of your eligibility today. If eligible, a solicitor could take on your case and support you with collecting evidence, as well as make sure your claim is made within the appropriate time limit.

Calculating Data Breach Compensation Payouts

There are two different types of damage that data breach compensation can be awarded for following a successful claim. Material damage refers to the monetary losses that result from a data breach, such as money taken from your account if your bank card details were stolen. Non-material damage refers to the psychological injuries caused by a personal data breach. This could be in the form of stress, emotional distress, and anxiety, or more serious psychiatric conditions such as post-traumatic stress disorder. 

Reference can be made to the guidelines from the Judicial College alongside provided medical documents when a potential figure for non-material damage is being calculated. The JCG lists guideline award brackets for various different types of harm.

Compensation Table

The table contains figures from the JCG. except for the first entry. Please be advised that the figures used in our table are intended as guidance only.

Type of InjurySeverityGuideline Compensation AmountNotes
Very severe psychiatric harm alongside substantial monetary lossesVery SevereUp to and above £150,000A payout could be awarded to address the very severe psychological damage as well as the significant financial losses incurred.
General Psychiatric HarmSevere (a)£54,830 to £115,730Marked problems across multiple areas of the person's life as well as a very poor prognosis.
Moderately Severe (b)£19,070 to £54,830Significant problems across multiple aspects of life but a better prognosis than in more severe cases.
Moderate (c)£5,860 to £19,070The injured person will have experienced a substantial improvement and their prognosis will be positive.
Less Severe (d)£1,540 to £5,860This bracket considers factors such as the time period of disability, and the impact on sleep and daily life activities.
Post traumatic Stress DisorderSevere (a)£59,860 to £100,670Permanent and severe effects across all aspects of life preventing the person from working or at least functioning at a pre-trauma level.
Moderately Severe (b)£23,150 to £59,860Despite a better prognosis and some recovery with help from a professional, the person will still likely experience a significant disability for the foreseeable future.
Moderate (c)£8,180 to £23,150Cases where there has been a significant recovery and any effects that persist won't be grossly disabling.
Less Severe (d)£3,950 to £8,180Virtual recovery within 2 years with only minor persisting symptoms over a longer period.

Material Damage

As mentioned, you could also be entitled to data breach compensation for material damage. This refers to the financial losses incurred from your personal data being breached.

Examples could include funds being stolen from your bank accounts or fraudulent purchases being made in your name. Your credit score could also be negatively affected by fraudulent charges, which could have a knock-on effect on your personal finances.

Evidence in the form of bank statements, credit reports, and payslips, can help prove any losses.

To find out more about how data breach compensation is calculated, or to get a more detailed picture of how the value of a data breach claim is calculated, speak to an advisor today. Our friendly and experienced team are available 24 hours a day via the contact details given below.

Can I Sue The Government For A Data Breach With A No Win No Fee Solicitor?

If a personal data breach occurs, we understand it can be a stressful and confusing time. As such, if you are looking to make a claim, you could benefit from seeking legal representation.

Our specialist data breach solicitors have years of experience in handling compensation claims following breaches of personal data. They can assist you with building your case and guiding you through each stages of the claims process to help you reach a settlement.

If eligible, one of our solicitors could offer their services under a Conditional Fee Agreement (CFA). This kind of No Win No Fee contract presents notable advantages to potential claimants, including:

  • In most cases, there will be no upfront fee for our solicitors to begin working on your case.
  • There will also be no charges levied during the claims process for that work.
  • Finally, in the event the claim is unsuccessful, you will not be charged a fee for the services they have provided.

You will receive a compensation payout for the material and/or non-material damage you experienced as a result of the data breach. Before your claim begins, you and the solicitor will agree to a success fee, payable as a percentage of your compensation on the condition the solicitor wins your claim. Per The Conditional Fee Agreements Order 2013, success fee percentages are capped. Therefore you will keep the majority of any payout for the damage you sustained. 

Contact Us

Speak to an advisor today for more information on how to sue the government for a data breach and whether you could be eligible to pursue compensation. You can get in touch with a member of our team via the details provided here:

  • Call us on 0800 073 8804.
  • Contact us online by completing this form.
  • Use the live chat button at the bottom of your screen.

A solicitor and his clients discussing how to sue the government for a data breach.

Find Out More About Claims For Data Breaches

You can read more of our data breach claims guides here:

We have also provided these external resources:

If you have any other questions on how to sue the government for a data breach and the eligibility criteria that need to be met in order for you to have valid grounds to do so, call our team.