We've been featured in:

When Could You Claim For A Personnel Records Data Breach?

This guide examines when you could be eligible to make a personnel records data breach claim. Certain parties must follow data protection legislation in order to protect your personal data. Failure to adhere to data protection laws could result in a breach of your personal data causing you financial loss and/or mental harm. We cover the laws in more detail throughout our guide, as well as what a personal data breach is and how one could occur. 

personnel records data breach

When Could You Claim For A Personnel Records Data Breach?

Furthermore, this guide tells you how to prove that the data from your personnel records has been breached and what impact it had on your mental health and/or finances. We also look at how compensation is calculated in successful data breach claims. 

Finally, we discuss the benefits of working with one of our expert No Win No Fees solicitors when seeking data breach compensation.

For more information about claiming for a breach of your personal data, please get in touch with us. To do so, you can:

Jump To A Section

  1. When Could You Claim For A Personnel Records Data Breach?
  2. How Should Your Employer Protect Personal Data?
  3. How To Prove A Data Breach Claim
  4. What Could Your Personnel Records Data Breach Claim Be Worth?
  5. Get In Touch To Claim For A Personnel Records Data Breach On A No Win No Fee Basis
  6. Discover More About Employee And Employer Data Breaches

When Could You Claim For A Personnel Records Data Breach?

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) are the laws that protect personal data which is any information that can be used to identify you. Data controllers and processors must follow the DPA and the UK GDPR in order to process, store, and handle personal data lawfully. 

The data controller is the party in charge of deciding how and why your personal information will be processed. In some cases, they may also process the data themselves. However, if they choose to, they can outsource this task to the data processor who processes personal data on behalf of the data controller. In the case of a personnel records data breach, your employer would be the data controller.

If either of these parties fails to follow data protection laws, it could potentially result in a personal data breach. A personal data breach can be defined as a security incident that compromises the integrity, availability, and confidentiality of your personal data. This definition is provided by the Information Commissioner’s Office (ICO), an independent body set up to uphold information rights in the UK.

Article 82 of the UK GDPR establishes when you are eligible to claim data breach compensation:

  • The data controller or data processor failed to adhere to data protection law.
  • Because of this failure, your personal data was breached. 
  • Because of this breach, you experienced financial and/or psychological damage.  

Time Limits

Generally, you need to begin your data breach claim within 6 years. However, this is reduced to a 1-year time limit if you are claiming against a public body.

Get in touch with us as soon as possible to confirm whether you meet the eligibility criteria to begin a personnel records data breach claim and how long you have to seek compensation.

How Should Your Employer Protect Personal Data?

Personal data is any type of information that can be used, either solely or in combination with other data, to identify who you are, such as your name, email address, phone number, and National Insurance number. There is another type of personal data that requires extra protection due to it being more sensitive, known as special category data. This can include data concerning your health, such as health and disability information, biometric data, where used for identification purposes, and data revealing your racial or ethnic origin. Personal data such as this could be held in your employee personnel record, which is a record relating to an employee of an organisation. 

Here are some steps and actions that employers should take in order to comply with UK GDPR and DPA to protect an employee’s personal data and avoid a cyber security incident or human error data breach:

  • Make sure all access to electronic documents is password protected and that there is a robust cyber security system in place. 
  • Putting locks on cabinets that have paper documents inside and ensuring those with access to these cabinets is limited to those who require it, such as the Human Resources and management team. 
  • Training staff appropriately so they know how to dispose of and destroy personnel files when it is required to do so. This means shredding files instead of simply putting them in the bin to avoid an unauthorised party gaining access. 

Speak to us to discuss your specific case and find out whether you’re eligible to make a personnel records data breach claim.

How To Prove A Data Breach Claim

Providing evidence for your personnel records data breach claim is important as you need to show how you have suffered financially and/or psychologically due to your personal information being compromised. You could collect, for example:

  • A letter from the data controller confirming that a breach occurred and what personal data was affected. Data controllers are required to notify you without undue delay if a breach has put your rights and freedoms at risk.
  • Other correspondence between you and the data controller about the breach. For example, if you suspect a breach of your personal data has happened, you can contact them. Any emails or letters sent can form part of the body of evidence to support your claim. 
  • Evidence of financial losses caused by the breach. For example, you could provide wage slips showing any lost income incurred because of time taken off work to deal with the mental impact of the breach.
  • Medical evidence, such as a report or letter from your GP showing any psychiatric harm you have suffered, like anxiety and distress. 
  • Any findings from an ICO investigation. You can contact the ICO if you’ve had no meaningful response from the organisation. They might investigate and if they do, you can use the findings as evidence to support your claim.

If you work with one of our expert solicitors when making a data breach claim, they could help you gather evidence and build your case as part of the services they offer. Call us to find out more.

What Could Your Personnel Records Data Breach Claim Be Worth?

If your personnel records data breach claim succeeds, how much your claim could be worth depends on the psychological harm (non-material damage) and financial loss (material damage) you suffered due to the personal data breach. You do not need to have suffered any material damage in order to recover compensation for non-material damage. 

The Judicial College Guidelines (JCG) list different types of psychiatric and psychological injuries alongside guideline compensation brackets for each. When your compensation is being calculated, the JCG will be looked at along with an assessment of your medical reports. 

The table below, for your guidance only, contains figures found in the JCG, with the exception of the first entry.

Compensation Table

Edit
Injury Severity Guideline Valuation Bracket Notes
Serious impact to mental health with significant financial losses Serious Up to £150,000+ The person experiences a severe impact to their mental health with a poor prognosis resulting in substantial monetary losses, such as loss of earnings.
Psychiatric Damage Severe (a) £54,830 to £115,730 Poor prognosis with marked problems that affect different areas of one’s life, such as the ability to cope with work.
Moderately severe (b) £19,070 to £54,830 Prognosis is much more optimistic but there are still significant problems with different areas of one’s life.
Moderate (c) £5,860 to £19,070 Good prognosis and a marked improvement.
Less severe (d) £1,540 to £5,860 The award will be determined by the how daily activities are affected and how long for.
Post-Traumatic Stress Disorder Severe (a) £59,860 to £100,670 All aspects of life will be permanently and badly affected and the person will not be able to function at a pre-trauma level.
Moderately severe (b) £23,150 to £59,860 There is a better prognosis and some recovery due to professional help. However, for the foreseeable, there will be significant disability.
Moderate (c) £8,180 to £23,150 Continuing effects are not grossly disabling because a large recovery is made.
Less severe (d) £3,950 to £8,180 A virtually full recovery will be made within 2 years with only minor symptoms persisting longer.

Material Damage

You are able to claim compensation for material damage independently or alongside non-material damage and vice versa. An example of a financial loss you may have experienced directly from a personnel records data breach is a loss of earnings if you have time off work due to stress. As mentioned earlier, evidence, such as wage slips, can help prove this loss.

Please speak to us if you wish to discuss how data breach compensation is calculated in more detail. 

Get In Touch To Claim For A Personnel Records Data Breach On A No Win No Fee Basis

Once you have received a free assessment of your case, you may be connected to our data breach solicitors if you have an eligible personnel records data breach claim. Our solicitors offer their services under a type of No Win No Fee contract called a Conditional Fee Agreement (CFA).

A CFA presents significant benefits since there are no upfront or ongoing fees to pay for the solicitor’s services. If your claim is unsuccessful, there is also no need for the solicitor’s services to be paid. 

If your data breach claim succeeds, a small percentage of your compensation will be taken by your solicitor. This is known as the success fee. There is a legal limit to the maximum percentage of your compensation that can be taken, so, the majority of your compensation is yours to keep. 

Contact Us

Contact us today to potentially begin the claims process for your personnel records data breach. We can offer you free advice and support and potentially connect you with one of our solicitors. To reach out, you can:

Discover More About Employee And Employer Data Breaches

Try checking out our other data breach claims guides:

Alternatively, these external resources may give you some extra useful information:

Thank you for reading our guide today on when you can claim for a personnel records data breach. If you have any other questions, call the number above to speak with us.