An image data breach can mean that a captured image from which you can be identified has been breached. Every day our lives are captured on camera, whether it be through CCTV or even the ever evolving doorbell that can capture images.
Having your image caught up in a data breach can cause emotional distress or psychological injuries. The data subject may also experience financial losses. Any organisation or company that captures your image or handles another type of personal data becomes known as a data controller. Sometimes controllers can outsource their data processing to a data processor. Please get in touch with Legal Expert today to discuss your case. If an advisor believes you have legal grounds to claim, we can provide you with a skilled solicitor to handle your case.
Use the following information to reach us:
- Call us on 0800 073 8804
- Fill out our contact form to see if you can claim online
- Or you can type a question for us into our Advice widget, and we will respond as soon as possible
Select A Section
- What Is An Image Data Breach?
- Does Data Protection Apply To Photos?
- Causes Of Personal Data Breaches
- Image Data Breach Case Study
- What Could You Claim For An Image Data Breach?
- Claim Compensation By Contacting Us
What Is An Image Data Breach?
Personal data is information that can be used to identify a person. In certain circumstances, an image may be considered personal data if a person can be identified in the photo or video footage. It can depend on what the image is being captured for. A personal data breach is a security incident that comprises the integrity, confidentiality and availability of data subjects’ personal data. So, an image data breach can potentially be a security incident which may compromise the protection of a person’s identifiable data.
Under the UK General Data Protection Regulation and the Data Protection Act 2018 organisations and parties that handle personal data are responsible for protecting it. Data protection laws seek to protect personally identifiable data and personal data of a sensitive nature. Therefore data processors or controllers are accountable for upholding our data protection laws to prevent data breaches.
Those who unfortunately suffer due to the breaching of personal data may be able to pursue a claim for compensation if:
- A data controller or processor failed in their obligation to comply with the applicable.
- Consequently, a data breach occurred that involved your personal data
- And the data breach caused the subject emotional distress or psychological injuries? Or financial losses.
Does Data Protection Apply to Photos?
This is where it can get a little tricky. If you are photographed in the background of a photo while your image is processed by the photographer, your image being in the photograph would not be considered personal data. However, if a photograph is used to learn or decide something about the data subject, it can then become personal processed data.
Generally, in order for a data controller to process or share personal data, they must have a lawful basis to do.
These are the six lawful bases for sharing personal data:
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interest
For a business to use CCTV footage, they must register this with the Information Commissioner’s Office ICO. The ICO are an independent public body set up to ensure the rights of data subjects are being upheld. The business must also ensure that it informs the public that they are being recorded, control who has access to the recorded data, and only use such a service for the purpose it was intended to be used for.
Causes Of Personal Data Breaches
A personal data breach can happen for a variety of different reasons. Some data breaches are caused by cyber security attacks such as hacking. However, the majority of personal data breaches happen through accidental means or human error. Here are some examples of personal data breaches:
- An employer used CCTV for security reasons, this system captures staff leaving and entering the building. The employer lost these recordings because they failed to lock them away safely.
- A company leaves a USB stick on a train that contains digital files of identifiable images.
- A private hospital specialising in cosmetic surgery has its customer database hacked. The hackers can gain identifiable images of clients because the online security systems were not adequate enough, nor were they updated.
Statistics On Related Data Breaches
The Information Commissioner’s Office is in charge of upholding the United Kingdom’s data protection regulations. When an organisation experiences a data breach which threatens the rights and freedoms of those involved, the organisation must report the data breach to the ICO.
Below are some statistics relating to non-cyber incidents that show the number of data security incidents reported to the ICO during the fourth quarter of the 2021/22 financial year. Please see the ICO’s data security incident trends to learn more.
- Alteration of personal data – 4
- Data emailed to incorrect recipient – 381
- Data of wrong data subject shown in client portal – 20
- Data posted or faxed to incorrect recipient – 217
- Failure to redact – 109
- Failure to use bcc – 79
- Unauthorised access – 229
Image Data Breach Case Study
So that we can make this matter clear, we put together an illustrative case study.
A school published school photos on social media without asking for consent from a child’s parent. The child in the photo and her mum and young brother has recently moved to a new area and new school to escape from the father, who had a history of violence.
The mother raised concerns with the school. Subsequently, the school removed the individual pictures. Eventually, the family had to change schools because the data breach threatened their safety. Consequently, stress due to the data breach was suffered and unnecessary disruption to their lives.
What Could You Claim For An Image Data Breach?
If your data breach compensation claim is successful, two types of damages may be awarded. Victims can receive material damage to compensate them for any financial losses incurred. Victims can also receive non-material damage to compensate them for the psychological injuries they experienced, like anxiety or emotional distress caused by the data breach.
The table below has amount brackets taken from the Judicial College’s 16th edition compensation guidelines. This publication is very often used to value injury and illnesses in civil claims. The Judicial College updated the guidelines in 2022.
Reason For Claim | Severity | Damages | Notes |
---|---|---|---|
Psychological Damage (Generally) | (A) Severe | £54,830 to £115,730 | Serious and marked problems across all parts of the person’s life. The diagnosis for recovery is poor. |
Psychological Damage (Generally) | (B) Moderately Severe | £19,070 to £54,830 | The person will be left with mental health problems over the long term. |
Psychological Damage (Generally) | (C) Moderate | £5,860 to £19,070 | The person could face serious problems though they will already have made a significant level of recovery. |
Psychological Damage (Generally) | (D) Less Severe | £1,540 to £5,860 | Compensation paid out will take account of how long symptoms remained for. |
PTSD | (A) Severe | £59,860 to £100,670 | Acute and permanent mental health injuries which detrimentally impact this person’s life. |
PTSD | (B) Moderately Severe | £23,150 to £59,860 | Similar to the above, but the diagnosis allows for more recovery if professional care is sought. |
PTSD | (C) Moderate | £8,180 to £23,150 | The person will have more or less made a recovery. |
PTSD | (D) Less Severe | £3,950 to £8,180 | A full or near full recovery will happen in two years or under. |
Of course, your compensation can vary, depending on your circumstances. So you may receive more or less compensation than the amounts in the table. Please call Legal Expert today, and we can value your claim accurately.
Claim Compensation By Contacting Us
Please get in touch with Legal Expert to see if you can make a compensation claim for an image data breach. We will speak to you about your ordeal, and if you have a valid reason to claim, we can assign a skilled data breach solicitor to work on your case. Furthermore, the solicitor may offer their service on a No Win No Fee basis.
You may be asked to sign a Conditional Fee Agreement (CFA).
The CFA states that there are no upfront fees to pay your solicitor. Instead, you will pay a success fee only when you receive compensation. What’s more, your success fee is charged at a capped rate.
To see if you can make an image data protection breach claim, please reach out to us:
- Dial 0800 073 8804 to reach our claims helpline
- Please write to us to enquire about making a claim online
- Alternatively, use the advice widget to speak to us
Learn More About UK GDPR Compliance
If a data breach harmed you, please read these resources to learn more about what you can do.
- Employer Personal Data Breach Compensation Claims Guide
- Private Healthcare Medical Data Breach Compensation Claims Guide
- Bank Data Breach Compensation Claims
- Court Case Data Breach Claims Case Study
- Conveyancing Solicitor Data Breach Claims Guide
- HIV Data Breach Claims Guide
- Hospital Mental Health Data Breach – Case Study
- Monzo Bank Data Breach – Could I Claim?
- My Medical Information Was Shared – Can I Claim?
- Immigration Information Data Breach – Can I Claim?
- Metro Bank Data Breach – Could I Claim?
- How To Report A Data Breach To The ICO
The rights granted by copyright – a guide from the Intellectual Property Office (IPO)
Lawful basis interactive guidance tool – a resource from the ICO
Your right to limit how organisations use your data – a guide from the ICO
Thank you for reading our guide to making an image data breach claim.