How To Claim Compensation For The Leads Work Limited Email Data Breach
In this article, we’re going to show why the Information Commissioner’s Office issued a £250,000 fine following the Leads Work Limited data breach. Later on, we’ll provide more details of the breach, explain what suffering data breaches can lead to and explain the process of claiming for that harm.
When you receive text messages that are unsolicited, they can be annoying and inconvenient. In some cases, they can lead to distress and anxiety depending on the content of the message. Luckily, laws like the Privacy and Electronic Communications Regulations (PECR) and the General Data Protection Regulation (GDPR) can help to reduce such text messages. These laws are governed by the Information Commissioner’s Office (ICO).
If you have evidence of a breach and the harm caused and believe you are entitled to compensation, Legal Expert could help you. Our advisors are willing to assess any claim and provide free advice on your options. While you don’t have to make a claim, if your case appears to be suitable, we could appoint a data breach solicitor to it. If they decide to work on your case, their service will be provided on a No Win No Fee basis.
To begin the claims process right away, why not get in touch with us on 0800 073 8804 today? Otherwise, to learn more about the harm marketing text messages and data breaches can cause, please read the rest of this guide.
Select A Section
- A Guide To Claims For A Leads Work Limited Data Breach
- What Is A Leads Work Limited Data Breach?
- Complying With The GDPR In Email Marketing
- Enforcement Action Taken Against Leads Work Limited
- Reporting A GDPR Email Marketing Breach To The ICO
- What Compensation May Be Awarded For A GDPR Email Marketing Data Breach?
- Calculating Compensation Awards For The Effects Of A Data Breach
- Making A Data Protection Complaint Against A Private Company
- Getting Help From A Data Breach Lawyer
- No Win No Fee Claims For A Leads Work Limited Data Breach
- Talk To An Expert
- Learn More About Personal Data Breaches
- Marketing Data Breach Statistics
- Email And SMS Marketing Data Protection FAQs
A Guide To Claims For A Leads Work Limited Data Breach
Most people, by now, have heard of the GDPR. It came into force when The Data Protection Act 2018 was enacted. These laws, as well as others, have been designed to protect how personal data is handled. They allow you (the data subject) much more say over how your information is processed by organisations (called data controllers).
Since the GDPR came into force, data controllers need a lawful basis to process personal data. A lot of the time, this will mean they need to tell you the reason your data will be used and ask you to agree as well.
Where data security protocols aren’t followed, the ICO is able to step in and review what’s happened. If they find a company guilty of breaking the rules, they can fine them and issue enforcement action. That is exactly what they did in the case of the Leads Work Limited data breach. We’ll review their decision on that matter later on in this article.
The only thing you won’t see the ICO do is to issue compensation to those affected by GDPR data breaches. For that reason, claims must be made separately from any ICO action.
If you are thinking of claiming, we should let you know about the time limit that applies. In a large number of cases, the limitation period is 6-years. However, where the basis of your claim is a human rights breach, you may only have 1-year to begin.
Please read through the rest of this guide to learn more about claiming for GDPR compliance failures and data security breaches. If you have any queries as you read, please click on live chat or give us a call.
What Is A Leads Work Limited Data Breach?
In terms of the GDPR, data breaches are caused by security problems. They are deemed to have happened when personally identifiable data is accessed, destroyed, lost, changed or disclosed using unauthorised methods. Something to note here is that you could claim whether the breach was caused deliberately, illegally or accidentally.
While you’ll often read stories about cybersecurity breaches caused by ransomware, firewall exploits, viruses or phishing emails, it’s not only digital data that are covered by the GDPR. Data breaches can also involve printed or hand-written documentation as well. For example, if you signed up to a gym and filled the application form in by hand, a data breach might’ve happened if the form was thrown into the normal rubbish rather than being securely shredded. That’s because the form would contain information that could identify you.
Any personally identifiable information is included within the realm of the GDPR. For example, your name, email address, phone numbers and home address would all be covered. However, data that might identify you indirectly could also be included. For instance, data about ethnicity, disabilities, marital status or your religion would also be covered too.
Complying With The GDPR In Email Marketing
When processing personal information of any type, data controllers need to comply with strict data handling protocols. That means they must:
- Have a legal basis for using your data and explain it to you.
- Not keep data longer than it is required.
- Use legal, transparent and fair processing methods.
- Securely store any personal information that is processed. This might involve encrypting sensitive information.
- Make sure personal information is up to date. This involves removing or amending inaccuracies when found.
- Never process any personal information that’s not required.
Where these principles are not adhered to, the data controller could be investigated by the ICO. The company may be fined for any rules that are broken, or forced to work in a different way.
Enforcement Action Taken Against Leads Work Limited
Leads Work Limited were fined by the ICO in March 2021. The amount of the fine was £250,000. The ICO handed out the large fine because the company had sent what it described as 2.7 million nuisance text messages. They were described in this way because the company did not have consent to send them. As a result of the marketing campaign, the ICO received more than 10,000 complaints.
The ICO’s report reveals that all of the text messages were sent between 16th and 26th May 2020 during the COVID-19 pandemic. The head of investigations at the ICO said that Leads Work Limited had tried to capitalise from the pandemic as the messages used phrases like “In lockdown and want to earn extra cash?”
In addition to receiving the hefty fine, Leads Work Limited had an enforcement notice served on it. This means they can no longer send illegal messages of this type.
Reporting A GDPR Email Marketing Breach To The ICO
While you may wish to contact the ICO about a data breach that’s affected you, there is a process you’ll need to follow first. That means you are required to complain to the organisation you blame for the breach in the first instance.
Once you receive a response from the organisation’s data protection officer, you will need to escalate it further if you don’t agree with the findings. Once you have escalated it as far as possible, you could ask the ICO to conduct an investigation if:
- 3-months have passed since you had a meaningful update from the company; and
- You still don’t agree with their response.
If the ICO agrees to look into the matter, they’ll report back with their findings. This will show what happened and whether any action was taken. However, as already mentioned, you won’t be compensated by the ICO. That is something that’s beyond their remit. Instead, you will need to begin action on your own.
If you would like to find out more about your chances of being compensated, please get in touch. We’ll offer free advice whether you proceed with a claim or not. If the claim is viable though, we could connect you with one of our data breach solicitors.
What Compensation May Be Awarded For A GDPR Email Marketing Data Breach?
When seeking compensation for data breaches, there are various aspects of the claim to consider. They can become quite complex as well. That’s the case because you may need to look at what harm could happen in the future as well as any that’s already occurred.
A claim can consist of either (or both) of the following:
- Material damages. An amount paid to cover any losses, costs or financial expense caused by the breach, such as the cost of identity theft or damage to credit scores.
- Non-material damages. The compensation that tries to cover medical injuries caused by the breach. For example, you could claim for any anxiety or distress you suffered.
For material damages, you will usually consider losses that have already been sustained. This should be quite straightforward to calculate. You may then have to work out if you’ll suffer moving forwards. An example of this could be that you’ll incur additional costs for a mortgage or loan until the damage to your credit file caused by identity theft is cleared up.
Similarly, medical claims will begin with injuries that have already been diagnosed. After that, you might need to claim if you could suffer in the future. This may come from the medical report we will discuss in the next section.
All in all, getting your claim right can be tricky. It’s important though as only one can be made. Once you’ve settled in full, it’s impossible to request additional compensation later on.
If you want us to check if one of our solicitors could help you file your claim, please contact our team today.
Calculating Compensation Awards For The Effects Of A Data Breach
We are now going to move on to look at specific amounts of compensation that could be paid for your suffering. We are looking at general damages claims here that compensate for any pain and suffering caused by your injuries (distress, depression, anxiety etc).
In an important hearing at the Court of Appeal (Vidal-Hall and others v Google Inc [2015]), the Court said that:
- Where mental injuries have been sustained as a result of a data breach, compensation awards should be considered even in the absence of financial damage. In the past, it was necessary to have suffered financially in order to claim for the likes of distress.
- To help value mental damage in data breach cases, the Court recommended that lawyers turn to personal injury law for guidance.
For that reason, our compensation table shows example payment amounts from the Judicial College Guidelines as it is used when valuing personal injury claims.
Injury | Seriousness | Compensation Range |
---|---|---|
Psychiatric Injury | Severe | £51,460 to £108,620 |
Moderately Severe | £17,900 to £51,460 | |
Moderate | £5,500 to £17,900 | |
Less Severe | Up to £5,500 | |
PTSD | Severe | £56,180 to £94,470 |
Moderately Severe | £21,730 to £56,180 | |
Moderate | £7,680 to £21,730 | |
Less Severe | Up to £7,680 |
Importantly, a medical assessment is required during all data breach claims relating to mental damage. That’s because you’ll need to demonstrate the extent of your suffering and prove that it was caused by the breach. Our solicitors will usually be able to book these locally for you.
An independent medical specialist will conduct the appointment. They will try to determine how much you’ve suffered by asking questions and examining medical records. They’ll also try to provide a prognosis for the future.
Once the meeting has concluded, the specialist will write a report to explain their findings.
Making A Data Protection Complaint Against A Private Company
OK, here is the process you could follow if you want to claim. You could:
- Complain formally to the data controller of the company you blame for the data breach.
- Escalate your complaint as high as possible if you don’t receive a satisfactory response.
- Contact the ICO and ask them to take a look at the matter if you have waited around 3-months for a meaningful update from the company.
If you decide to take on legal representation, you may wish to speak with a solicitor as soon as possible. Based on the evidence already available, they may advise that an ICO investigation is not necessary. Remember, the ICO cannot award compensation to you no matter how much you have suffered. Only when you win your own claim will you receive any compensation you might deserve.
Getting Help From A Data Breach Lawyer
You might be wondering how you go about choosing a data breach lawyer to support your case. Well, there are a number of possibilities. You could ask your friends for a recommendation or look at online reviews. Failing that you could look for a law firm that’s based near you.
All of those are good starting points but could take a bit of time. Instead, you could speed things up a little by making a quick call to our advice line. When you call, you can ask any number of questions about the claims process. If you decide to work with us, and your claim is accepted, your solicitor will:
- Conduct a thorough case review so that they fully appreciate how you’ve suffered.
- Help you to get the evidence you need to back up your allegations.
- Arrange a medical assessment that is as nearby to you as possible.
- Collate a professional claim and have it delivered to the defendant.
- Be on hand to answer your questions throughout the case.
- Handle any arguments or objections raised by the defendant’s lawyers so you don’t need to be involved.
- Aim to ensure you are compensated fully for your suffering.
To learn more about the ways in which we could help, please contact our free support centre today.
No Win No Fee Claims For A Leads Work Limited Data Breach
One of the biggest stumbling blocks in claims is the worry of losing money paid in solicitor’s fees. For that reason, our solicitors provide their services on a No Win No Fee basis. That allows you to get access to justice but with reduced financial risks.
Although your risks are reduced, the solicitor will be taking some on by offering No Win No Fee solutions. Therefore, they’ll only select cases with a reasonable chance of success. After your case has been reviewed, your solicitor will provide a Conditional Fee Agreement (CFA) if they are happy to represent you. This is another name for a No Win No Fee agreement.
Essentially, the CFA explains that no solicitor’s fees are payable in the event that your case fails. It also shows you that you don’t need to make any advance payments before the case can begin.
Where a claim is won, a portion of your compensation will be retained by your solicitor to pay for their work. This is called a success fee. In the CFA, you’ll see this listed as a small percentage of your compensation. This will not change during your case so you will know what you’ll pay from the start. Importantly, success fees are legally limited to prevent overcharging.
Want us to check if you could claim on a No Win No Fee basis? If you do, please connect with our team today.
Talk To An Expert
Are you ready to begin a data breach claim? If so, Legal Expert is ready to help. To start the ball rolling, you can:
- Call our advice centre for free legal advice on 0800 073 8804
- Begin your claim by completing this quick contact form and we’ll get back to you.
- Email info@legalexpert.co.uk with information about the circumstances of your claim
- Ask a specialist online advisor about your options via live chat.
We don’t want to waste your time when you call. Therefore, we’ll keep things clear and to the point. Furthermore, we won’t overegg your chances of being paid compensation. However, if the claim appears suitable after we’ve reviewed it, we could connect you with one of our data breach solicitors. If they agree that there’s a chance of success, they could decide to represent you on a No Win No Fee basis.
Learn More About Personal Data Breaches
As we are almost at the end of this guide, we have added some links in this section that you may find useful. Should you need to know anything else about claiming, please feel free to call our advice line.
ICO Recent Action – A database containing the latest enforcement action and financial penalties issued by the ICO.
Complex Post-Traumatic Stress Disorder – NHS information on how to manage CPTSD and PTSD.
Nuisance Call Trends – The latest statistics on nuisance call numbers from the ICO.
Nursery Data Breaches – Our guide about seeking damages if your child’s nursery leaks your data.
Breaches By Comparison Sites – Advice on whether you could claim if your data is exposed by a comparison site.
How To Report Data Breaches – This guide gives a broader overview of how to report breaches of the GDPR to the ICO.
Other Useful Compensation Guides
- Hartlepool Borough Council Data Breach
- Hereford Council Data Breach
- HM Data Breach Compensation Claims
- Home Group Data Breach Compensation Claims
- Hull City Council Data Breach Compensation Claims
- Kent County Council Data Breach
- Kingston University Data Breach
- Lancaster University Data Breach
- Anglia Ruskin University Data Breach Compensation Claims
- Leeds Art University Data Breach
- Leeds Beckett University Data Breach
- Leeds City Council Data Breach
- Leeds Trinity University Data Breach
- Lewes and Eastbourne Council Data Breach
- Liverpool Hope University Data Breach
- Lloyds Bank Data Breach
- Lloyds Pharmacy Data Breach
- Loan Company Data Breach
- London Metropolitan University Data Breach
- London South Bank University Data Breach
- British Airways Data Breach Compensation Claims
Marketing Data Breach Statistics
In this section, we have used data from the ICO to produce a graph that shows how many marketing-related data breaches occurred between 1st July 2020 to 30th September 2020.
While the numbers are relatively low for this sector, it does show that such incidents are being reported since the GDPR was introduced.
Email And SMS Marketing Data Protection FAQs
In the final part of this guide on claiming compensation for a data breach under the GDPR, we have answered a couple of questions relating to marketing rules. If you have any further queries, please let us know.
Does GDPR apply to text messages?
Marketing firms can only send messages if the data subject has already consented to them or if there is another type of legal basis for them to be sent. The data subject only needs to ask the company once to stop messages. Once that request has been received, it is illegal to send such messages in the future.
How does GDPR affect email marketing?
If you find your inbox full of spam messages, the companies sending them may be in breach of the GDPR. That’s because the rules say that such messages can only be sent with prior consent. Any messages that are unsolicited could be reported to the Information Commissioner’s Office who could investigate and take action.
Thanks for reading our guide to the Leads Work Limited data breach.
Guide by Hambridge
Edited by Billing