My Employer Exposed My Mental Health Information In A Data Breach – Can I Claim Compensation?
If you experienced a mental health information data breach at work, your employer might owe you compensation.
It is normal for employers to collect personal data about their staff, this does not always include medical data as very often unless your job is impacted you would not necessarily have to divulge such information. However, under the UK General Data Protection Regulation (UK GDPR), and the Data Protection Act 2018 employers must safeguard the personal or sensitive data they collect. So, if an employer data breach occurs, due to positive wrongful conduct, which caused you harm, you may be eligible to make a claim.
So, if your employer breached your private mental health information, don’t hesitate to get in touch with Legal Expert today. We can provide you with a skilled solicitor to handle your data breach claim. What’s more, you will have the option to make a No Win No Fee claim.
To begin your claim, please call us on 0800 073 8804. Alternatively, use our form to begin your claim online.
Select A Section
- What Is A Mental Health Information Data Breach?
- How To Report A Data Breach By Your Employer
- How An Employer Could Expose Your Mental Health Information
- What Mental Health Information Could Employers Hold?
- Check What You Could Claim For A Mental Health Information Data Breach
- Check If You Could Make A No Win No Fee Claim
What Is A Mental Health Information Data Breach?
A personal data breach is a security incident that compromises information that can identify you on its own or in conjunction with other data. This data can also be of a sensitive nature.
The Information Commissioner’s Office (ICO) is a non-departmental governing body of the UK government that oversees the implementation of data security laws.
How can a personal data breach occur:
- An organisation loses, alters or encrypts personal data
- Or the organisation destroys the personal data by not using the proper channels
- Your personal information is sent to the wrong recipient
- An online database containing personal information is hacked because there are no security defence systems in place.
Mental health information data breaches caused because employers have failed to put the correct procedures in place to secure this data can have very far-reaching ill-health consequences for those involved.
What effect can a mental health data breach have on you? You may have experienced emotional distress and stress if your medical history has been exposed. Moreover, the stress caused by the data breach may have exacerbated your mental health disorder.
How Often Do Data Breaches Happen In The Workplace?
Data from the UK government’s Cyber Security Breaches Survey 2021 which interviewed1,419 UK businesses, 487 UK charities and 378 education institutions between12 October 2020 to 22 January 202 indicate that:
- Four in ten businesses experienced a cyber security breach or attack.
- A quarter of charities had experienced a cyber security breach or attack during this period.
- Organisations reported that the most common cause of cyber-security incidents is phishing attacks. The second most common problem is impersonation scams.
How To Report A Data Breach By Your Employer
If you suffer a mental health information data breach at work, then if it puts at risk your rights and freedoms the company must report the data breach to the ICO. They also must inform you without undue delay. After that, the ICO may investigate the data breach and may fine the organisation.
But what should you do if you discover a breach of your medical information at work? Firstly, you can send a letter to whoever in the organisation that deals with the data security asking them has your personal information been breached. If you are not happy with the response you can make a complaint to the ICO. You will need to do this within 3 months of your last communication with the organisation about the data breach.
How Can An Employer Expose Your Mental Health Information?
Some data breaches are intentional, but many are accidental. Let’s look at how a mental health information data breach could happen at work.
Unintentional Data Breaches
Sadly, human error is the cause of many data breaches. For example, a manager could send an email to the wrong employee which contains your medical information, such as medical data records about your mental health.
A lack of staff training or internal data handling processes can also cause accidental data breaches. For example, a receptionist may leave a file on a public-facing desk that contains confidential information about an employee’s mental health and well being. Therefore, unauthorised persons would be able to access the data.
Organisations can avoid unintentional data breaches with robust internal processes and invest in staff training.
Intentional Data Breaches
Poor cyber security systems that are not updated or risk assessed can mean that hackers can gain access to online files and records. These files may contain employee health data. If the hacker is successful this may mean personal and sensitive information has been exposed. It is vital for any data controller to ensure that digital files are secure with the most robust online data security systems in place.
An organisation could be held liable for the data breach if there was no adequate security system to protect the data.
What Mental Health Information Could Employers Hold?
As we have mentioned, data concerning health is considered special category data under the UK GDPR. Therefore employers need to add extra protection if they are to handle or process this type of information.
Employees may choose to inform their employers of any health conditions. Especially if there needs to be adjustments made to the way they work. Therefore an employee may tell their employer about:
- Personal mental health issues
- Any information about their mental health disorder
- Information about the mental health services they use
- Data regarding the treatment of mental health conditions
Check What You Could Claim For A Mental Health Information Data Breach
There are two types of compensation you can claim for if your mental health information data breach claim is successful:
- Material damages can compensate you for the costs or monetary losses associated with the data breach.
- Non-material damages compensate you for the emotional distress or psychiatric injury your data breach has caused.
You can use our table to estimate how much your non-material damages claim could be worth. We used the Judicial College guidelines to create this table. Data breach solicitors use this information to help them value compensation claims.
Type Of Harm Suffered | Comments On This Injury | Possible Compensation |
---|---|---|
Severe Psychiatric Damage | Prognosis for recovery is poor and the victim could find it difficult to cope with working, education and social situations/relationships. | £51,460 – £108,620 |
Moderately Severe Psychiatric Damage | The victim has been affected in a similar way to above. However, there is a better chance at recovery in the future. | £17,900 to £51,460 |
Moderate Psychiatric Damage | Again, whilst affected in a similar way this person has a good prognosis and will have made improvements by the time of a trial. | £5,500 to £17,900 |
Less Severe Psychiatric Damage | Better outlook for recovery. Compensation will depend on what symptoms were present and how long they lasted for. | £1,440 to £5,550 |
Severe PTSD | This person has experienced a traumatic event which could have affected all parts of their life. This could have affected their work, studies or relationships. | £56,180 – £94,470 |
Moderately Severe PTSD | There may be significant disability in the foreseeable future. Those in this category have a better chance of recovering than above, if they get professional care. | £21,730 to £56,180 |
Moderate PTSD | By the time of any trial this person will have made a significant recovery. They should not have any grossly disabling symptoms remaining. | £7,680 – £21,730 |
Less Severe PTSD | This person should have made a full recovery between 1 and 2 years. | £3,710 – £7,680 |
However, please note that many factors determine how much a compensation claim is settled at. Feel free to call our claims helpline today, and an advisor can let you know how much money you could be owed.
Check If You Could Make A No Win No Fee Claim
Have you thought about how you may fund the services of a solicitor if you choose to hire legal representation. You could enter into a No Win No Fee arrangement with a solicitor. This would mean you both would sign a Conditional Fee Agreement CFA. The CFA states the terms and conditions on what basis the solicitor will be paid a success fee.
There are no upfront fees to pay for the solicitor to begin work on your data breach claim. Instead, you will agree to pay a success fee if you win.
The success fee will be deducted from your compensation payout if your claim is successful. If for some reason your claim fails there is no success fee to pay the solicitor, hence, No Win No Fee.
Please get in touch with us today to begin your sensitive data breach compensation claim:
- Call our claims helpline on 0800 073 8804
- Use the Live Support widget to enquire about claiming
- Or you can claim online, using the resources on our website
Learn More About Data Breaches
We have plenty of online resources about data breach claims.
School Data Breach Compensation Claims Guide
Can I Get Compensation For Loss of Medical Records?
HR Data Breaches Compensation Claims Guide
An ICO guide to taking your data breach claim to court and claiming compensation
A guide from the UK government on avoiding Phishing scams
An ICO guide to personal data breaches
We hope this guide has helped inform you about mental health information data breaches.
Guide By Cheleache
Edited By Melissa.