My Information Was Subject To A Public Health Wales Data Breach, Could I Claim?
During the course of this article, we’re going to explain when you might need to make a claim for a Public Health Wales data breach. Since the introduction of the General Data Protection Regulation (GDPR), which was introduced to British law by The Data Protection Act 2018, individuals have more say over who holds personal data about them, who can access it and if it is allowed to be shared with anybody else.
The new regulations mean that organisations, including Public Health Wales, have to ensure there is a legitimate purpose for holding data and that it is held securely by ensuring it has good procedures, systems and technical infrastructure. While that’s generally the case, we’ll look at what can happen if a data breach occurs and why you may wish to seek compensation for a data breach.
If you are thinking about claiming for an NHS data breach, Legal Expert is here to help you understand your options. Our specialist advisors offer free advice about claiming as well as a no-obligation telephone assessment of your case. If the claim appears to have a chance of success, it will be referred to one of our experienced solicitors. If they accept your claim, it will be handled on a No Win No Fee basis.
We can help you start a data breach claim right away so please contact Legal Expert today on 0800 073 8804. If you’d rather find out more about claiming for data breaches before starting your claim, please continue reading.
Select A Section
- A Guide To Public Health Wales Data Breach Claims
- What Is A Public Health Wales Data Breach?
- Personal Medical Data Breaches And The GDPR
- How Data Protection Laws Could Be Breached By A Public Health Body
- Examples Of Data Protection Failures By Public Health Wales
- Should You Raise A Complaint With The (ICO) Information Commissioner’s Office?
- Assessing The Value Of Data Breach Claims Against Public Health Bodies
- Valuing Your Public Health Wales Data Breach Compensation Settlement
- No Win No Fee Public Health Wales Data Breach Compensation Claims
- How To Find A Specialist Data Breach Claim Lawyer
- Contacting Us
- Extra Resources
A Guide To Public Health Wales Data Breach Claims
While there have been data protection laws in the UK for many years, the GDPR has focused the minds of organisations responsible for your data. Not only is there a better focus on keeping your data safe, but the new rules also mean that the Information Commissioner’s Office (ICO) can fine those who fail to comply with regulations by up to 20 million Euros.
That means that you’ll see GDPR questions a lot in everyday life. For instance, if you visit a new website, you’ll be asked to allow the website to use your data to track how you use the site. In the same way, when you sign up to Public Health Wales services, you may be asked if your information can be shared with other NHS organisations. Whether you approve or refuse an organisation’s data requests under the new rules, it is vital that they adhere to your instructions.
As we progress, we’ll look at how a data breach might happen, why you could receive compensation and how much could be paid. The time limit for making a claim is 6-years (which is reduced to 1-year for claims relating to human rights breaches).
Although you can start your claim whenever you want within the limitation period, we’d usually advise you to start as soon as you have enough evidence to do so. It’s a lot easier to recall what happened and how you’ve been affected during the months after the data breach than it is 3 or 4-years down the road. If you work with one of our specialist solicitors, they’ll also find it’s easier to obtain supporting evidence the earlier the case begins.
If you’d like Legal Expert to help you make your claim, why not ask an advisor to review your case today, for free?
What Is A Public Health Wales Data Breach?
In terms of the GDPR, a personal data breach occurs when a security breach leads to the unlawful or accidental destruction, alteration, loss, unauthorised disclosure of, or access of, your personal data. This could mean that sensitive personal information, like your medical records, may have been viewed by individuals or organisations who have not been authorised to do so.
While computer security or network security can be bypassed to cause a data breach, it’s important to understand that personal data can also be leaked due to human error. For instance, a letter containing personal information about you could be sent to the wrong patient by mistake or paper files containing your information could be disposed of incorrectly.
There are occasions when a data breach at Public Health Wales might not come to light. However, should they find out about one, either via an audit or because of protected information entering the public domain, then they need to let you know when the breach happened and what data was leaked.
Legal Expert can support you if you’re considering asking for compensation for a breach of Public Health Wales data. Please contact a member of our team, explain what happened and they’ll explain your options.
Personal Medical Data Breaches And The GDPR
Within the pages of the GDPR, many roles for those involved with handling your data are defined. The key roles include:
- A data controller – the organisation who defines why and how data about you needs to be collected.
- The data processor – an organisation who processes data on behalf of the controller.
- The data subject – the person whose data is being processed. In this case, the data subject is a patient. Personal data is defined as any information that can be used to identify the data subject such as name, address, patient number or email address.
Anybody processing data has to abide by several data principles set out by the GDPR including:
- Data subjects must always be told of the purpose behind the processing of their data.
- All personal data that is processed needs to be kept up to date.
- Only the minimum amount of data required to meet the processing objectives should be collected.
- Data should be processed securely and confidentially.
- Data can only be retained for the length of time specified at the time of collection.
- Processing of data needs to be transparent to the data subject, lawful and fair.
In addition, the data controller must be able to show that they are abiding by the principles listed. If you believe a Public Health Wales data breach has occurred because GDPR rules haven’t been followed, please contact get in touch to let us know what happened.
How Data Protection Laws Could Be Breached By A Public Health Body
A Public Health Wales data breach claim can relate to many different parts of the organisation. It might be possible for a data breach to happen at:
- NHS trusts.
- GP surgeries.
- NHS hospitals.
- Dental practices.
- Pharmacies (in high streets, supermarkets, hospitals or doctor’s surgeries).
Any member of staff who accesses, controls or uses personal patient data should be trained in their obligations under the GDPR. If your data is ever used in a way that you’ve not agreed to, you may be entitled to claim compensation for a data breach.
Here are some scenarios where your personal data could be exposed inappropriately:
- Where computer screens are left unlocked and an unauthorised party reads your medical records.
- If emails or letters containing identifiable information about you are sent to the wrong patient.
- When a computer system becomes infected with malware, ransomware or a virus.
- If a member of staff accesses your medical records with no medical reason to do so.
- When printed documents are dropped or left in public places and read by somebody who you’ve not approved.
- If data containing identifiable information about you is shared or sold to other organisations that you have not approved.
Legal Expert can help you start a claim against Public Health Wales if you believe they’ve exposed your data inappropriately and can prove that they did so. Please contact us today for free advice on how to proceed.
Examples Of Data Protection Failures By Public Health Wales
Now it’s time to look at a real-life example of a Public Health Wales data breach. In this case, human error led to the personal information of about 18,000 patients who’d had positive COVID-19 tests being published online.
In September 2020, it was revealed that the data regarding every Welsh resident that had received a positive Coronavirus test between 27 February and 30 August had been placed on to the Public Health Wales website. The information contained the initials, gender, date of birth and geographical information for each person. It was reported that the data was uploaded at 2pm on 30 August and reported to staff that night. However, the data wasn’t taken down until 9.55am the next morning.
In total, Public Health Wales said the data had been viewed 56 times before its removal. It was further revealed that the data contained the residential details of those living in supported housing or care homes.
At the time of writing, there is no information about whether Public Health Wales has been referred (or referred itself) to the Information Commissioner’s Office in relation to the data breach. The report did explain that Public Health Wales have started an investigation into what had happened and confirmed the breach was down to individual human error.
Source: https://www.bbc.co.uk/news/uk-wales-54226457
Should You Raise A Complaint With The (ICO) Information Commissioner’s Office?
If you are thinking of making a data breach claim, you’ll need evidence to back up your allegations, but how do you access that information? Well, in the first instance, you could raise a formal complaint with the NHS organisation you feel is responsible for the breach. Following an investigation, they should reply with their findings. However, if you’re not happy with their response, you might need to escalate the complaint up the NHS chain.
Once you’ve exhausted all avenues within the NHS, if you’re still not happy, you could contact the Information Commissioner’s Office and ask them to launch their own investigation. They advise that you should reach out to them when it has been 3-months since your last meaningful contact with the NHS. If you leave it too long after that, the ICO may refuse to investigate.
One thing to bear in mind with the complaints procedure and the ICO investigation is that neither will result in compensation. The ICO can issue fines for data breaches and the NHS can apologise and make procedural changes, but if you want to be compensated, you’ll need to raise a claim against Public Health Wales yourself.
If you wish to seek compensation, our advice would be to discuss your claim with one of our team of solicitors. They’ll review your claim with you, look at any responses you’ve already received about the matter and work out a plan of action. It may be that an ICO investigation is required but, where there’s already enough evidence, they may be able to negotiate directly with the NHS to try and achieve a settlement on your behalf. Please get in touch today and an advisor will guide you through the start of your claim.
Assessing The Value Of Data Breach Claims Against Public Health Bodies
We’re going to use the next few sections to explain what damages you could claim for, how much might be paid and how to claim using a No Win No Fee service. For data breach claims, your claim can consist of two main elements:
- Material damage – this is used to try and cover any financial losses that have been caused by the data breach.
- Non-material damage – this aims to compensate you for any psychological damage that has happened as a result of the data breach.
In truth, we can’t tell you exactly what you’ll claim for in this guide as each claimant is affected differently by a data breach. If you ask us to investigate and your case is accepted, a solicitor should be able to explain what they’ll try to claim for once the case has been reviewed.
When looking at financial losses, for instance, your solicitor will need to work out if any immediate losses might be followed up by future losses which could be the case if your personal data has been sold to other criminals online.
With regards to psychological damage, medical experts will need to look at what impact the data breach has had on your health and your ability to continue in work or education or cope with daily life.
We hope that this information demonstrates how important it is to have your claim assessed properly. If you contact our team, one of our solicitor’s could use their experience to try and ensure all possible effects of the data breach are considered. They’ll then work hard to try and make sure you receive the maximum amount of compensation that’s possible for your case. Please call Legal Expert to start your claim today.
Valuing Your Public Health Wales Data Breach Compensation Settlement
In the Court of Appeal case Vidal-Hall and others v Google Inc [2015], it was decided that a data breach claim could lead to compensation for psychiatric damage in cases where the victim didn’t suffer any pecuniary losses. Guidance laid down in the judgment of the case also suggested that compensation for non-material damage should be awarded in line with personal injury claims. That means it’s possible to claim for the effects of anxiety, stress or Post-Traumatic Stress Disorder (PTSD) caused by a data breach.
Therefore, we’ve added the table below to show example compensation figures, taken from the Judicial College Guidelines (JCG), for some relevant injuries.
Type Of Injury | Severity | Settlement Range | Additional Comments |
---|---|---|---|
Psychiatric Damage | Severe | £51,460 to £108,620 | The claimant will have a poor prognosis and there will be problems with the ability to cope with work, life or education. Also, the claimant’s relationships with friends, family and those who they come into contact with will be affected. There is highly likely to be a risk of future vulnerability too. |
Psychiatric Damage | Moderately Severe | £17,900 to £51,460 | In this settlement range, the victim will suffer in similar ways to the category above but their prognosis will be optimistic. |
Psychiatric Damage | Moderate | £5,500 to £17,900 | Again, the victim will suffer with similar symptoms to those shown above but there will already have been an large improvement and the prognosis will be good. |
Post-Traumatic Stress Disorder | Moderately Severe | £21,730 to £56,180 | The symptoms in this category will result in significant disability for the foreseeable future. However, there will be a positive prognosis and evidence that professional help will reduce the symptoms. |
Post-Traumatic Stress Disorder | Less Severe | Up to £7,680 | Where almost full recovery has already taken place and only minor symptoms remain. |
The JCG is used in courts and by solicitors and insurers when trying to settle compensation claims. It contains a list of compensation figures based on the severity of each injury. Therefore, to determine the extent of the harm caused, your solicitor will arrange for a medical assessment to be carried out locally as part of the claims process.
At the appointment, your medical notes will be reviewed by a specialist and you’ll be asked some questions about how you’ve been affected. Then the specialist’s findings will be documented, and their report will be sent on to your solicitor.
No Win No Fee Public Health Wales Data Breach Compensation Claims
We understand how common it is for people to delay making a claim because they’re worried about the financial impact. That’s why our team of solicitors use a No Win No Fee service for all claims that are accepted. By using such a service, not only do you get access to justice, your financial risk and stress levels are greatly reduced.
Once the solicitor has checked your case is viable, they’ll provide you with a Conditional Fee Agreement (CFA) to sign. This is your contract, and it explains that:
- No upfront fees are charged.
- There aren’t any solicitor’s fees to pay during the claims process.
- If the case is lost, you’re not liable for any of your solicitor’s fees at all.
Should the claim be won, your solicitor will keep a small portion of the compensation to help cover their costs. This ‘success fee’, which is legally capped, is listed in the CFA so you’ll know what percentage you’ll pay from the start.
To find out if you’re eligible to claim on a No Win No Fee basis, please contact us today.
How To Find A Specialist Data Breach Claim Lawyer
If you’ve decided to begin a claim, how do you choose a specialist solicitor who will manage your data breach case for you? Well, many people simply look for the closest solicitor to their home and choose them. Others look online for reviews of solicitors and others ask colleagues, friends or family for recommendations.
Each of those choices could help you locate the best data breach solicitor to take your claim forward. However, you could save a lot of time if you contact Legal Expert. If you decide to work with us, you won’t need to spend any more of your time searching for an experienced solicitor. Our team has been handling compensation claims for over 30-years and you could benefit from their expertise.
When working with Legal Expert, your solicitor will be on hand throughout your case to supply regular updates and explain any technical legal jargon that crops up so please get in touch today if you’d like to begin your claim.
Contacting Us
If you wish to contact Legal Expert today, there are a number of ways to do so, including:
- Call our claims line on 0800 073 8804 to discuss your case with an advisor.
- Start a claim online and we’ll arrange to call back at a suitable time.
- Discuss the case with an online advisor via the live chat applet.
- Email details of your claim to info@legalexpert.co.uk.
Extra Resources
Thanks for completing this guide about claiming for a Public Health Wales data breach. To provide further assistance, we’ve linked to some more guides and additional content below. Please let us know if we can provide any further information for you.
Complaints Process – Information from Public Health Wales on their formal complaint procedures.
ICO Action – Details of the fines issued, and actions taken by the ICO.
The GDPR – This is the full 88-page General Data Protection Regulation.
NHS Negligence Claims – This guide provides information about claiming compensation for harm or suffering caused by NHS negligence.
Pharmacy Data Breach Claims – Details on when a data breach by a pharmacy might entitle you to claim compensation.
Hospital Negligence Claims – Advice on when suffering caused by negligence in a hospital could enable you to claim compensation.
Other Useful Compensation Guides
- Foxtons Estate Agents Data Breach Compensation Claims
- Santander Data Breach Compensation Claims
- Imperial College London Data Breach Compensation Claims
- Sheffield Hallam University Data Breach Compensation Claims
- Plymouth Marjon University Data Breach Compensation Claims
- Employer Personal Data Breach Compensation Claims
- TSB Bank Data Breach Compensation Claims
- Ramsay Health Care Data Breach Compensation Claims
- British Airways Data Breach Compensation Claims
- University Of London Data Breach Compensation Claims
- NHS Data Breach Compensation Claims
Guide by Hambridge
Edited by Billing