We've been featured in:

Superdrug Pharmacy Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Superdrug Pharmacy Data Breach

My Data Privacy Was Breached By Superdrug Pharmacy, Could I Claim?

A few years back, there was a lot of press coverage about the launch of the General Data Protection Regulation (GDPR). It has been implemented to give you more control over who has access to your personal information. When The Data Protection Act 2018 was enacted into law, it gave the Information Commissioner’s Office (ICO) the power to fine companies who breach data protection laws and you the power to claim compensation for a breach relating to your data. In this guide, we’ll look at claiming for a Superdrug Pharmacy data breach, the harm they could lead to and how much compensation you could be paid.

Superdrug Pharmacy data breach claims guideSince the implementation of GDPR, companies have had to design processes and procedures to try and ensure any identifiable data they hold about you is stored securely. While data breaches aren’t common, they can happen, and simple mistakes could mean that personal or sensitive information about you enters the public domain. Therefore, we’ll review the types of error that could lead to a pharmacy data breach and what you could claim compensation for later in this guide.

If you decide that you would like to start a compensation claim, Legal Expert is here to help. Our team of friendly advisors can provide a no-obligation telephone assessment of your case and will provide free advice on your options. If there appears to be a chance of success, your claim might be referred to one of our specialist solicitors. Should they accept your claim, they’ll represent you on a No Win No Fee basis.

To discuss your case with us today, why not call our team on 0800 073 8804? Alternatively, you can read the rest of this guide to find out more about making a pharmacy data breach claim.

Select A Section

A Guide About Data Breach Claims Against A Superdrug Pharmacy

When you sign up to services or access things online, there seems to be a hell of a lot of tick boxes or buttons to press relating to the use of your personal information. While you might find this annoying, it’s important because it’s the process companies need to follow to fall in line with the GDPR.

Once you’ve ticked a box or pressed an agree button, it’s very important that the company stores your choices and only uses your personal information in ways that you’ve specified.

Although this article is about claiming for a Superdrug Pharmacy data breach, the information we’ll provide could be relevant to other companies or organisations as well. As we continue, we’ll consider how a data breach could occur, what type of information could be leaked and when you may be entitled to start a compensation claim.

If you choose to start a claim, you’ll need to do so within the relevant limitation period. For data breach claims, you’ll have 6-years to begin. The time limit for claims relating to a breach of your human rights is reduced down to 1-year so please bear that in mind when deciding when to submit your case. Although the time limit is a relatively long period, our advice is that it’s much easier to recall what happened and how you were affected if you start your claim as early as possible. In addition, your solicitor will be grateful for the extra time that they can use to collect evidence to back up your allegations.

If you’d like Legal Expert to help you with the data breach claims process, please get in touch with a member of our team today. Please remember, we provide free advice even if you don’t go on to start a claim.

What Are Breaches Of Superdrug Pharmacy Customer Data?

One of the definitions listed in the GDPR is for a personal data breach. The legislation describes it as a security breach that results in the unlawful or accidental loss, destruction, alteration, access to or disclosure of personal data.

The definition of personal data is any information relating to an individual that can be used to identify them directly or indirectly. Examples of the information included in a breach are ID numbers, names, addresses, location data and email addresses. If a data breach does occur, the ICO has the power to fine organisations even if no harm is caused.

Many people automatically think of computer network or security issues when talking about data breaches. While that’s possible, it’s actually more common for data leaks to be caused by human mistakes involving physical documentation rather than digital data. A good example of this is where personal information about you is posted to the wrong address or where documentation ends up in a public place because it wasn’t disposed of correctly.

When a pharmacy identifies that a data breach has taken place, it needs to inform the patients involved and the ICO. Those affected need to be told how the breach happened, when it occurred, and what data was accessed.

Legal Expert is here if you’d like to make a Superdrug Pharmacy data breach claim so please get in touch when you’re ready to begin.

How Should The GDPR Be Applied To Pharmacy Customers?

The GDPR documentation is quite long-winded but it does contain some useful information about different roles relating to personal data. They include:

  • The data controller who is the company or organisation that has responsibility for proving the reasons and methods needed to process data.
  • A data processor who is the company, or an individual, who will process the data for the data controller.
  • The data subject who is the individual whose personal information is going to be collected and processed.

As well as defining those roles, the GDPR sets out some data processing principles including:

  • The data subject has to be told what legitimate reason there is to process their data.
  • All data processing has to be legal, fair and transparent to the data subject.
  • Any personal data which has been stored needs to be kept up to date.
  • A minimum amount of data should be processed.
  • Storage of data should be for as long as was specified when it was collected.
  • Data processing should be carried out in a secure and confidential manner.

If you believe these principles have been breached and led to a Superdrug Pharmacy data breach which has affected you, please let us know and we’ll assess your claim for free.

How Your Pharmacy Could Suffer A Data Breach

In this section of our guide, we’re going to consider what could go wrong and lead to a Superdrug Pharmacy data breach. Here are a few scenarios:

  • If a letter containing your personal information is posted to the wrong customer.
  • Where a document with identifiable information is left lying on the counter and read by non-pharmacy staff.
  • When a pharmacist or pharmacy staff read your records when there’s no medical reason to do so.
  • If the pharmacy’s computer system is attacked by a virus, malware or ransomware.
  • When documentation that contains personal or sensitive information is disposed of incorrectly.
  • If a computer is left unattended or unlocked meaning non-pharmacy staff could access your records.

If you believe any of the scenarios listed has led to personal information about you being disclosed to unauthorised parties, please get in touch with a member of our team today.

Examples Of Pharmacy Data Breach Fines Issued By The ICO

As we described earlier on in this article, the Information Commissioner’s Office has the legal power to issue fines to companies who break data protection laws. In this case, we’re going to review a couple of cases where patient and staff data was leaked by pharmacies.

The first case involves a London-based company who received a £275,000 fine from the ICO for storing up to half a million documents containing personally identifiable patient information in unlocked containers at the rear of their property.

The ICO investigation found that the records, which included names, addresses, NHS numbers, medical information and dates of birth, had been stored that way for some time. The pharmacy did try to argue that the containers were in a locked courtyard by the ICO found that tenants who lived in flats above the pharmacy could easily access the area if they used a fire exit.

Source: There’s an article regarding this London pharmacy and its careless storage of patient data on the ICO website.

In another case which was referred to the ICO, Well Pharmacy group were found to have sent an email containing information of about 24,000 staff as an attachment. In this case, the leaked information included names, phone numbers, addresses, payroll numbers and email addresses. The company tried to recall the email and had to start an investigation of its own and refer the case to the ICO.

Source: https://www.bbc.co.uk/news/health-46638879

Report A Breach Of Personal Data To The Information Commissioner’s Office

So, if you suspect a data breach has occurred and you want to seek compensation for the harm it’s caused you, how do you get the evidence to support your case? Well, in some cases, you might receive a letter from the company to tell you what happened. In other cases, you may need to contact the company and ask them to investigate.

After your complaint has been received, the company should conduct its own investigation into what happened and get back to you with their findings. If you’re not satisfied with their response, there should be a route that you can follow to escalate the claim. After you’ve followed all avenues of complaining within the organisation if you’re still not in agreement with their findings you could discuss your case with the ICO.

They advise that it’s best to contact them when it has been 3-months since you last had contact with the company. Be warned, though, if you leave it too long, the ICO might refuse to get involved. It’s important to note here that a complaint to the pharmacy or the ICO might provide you with answers but neither will result in you receiving compensation for the data breach. The only way that can happen is where you sue the company in question directly.

If your case is accepted by Legal Expert, your solicitor will work out how to proceed with the claim. In some cases, they may be able to agree to a compensation settlement directly with the pharmacy on your behalf. In others, they may need to ask you to speak with the ICO to ask them to investigate whether a breach took place. If you’d like us to represent you in a Superdrug Pharmacy data breach claim, please call our team today.

What You Can Claim For A Data Leak Or Breach

When you start a data breach claim, your solicitor can usually claim for two different things:

  • Material damages could be claimed when you have suffered financial losses that can be linked to the data breach.
  • Non-material damages could be claimed if you’ve suffered psychologically because of the data breach.

Due to the fact that each claim is unique, it’s not possible to tell you exactly what could be claimed for until your case has been assessed properly.

For instance, if you’re claim involves financial losses, your solicitor might need to factor in any future losses that you could suffer. This might happen if your personal information was used in fraudulent financial transactions which could affect your credit file in the future.

Your solicitor will need to review whether anxiety, depression or Post-Traumatic Stress Disorder (PTSD) caused by the breach has led to problems relating to work, education, relationships or life in general.

As you can see, it’s really important that all factors are considered before your claim is submitted, otherwise, you might miss out on the compensation that you’re entitled to. If you’d like to work with Legal Expert and let one of our solicitors assess your claim thoroughly, please get in touch with our advisors today.

Typical Breach Of Data Compensation Settlements

In some compensation claims, you’re not able to seek compensation for psychological harm if you’ve not suffered any financial losses. However, the Court of Appeal found, when making a judgement on the case Vidal-Hall and others v Google Inc [2015], that the harm caused by data breaches could be claimed even if there aren’t any pecuniary losses. In addition, the ruling stated that compensation amounts for non-material damage should be made in line with personal injury claims.

The following table shows some example compensation figures for injuries that could be caused by a data breach. The figures we’ve listed are taken from the Judicial College Guidelines which is a document that courts, solicitors and insurers use to help them calculate settlement amounts.

Edit
Injury Type Severity Level Compensation Additional Details
Psychiatric Injury Severe £51,460 to £108,620 In this settlement range, the prognosis for the victim will be poor and they will have serious problems coping with life, education and work, managing relationships with family, friends or colleagues and they will be vulnerable in the future as well.
Psychiatric Injury Moderately Severe £17,900 to £51,460 In this settlement range, the victim will suffer in very similar ways to those listed above but the medical prognosis will be much more optimistic.
Post-Traumatic Stress Disorder Severe £56,180 to £94,470 The effects of PTSD such as mood disorders, nightmares, flashbacks, suicidal ideation and hyper-arousal will be permanent in this settlement range. There will be no chance of the victim returning to work or functioning at anything near pre-trauma levels.
Post-Traumatic Stress Disorder Moderately Severe £21,730 to £56,180 This settlement range is lower than above because even though the symptoms may be similar, a better prognosis will mean that improvements could be possible with professional help.
Post-Traumatic Stress Disorder Less Severe Up to £7,680 This settlement range is used where the victim has almost fully recovered after a year or two. If there are any ongoing issues, they will be minor.

The importance of medical evidence to support data breach claims can’t be understated because the amount of compensation awarded is calculated in relation to the severity of your injuries. Therefore, as part of the claims process, your solicitor will book an appointment for a local medical assessment.

During the meeting, a medical specialist will look at how the data breach has affected you by referring to your medical notes and will ask you questions about how you’ve been impacted. Once the appointment has ended, your solicitor will receive a report that provides details of the medical specialist’s findings. As this report is so important to your claim, a medical assessment is mandatory for all cases.

No Win No Fee Data Protection Breach Claims Against Superdrug Pharmacy

We know that many potential claimants are worried about making a claim because of the costs of hiring a legal team to represent you. To alleviate that worry, and to reduce the financial risks of claiming, our team of solicitors will conduct their work on a No Win No Fee basis for any claim they agree to work on.

The solicitor will need to verify that there’s a reasonable chance of success before starting a claim. Once that’s happened, and when both parties are happy to continue, you’ll be given a Conditional Fee Agreement (CFA) to sign. The CFA will provide details of what work the solicitor will do for you and also explain that:

  • You won’t need to pay anything upfront.
  • There won’t be any hidden charges, and you won’t be asked to pay solicitor’s fees while the case is ongoing.
  • If the claim fails, you won’t be expected to pay any of your solicitor’s fees whatsoever.

In cases where your solicitor wins compensation for you, they’ll retain a small portion of your settlement amount called a success fee. The percentage you’ll pay, which is used to cover the solicitor’s costs, is listed in the CFA so there aren’t any surprises when the claim is settled. Furthermore, for peace of mind, we should tell you that success fees are capped by law.

If you’d like us to check if your case could be made using a No Win No Fee agreement, please contact one of our advisors today.

Find A Solicitor For A Data Breach Claim

Now it’s time to help you find the best solicitor to handle your claim. There are many ways in which people search for a solicitor to represent them. Some ask friends, relatives or colleagues for recommendations while others read online reviews from previous clients. Another method that some people use is to simply put a pin in a map and choose the closest firm of solicitors.

It’s true that each of those methods could help you find a solicitor to take on your case, but wouldn’t it be easier to call Legal Expert and ask for free advice on starting a claim? Our team of specialist solicitors have been representing our clients for decades and have covered all sorts of claims. If your case is taken on, your solicitor will be on hand throughout to provide regular updates and to explain any legal jargon that crops up as the case continues.

Speaking To A Data Breach Lawyer

If you’ve now decided that you’d like to work with Legal Expert, here are the best methods to get in touch with us:

  • Call a friendly member of our team for free claims advice on 0800 073 8804.
  • Discuss your case with one of our advisors via the online chat option.
  • Send us an email with a summary of your claim to info@legalexpert.co.uk.
  • Start your claim online and we’ll arrange for a specialist advisor to call you back.

To make the claims process easier, our advice line is open 24-hours a day, 7-days a week. We’ll provide a no-obligation telephone assessment of your case along with free claims advice even if you don’t go on to start a claim.

Extra Medical Claims Resources

Thanks for taking the time to complete this guide about Superdrug Pharmacy data breach compensation claims. In our last section, we’ve added some additional links to guides and resources that we hope you’ll find useful.

Pharmacy Data Breach Claims – A more generic look at claims against pharmacies for the harm caused by a data breach.

Superdrug Pharmacy Negligence Claims – Details of when you could be entitled to compensation for suffering caused after being given the wrong medication.

Supermarket Accident Claims – Information relating to compensation claims for injuries sustained in a supermarket accident.

Guide To Data Protection – An ICO document that advises business of their data protection duties.

Pharmacy Inspection Reports – A useful tool from the General Pharmaceutical Council where you can read inspection reports for specific pharmacies.

Get Help With Stress – Advice from the NHS relating to the symptoms and treatment of stress.

Other Useful Compensation Guides

Guide by Hambridge

Edited by Billing