We've been featured in:

Wrong Email Address Data Breach Claims

Last updated 6th December 2024. In this guide, we are going to focus on wrong email address data breach claims. This is where you seek compensation for any distress and losses caused by an email meant for you being sent elsewhere.

Emails are widely used to share information with others. They are popular because they are cheaper and faster than sending letters in the post. If an email contains data that can identify you, it becomes a vehicle for your personal data and therefore protected by the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR).

There are two main parties who might handle your data.

  • Data controllers, organisations or individuals who dictate the use of your data.
  • Data processors who manage data on their behalf.

These groups must follow this legislation carefully. If they don’t, they become liable for any security incident that happens as a result. In particular, they may have to pay compensation to the person affected if this incident harmed them.

If this applies to you, this guide will explain how to get started with a data breach compensation claim today. You can read the whole guide or contact our team right away.

  • Call on 0800 073 8804
  • Contact us by filling out our enquiry form
  • Use the live chat function below to get instant advice

Businessman reviews holographic display that shows there has been a wrong email address data breach.

Select A Section

A Guide To Wrong Email Address Data Breach Claims

According to the DPA and UK GDPR, organisations that process personal data such as contact details need to ensure this is kept secure and safe.

A breach of GDPR could take place if an email intended for one person is sent to the wrong recipient and contains personal information. That’s because if that email contains personally identifiable information, it could cause problems for the intended recipient. In such cases, they may have grounds to start a wrong email address data breach claim.

To be eligible to do so, they would need to show how they have suffered because of the breach. For example, if an email from your employer about disciplinary action against you was sent to a colleague by mistake, it could cause a lot of stress and embarrassment, especially if the information was shared around your office.

If you do decide to claim, you’ll need to be aware of the time limits. Generally, you’ll have three years to begin your claim. Please call if you’d like to begin a claim or if you have any questions.

Is An Email Address Personal Data?

You might wonder, ‘is an email address personal data?’.

An email address is considered information that could be used to personally identify someone. Therefore, if someone sent an email to the wrong person, this could be classed as a data protection breach. Additionally, sharing an email address without proper authorisation may be a breach of the UK GDPR.

However, some email addresses are not protected by UK GDPR. For example, an email address that does not feature someone’s name, or an email address that contains @info or @admin, would not be considered personal data.

Following a data protection breach, you could potentially claim if you suffered financially or psychologically as a result. Get in touch for free legal advice if you have been affected by an email data breach. Our advisors are available to help 24/7.

Is Sending An Email To The Wrong Address A Data Breach?

A common type of data breach is when an email that consists of your personally identifiable information is sent to the wrong recipient.

Importantly, if the data controller encrypts any personal information in the email before sending it, then a compensation claim might not be possible. Only where personal data can be read by the recipient would mean a data breach has occurred.

However, encryption is only possible within the body of the email. The TO, FROM, SUBJECT and DATE fields cannot be obfuscated. Therefore, if these fields could identify you and what the email was about, a data breach may have occurred.

As you can see, whether you are eligible to claim can be confusing. Therefore, why not call our team today for a free case review?

Types Of Wrong Email Address Data Breach Claims

To help clarify how email address data breaches could happen, we are going to supply some examples in this section. If you cannot see a case similar to yours, don’t worry – you could still be entitled to claim compensation. Call our team if you’re unsure and they’ll review your options with you.

Emailing the wrong person

As we have shown already, this is one of the most common causes of email data breaches. Where the email contains personally identifiable information, a data breach is likely to have occurred. If you have suffered embarrassment, distress or suffered financially because of the email, call our team today.

Opening web links/attachments

Phishing emails aim to get you to provide security credentials so that criminals can access your online accounts. If a company is targeted by a phishing scam, it could make its customer databases vulnerable. As such, criminals could potentially log in to them and access any personal data.

Failing to get consent to use an email address

As part of the UK GDPR, data controllers usually need to ask for your permission before using personal data such as your email address (there may be other lawful reasons to do so without your consent). If your email is stored without a lawful basis the organisation could be investigated by the Information Commissioner’s Office (ICO).

If you believe you have grounds to seek damages, why not give our team a call for advice on your options?

How Can Email Data Breaches Be Prevented?

As we have explained, data breach claims are only possible if the organisation responsible for the breach allowed it to happen through their own actions (or lack of action). Therefore, it would be prudent to take steps to prevent wrong email address data breach incidents before they occur.

Steps that could be taken include:

  • Ensuring there is a strong data security policy within the organisation. Furthermore, ensuring all staff are trained regularly on how to comply with it.
  • Limiting access to personal data to those who need to access it. This means that where an employee doesn’t need to access information about customers for their role, restrict their security credentials.
  • As part of the UK GDPR, personal data is not allowed to be stored for longer than it is required. Therefore, organisations should have retention policies in place so that old email addresses that are no longer required are deleted promptly.
  • Empower staff to ask questions if they are not sure about how to fulfil a task compliantly. Making staff feel easy about talking to managers or senior figures within an organisation can reduce panic or stress when processing personal data.

Can You Sue For A UK GDPR Breach?

When a data breach occurs, you do not automatically become eligible for compensation. Instead, you will need to show that:

  • Your personal data was breached.
  • The incident occurred because of a company’s data security failings
  • As a result of the data breach, you lost out financially and/or you suffered distress.

You will most likely sue the data controller. This is the person or organisation that had a right to make decisions about your data at the time and therefore allowed the breach to happen.

The ICO regulates the data of UK residents. While they have powers to fine organisations that breach data privacy, they can’t award compensation. However, they may issue a letter after investigating a complaint that, in turn, can be useful evidence for a data breach claim.

How Are Material And Non-Material Damage Different?

If your email was sent to the wrong person, the GDPR as it currently exists in UK legislation considers this a breach if it contained your personal data.  If you were harmed by such a breach, you could claim compensation for two kinds of damage.

  • Material damage – any monetary losses caused by the breach.
  • Non-material damage – any distress caused by the data breach.

Every part of your wrong email address data breach claim must be justified and backed by evidence. This is where working with a solicitor can really help. For example, you could seek compensation for loss of earnings while you took time off to recover from any psychiatric damage.

To do so, you would have to prove that the breach caused your response, that it stopped you from working, and that you would have earned a certain amount if you had been fit to work. If an independent medical specialist says that you’re likely to be out of work with an anxiety-related illness for some time, you can also seek compensation for that expected period.

Our solicitors have the experience and skills to ensure that all aspects of your suffering are considered before your claim is filed. If you’d like to know how we could help with your claim, please call today.

Wrong Email Address Data Breach Claims Calculator

In this section, we want to show you how much data breach compensation could be paid for any psychological injuries (non-material damage).

The compensation table below is based on data from the Judicial College Guideline, as this is used when settling personal injury claims. These figures are a guideline only and should not be taken as a guarantee. The top figure is here to account for higher value claims is not taken from the JCG.

Injury TypeSeverityCompensation Bracket
Multiple Traumatic Events plus Compensation for Material DamageVery SevereUp to £250,000 or more
General Psychiatric DamageSevere£66,920 to £141,240
Moderately Severe£23,270 to £66,920
Moderate£7,150 to £23,270
Less Severe£1,880 to £7,150
Post Traumatic Stress Disorder (PTSD)Severe£73,050 to £122,850
Moderately Severe£28,250 to £73,050
Moderate£9,980 to £28,250
Less Severe£4,820 to £9,980

If you have any questions about how much compensation you might receive, please call today.

Email Sent To Wrong Address – Can I Claim With A No Win No Fee Lawyer?

Now that we’ve answered your question, “is an email address personal information”, you may want to know more about claiming for a data breach. As we stated already, you could be eligible for compensation if your personal information was sent to the wrong email and you suffered harm, such as financial losses or post traumatic stress disorder (PTSD) or other mental health conditions as a result.

You may wish to have the support of a lawyer that specialises in data protection breaches for the claiming process. A data breach lawyer may offer to represent your claim under a type of No Win No Fee arrangement known as a Conditional Fee Agreement (CFA).

Under a CFA, your lawyer will not charge upfront for their services. They won’t ask for you to cover ongoing fees for their services either. If they succeed in recovering compensation, they will take a success fee from your award. The amount they can take is limited by the law. If your lawyer fails to recover compensation, they won’t ask you to pay for their services.

If you suffered harm because an email was sent to the wrong address, call our advisors. The advice they offer is completely free. Additionally, if your personal data was sent to the wrong email address, they can assess your claim’s feasibility. If it seems like your claim could reasonably recover compensation, they can put you in touch with our solicitors.

To speak to an advisor:

Get In Touch

Thank you for reading our article on wrong email address data breach claims. If you would like us to help you take legal action, there are several ways to contact us. You can:

We operate our claims line 24-hours a day, 7-days a week. When you get in touch, we will review your case and explain your options for free. If you have a valid data breach claim, we could appoint a No Win No Fee solicitor from our team.

Learn More About Wrong Email Address Data Breach Claims

In this section, we have supplied some further resources that might help if you do decide to make a claim. Additionally, we’ve added a few more of our data breach guides as well.

  • The Data Protection Act 2018 – Another law that gives individuals rights about how their personal information is processed.
  • Email Marketing – ICO guidance on the rules around using emails to send marketing information.
  • Anxiety – Support and advice from the NHS on how to cope with anxiety.
  • Lost Personal Data – This guide explains your rights if an organisation loses your personal information.
  • Employer Data Breaches – Information on how to claim if you’re harmed because of a data breach by your employer.
  • Reporting Data Breaches – A review of when and how you should report a data breach.

FAQs On Wrong Email Address Data Breaches

To help you further, we have answered some questions that might help with wrong email data breach claims.

What happens if you accidentally breached GDPR?

Where a company spots a reportable data breach, it needs to inform the ICO without undue delay. This goes for incidents caused deliberately, illegally or accidentally. They must explain what has happened, who has been affected and what steps have been taken to rectify the situation.

Can I get compensation for a data breach?

Data breaches on their own don’t entitle you to seek compensation. However, under the rules of the UK GDPR, you could claim for any distress (non-material damages) caused by a breach and financial harm (material damages).  To be eligible to claim, the organisation involved in the breach must have allowed it to happen through its actions or inactions.

Are personal email addresses covered by the UK GDPR?

The UK GDPR covers any personally identifiable information. As such, an email address could be included within its scope. For example, if your email address is john.smith@company.com, it would be easy for others to identify you from it.

What happens if you send your personal information to the wrong email?

If you send an email to the wrong person and it contains your personal information, it could result in some embarrassment and anxiety. If you have done so, you should try to recall the message if your email has the ability to do so. You may also want to contact the recipient and ask them to delete the message and apologise for your mistake.

Other Useful Guides

Thank you for reading our guide on wrong email address data breach claims. For more information on your options, please speak with an advisor.