What are your options if you suffer a personal data breach?

Subscribe for Updates

Legal options for claiming compensation

More than 2.6 billion people worldwide had their personal data records breached in 2021 and 2022 and unfortunately, the problem is getting worse. More and more people are having their most private and personal data targeted by cybercriminals, according to recent research.

In this increasingly digital world, we seem to have little choice but to allow businesses, charities, public bodies and other organisations, to collect our personal data. What duties do organisations have to keep our data safe and what can you do if they fail in that duty? Our dispute resolution team reports.

The UK’s Data Protection Act 2018 imposes clear rules on how your personal information can be used, stored and processed, and the duties organisations have to keep your data safe from an accidental leak or hackers. The data could be:

  • personal data such as your name, address, email and personal phone details;
  • financial data, like credit card or bank account details;
  • medical data, for example, your confidential medical records or health insurance details;
  • sensitive data, including trade union membership or religion; or
  • employment data, such as salary details or other confidential employment records.

A personal data breach can have serious consequences for you, such as financial loss, emotional stress, reputational damage, an impaired credit rating and even identity theft.

If an organisation fails to take proactive steps to make sure your data is secure, and your confidential information is disclosed to third parties without your consent, and the breach is likely to put your rights and freedoms at high risk, the breaching party must inform you of the breach without undue delay. They must also inform you as to how they will remedy the problem and the steps they will take to prevent such issues arising in the future.

If the breach is likely to result in discrimination, reputational damage, financial loss, loss of confidentiality or any other major economic or social disadvantage, the organisation must also inform the Information Commissioner’s Office within 72 hours of finding a breach or face a significant penalty.

Am I entitled to compensation?

If you suffer a personal data breach, you may be entitled to make a claim for compensation if:

  • your data is misplaced, degraded, destroyed, released, hacked or mishandled without your authorisation;
  • your data was stored and not updated, causing you damage;
  • the breach was deliberate or as a result of negligence; and
  • the breach happened within six years.

You do not have to have suffered economic loss as a result of the data breach so you may still be eligible for compensation if the breach has had a serious detrimental emotional impact on you and/or your life.

The amount of compensation you can claim will depend on the kind of information involved, the magnitude of the breach and the effect the breach has had on you. Depending on the severity, this could include damages for emotional anxiety and stress, reputational damage and/or direct financial losses (such as money stolen from your bank account), as well as any costs involved in rectifying the breach.

In some circumstances, a personal data breach can amount to a criminal offence. For example, a hacker who gains unauthorised access to your digitised personal data could face charges under the Computer Misuse Act 1990. Meanwhile those that intentionally or recklessly breach data protection rules under the Data Protection Act 2018 can face fines or even imprisonment.

How a solicitor can help

If you find you have been the victim of a personal data breach, you should change all your passwords, inform your bank if your financial information has been compromised, and  consult a solicitor as soon as possible.

The data breach could involve your sensitive data being revealed to others which might damage your reputation, expose you to discrimination(for example because your religious views were exposed), made you a victim of fraud (for instance through identity theft), or even put you in danger of physical harm (as happened in a case involving Nottinghamshire County Council).

If you have suffered significant financial or emotional damage as a result of the breach and our experienced legal team think you have a valid case, they will lay out your legal options and help you gather the evidence you need to successfully bring a claim for compensation.

Such evidence might include communications from the body responsible for the data breach, bank statements or any notifications regarding the breach.

Our lawyers will help to identify the nature and extent of the breach and, when required, they will work with cybersecurity experts to ensure they build the strongest possible case on your behalf.

They will notify the party responsible for the breach of your intention to bring legal action and will work tirelessly to win you a fair out-of-court settlement. If your case has to go to court, they will be there at your side to offer advice and representation.

For further information, please contact Rebecca Beynon-Phillips in the Dispute Resolution Team on 01733 882800 or email [email protected].

Rebecca Beynon-Phillips LLB, Senior Associate

Subscribe for Updates

90th Anniversary
Legal 500 Leading Firm Hunt & Coombs received Investors in the Environment Green accreditation again

Hunt & Coombs LLP is a Limited Liability Partnership registered in England and Wales, Registration no. OC320243, VAT no. 120013160. Hunt & Coombs LLP is authorised and regulated by the Solicitors Regulation Authority with Registration no. 443035. A list of members is available at 35 Thorpe Road, Peterborough PE3 6AG.
© Hunt & Coombs Solicitors 2023.

Portfolio Builder

Select the legal expertise that you would like to download or add to the portfolio

Download    Add to portfolio   
Title Type CV Email

Remove All


Click here to share this shortlist.
(It will expire after 30 days.)