NHS Data Breach – Compensation Claims Guide

Last Updated 30th July 2024. You may be wondering what steps you could take should an NHS data breach occur that causes you to suffer mentally or means you lose out financially. In this guide, we will explain when you may be eligible to make a personal data breach claim and how legislation protects the personal data of UK residents.

We will also discuss some examples of personal data. Not every data breach can be claimed for; in this guide, we will explain what makes a data subject eligible to pursue a compensation claim and how UK legislation lays out your right to claim.

Our advisors are available to answer any questions you may have that aren’t answered by this guide. They can also offer a free consultation to provide free legal advice and further guidance. To learn more, get in touch:

Select A Section:

  1. What Is An NHS Data Breach?
  2. Your Right To Claim If Affected By An NHS Data Breach
  3. Examples Of Personal Data Breaches
  4. How Do Personal Data Breach Claims Work?
  5. How Much Compensation Could I Get For A Personal Data Breach?
  6. Call For Advice On Making An NHS Data Breach Claim

What Is An NHS Data Breach?

A personal data breach is a security incident that affects your personal data and its security, confidentiality, or integrity.

However, the law does not protect all data. Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA), only personal data is protected. Personal data is any information that could identify you. This is either alone or if other information is used in conjunction. For example, this might include your debit and credit card details or your email address.

However, there is also a type of personal data that is classed as special category and needs extra protection due to its sensitive nature. This could include information regarding your:

  • Sexual orientation
  • Health, such as medical records or medical conditions
  • Racial or ethnic origin
  • Trade union membership status
  • Genetic or biometric data

The parties responsible for handling your personal data are data controllers and processors. A data controller establishes the lawful basis for processing your data, as well as how and why they intend to use it. Following this, the data processor will process your data by following the instructions set out by the controller.

Our advisors are available 24/7 to answer any questions you may have about the steps you could potentially take following an NHS data breach. Get in touch today to learn more.

Your Right To Claim If Affected By An NHS Data Breach

Your right to claim compensation for a personal data breach is laid out in Article 82 of the UK GDPR. According to this legislation, you have a right to claim compensation for a personal data breach if:

  • The breach involved your personal data
  • It occurred as a result of the organisation’s failings
  • You suffered harm because of the breach

There are also time limits in place when making a personal data breach claim. Usually, you will have six years to start your claim. But, this becomes one year if your claim is made against a public body.

To learn more about your right to claim, get in touch with an advisor from our team.

Examples Of Personal Data Breaches

There are different ways that a data breach could happen, ranging from human error to cyberattacks. Some examples of how a personal data breach could happen include:

  • A failure to use the BCC feature in a batch email could reveal the identity of fellow recipients, as this would expose the email addresses of anyone who received the email
  • Verbal disclosure could occur if a member of staff reads information from your medical records over the phone without conducting an identity check first
  • If devices that contain your personal data are stolen or lost due to inadequate security.

As we have already mentioned, a personal data breach can occur in different ways. For more information, get in contact with an advisor today.

How Do Data Breach Claims Work?

If there were an NHS data breach that affected your rights or your freedoms, then the organisation must alert you to the breach without undue delay. It also has to inform the Information Commissioner’s Office ICO within a 72-hour period of discovery. The ICO is an independent public body set up to uphold data subjects’ data rights.

At this point, you can make a complaint to the organisation and ask how the breach happened, what information it included and what they are doing to put things right. No response or a response that is unsatisfactory means you can escalate this complaint.

You can make a complaint to the ICO. They could then investigate the breach. However, it is important that you contact the ICO within three months of your last contact with the organisation.

Contact our team of advisors today for more information on the steps you could take should an NHS data breach occur that causes you to suffer mentally or means you lose out financially.

How Much Compensation Could I Get For A Data Breach?

If you have suffered harm because of a personal data breach, you may wonder how much data breach compensation you could receive if your claim succeeds. Data breach compensation payouts can be split into material and non-material compensation.

Non-material damage is the harm you suffer to your mental health because of the personal data breach. For example, suffering anxiety after a data breach or depression from a breach would be classified as non-material damage.

The Judicial College Guidelines (JCG) provide legal professionals with guideline compensation amounts. You can find some examples of these in reference to non-material damage compensation in the table below. Please note that the top figure is not from these guidelines.

Mental Health ProblemHow Severe?Damages
Severe Mental Illness Plus Material DamageSeriousUp to £250,000+
Mental InjurySevere£66,920 to £141,240
Mental InjuryModerately Severe£23,270 to £66,920
Mental InjuryModerate£7,150 to £23,270
Mental InjuryLess Severe£1,880 to £7,150
Post-Traumatic Stress Disorder (PTSD)Severe£73,050 to £122,850
Post-Traumatic Stress Disorder (PTSD)Moderately Severe£28,250 to £73,050
Post-Traumatic Stress Disorder (PTSD)Moderate£9,980 to £28,250
Post-Traumatic Stress Disorder (PTSD)Less Severe£4,820 to £9,980

Material damage covers the harm the data breach does to your finances. For example, exposing your bank account details could allow criminals to steal money from you. In this case, you may be able to claim back these costs under material damage compensation.

Contact our advisors today to learn more about compensation in personal data breach claims.

Call For Advice On Making An NHS Data Breach Claim

As long as you have a case that meets the requirements for a data breach claim that we discussed at the start of this guide, you could be interested in getting legal representation.

Talk to an advisor today and you could have your potential case evaluated right away. Should we find that you have reasonable grounds to claim, you could have your case seen by an expert solicitor from our panel.

Our panel’s solicitors offer their experience and know-how under a Conditional Fee Agreement, which means no fee for their work:

  • Before the case starts.
  • As they continue working on the case for you.
  • At the end of a claim that doesn’t succeed.

They only capture what is known as a success fee if you win your claim for NHS data breach compensation. Even then, their success fee is just a small percentage of the compensation you receive. The Conditional Fee Agreements Order 2013 is the legislation that puts a legal cap on this percentage.

You can learn more about claiming for an NHS data breach with a solicitor’s specialist legal guidance by choosing one of these options:

Learn More About Your Data Breach Rights

To learn more about personal data breach claims, we recommend:

Or, for more helpful resources:

Thank you for reading our guide on steps you could potentially take should an NHS data breach occur that causes you to suffer mentally or means you lose out financially.

Writer CE

Checked by HP