Information On HR Data Breach Compensation Claims
If you’re looking for information on data breach compensation after your work mishandled your personal details, this guide can help. We focus this guide on claiming HR data breach compensation.
We look at how HR data breaches can occur as a result of wrongful conduct on the part of those entrusted to keep personal data safe. This can be your employer or an outside agency that carries out data processing on their behalf.
After some HR data security breach examples, we explain the actions you can take to support your compensation claim. Also, we explore the compensation that can apply if the claim is successful. To close the guide, we outline how a data breach solicitor offering a No Win No Fee agreement could help you get started without the worries of upfront legal fees.
Why not chat about HR compensation claims for data breach with our advisors? It’s free to find out if your claim is eligible for help from the expert data breach solicitors on our panel. It also carries no obligation to go ahead with our services unless you wish to. You can:
- Fill out our online claims form.
- Use our live discussion portal to talk about your HR data breach claim.
- Call us on 020 3870 4868.
Browse Our Guide
- What Is An HR Data Breach Claim?
- How Can HR Data Breaches Happen?
- What Should I Do To Claim HR Data Breach Compensation?
- How Much HR Data Breach Compensation Could Be Awarded?
- Make A Data Breach Claim On A No Win No Fee Basis
- Read More About Data Breach Claims
What Is An HR Data Breach Claim?
Human resources departments are a vital way for businesses to deal with staff issues ranging from recruitment, salaries, sickness, disciplinaries and training. Because of this, they can retain a great deal of personal data about employees. This is a term used to define a detail that alone (or used in conjunction with other details) could be used to reveal a person’s identity.
Two pieces of data protection legislation protect personal data. The Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR) set the ways that personal data should be legally processed by those who request it.
The Information Commissioners Office (ICO) enforces the data rights of the general public and can issue penalties against any organisation entrusted with your personal or sensitive information that doesn’t comply with data protection laws. The ICO are an independent body.
Two main groups work with the data: controllers and processors. In an HR setting, this would be the employer and the processor may be either an internal or external agency working on the employer’s behalf. The individual whose information is kept is called a data subject.
A personal data breach is defined as a security incident that allows personal data to be accessed, stolen, altered, destroyed or lost. Therefore, to have eligible grounds to proceed with an HR data breach compensation claim, you need to satisfy the following:
- Your personal data was entrusted to the HR department.
- Through accidental or deliberate wrongful conduct your data was compromised.
- You suffered direct harm, either financially or emotionally, because of this.
What Personal Information Would An HR Department Have?
An HR department may need to retain a wide cross-section of both personal and sensitive data such as the following:
- Name, address and contact details.
- Email address and mobile phone number.
- Bank details and pension information.
- Next of kin details.
- Medical information about any conditions or illnesses.
- References and background check information.
Some of this information is classed as ‘special category’ data and requires even greater care when being processed. This is due to the potential it has to cause greater harm if breached.
Contact an advisor to find out if you could be eligible to claim HR data breach compensation.
How Can HR Data Breaches Happen?
There are several ways that an accidental or deliberate security incident could prompt an HR department data breach. Broadly, a personal data breach is a security incident that damages the confidentiality, availability and integrity of your personal data, either in paper or digital format. Therefore the following examples could form the basis of a workplace data breach claim:
- Staff in the HR department email personal information about salary to the wrong recipient or fail to use the BCC option. This allows unauthorised others to read the information and causes the data subject acute stress.
- The HR department posts a letter containing details of a disciplinay to the wrong address, despite holding the correct address on file.
- Sensitive personal information is not securely stored in the office. This provides others the opportunity to access personal information and use it against the person, causing them serious anguish and psychological upset.
- HR data security breaches are part of a wider cyber attack against the company. The management failed to update systems and cyber defences and as a result, employee personal data was compromised leading to distress.
If you would like to discuss the circumstances that resulted in HR breaching your personal data, please speak to an advisor.
What Should I Do To Claim HR Data Breach Compensation?
If you suspect an HR data breach, or have been told by your employer that your personal information was implicated in a security incident, there are practical actions you can take:
- Raise a concern with the HR department and request an explanation. All companies must notify data subjects of a breach that might impact their rights and freedoms without undue delay, and notify the ICO within 72 hours of discovery.
- Complain to the ICO if no satisfactory response is given (no later than 3 months after discovering the problem).
- Retain all correspondence about the data breach from the HR department.
- Change personal passwords and authentification details.
- Alert your bank if necessary.
- Collect documented proof of financial and psychological damage such as bank statements and counsellors reports.
- Consider using the help of a data breach lawyer to claim compensation.
Please note that it does not impact or influence your claim if you do or do not involve the ICO. Should they look into the matter, however, their findings might provide additional useful evidence. If you have any questions about what items could support a claim for HR data breach compensation, please get in touch.
How Much HR Data Breach Compensation Could Be Awarded?
If you make a successful HR data breach compensation claim, the settlement can include two types of loss. These are material and non-material damage.
Material damage reflects the financial losses prompted by the HR data breach.
For example, any loss of earnings because of work missed through stress could be recovered. With this in mind, it’s essential to retain any documented evidence of expense and loss such as:
- Payslips showing a drop or loss in income caused by stress-related absence.
- Receipts for devices like laptops and smartphones that were corrupted.
- Proof of any relocation costs.
Non-material damage refers to the psychiatric and mental health harm caused by the data breach. Knowing that your personal details have been compromised can cause considerable stress and anxiety. It may even illicit a trauma response like PTSD.
The legal professionals whose task is to calculate a non-material damage amount can use psychiatric reports and medical evidence from a GP or counsellor. Alongside this, they may consult documents such as the Judicial College Guidelines (JCG).
This document (in its 17th publication) provides some award bracket guideline amounts for a variety of psychological injuries based on how severe they are. To illustrate, we’ve put together a table using these entries from the JCG:
Compensation Guidelines
| Mental Injury | Severity | Award Guidelines |
|---|---|---|
| Several types of severe psychological injuries and awards for non-material and material damage | Severe | Up to £250,000 |
| General Psychiatric Harm | (a) Severe | £66,920 to £141,240 |
| (b) Moderately Severe | £23,270 to £66,920 | |
| (c) Moderate | £7,150 to £23,270 | |
| (d) Less Severe | £1,880 to £7,150 | |
| Post-Traumatic Stress Disorder (PTSD) | (a) Severe | £73,050 to £122,850 |
| (b) Moderately Severe | £28,250 to £73,050 | |
| (c) Moderate | £9,980 to £28,250 | |
| (d) Less Severe | £4,820 to £9,980 |
Please be aware these amounts are purely guidelines and our table includes a topline figure that does not come from the JCG:
If you would like to discuss how much HR data breach compensation you could be awarded, please speak to an advisor.
Make A Data Breach Claim On A No Win No Fee Basis
You might benefit from professional guidance on all these matters. The solicitors on our panel have been expertly negotiating data breach compensation settlements for their clients for years.
If they can take up your data breach claim, they will provide direct support with the collection of vital evidence. Also, they will attend to all correspondence and explain any legal jargon about data breaches along the way.
They can extend these excellent services on a No Win No Fee basis under a Conditional Fee Agreement (CFA). This type of agreement allows you to work with an expert solicitor:
- Without the need for any upfront solicitor’s fees.
- Without any ongoing fees for work performed.
- Or any fees owed for completed services at all should the claim not settle in your favour.
- A claim that settles in your favour requires payment of a small legally restricted success fee to your solicitor. This is a percentage that is subject to a legislative cap which ensures that you get the bulk of the compensation awarded.
If you’re interested in learning more about data breach claims and how a solicitor could help you on a No Win No Fee basis, take the first step of speaking to our advisors. They can assess the merit of your claim in one simple phone call. If it appears valid, and you want to go ahead, they could connect you to a skilled data breach solicitor to get started today. You can:
- Fill out our online claims form.
- Use our live discussion portal to talk about claiming HR data breach compensation.
- Call us on 020 3870 4868.
Read More About Data Breach Claims
In addition to this guide about HR data breach compensation claims, these other articles offer more:
- This guide explores recruitment agent data breaches and how to claim.
- A data breach claim for unauthorised access to medical records is discussed here.
- What is the value of a data breach claim? is answered here.
External help:
- Here are some data breach statistics from the Cyber Security Breaches Survey 2024
- More details on Data Protection from GOV.UK
- Lastly, some top tips to stay safe online here.
Thank you for your time and interest in this guide about making an HR data breach compensation claim. Have any other queries or questions about the claims process with a No Win No Fee solicitor? Please contact our advisory team on the contact options above.
