What Rights Do Armed Forces Employees Have If Their Data Privacy Is Breached?

As your employer, the Navy must protect your personal data under legislation such as the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). If you can prove that they failed to do so, and you suffer damage to your finances or mental health, employee data breach claims against the Royal Navy could be warranted.

If you work in the British Navy, the chances are, your employer will have a number of different pieces of your personal data. This data could include your bank account number (so they could pay you) as well as information relating to your physical and mental health or racial or ethnic origin, for example. Of course, they would usually have your name, date of birth, address and contact details too.

There are lots of incidents that could lead to an employee information data breach. The Navy could breach your data because of a cybersecurity attack, for example. A hacker could get through computer security or network security protocols. They could use phishing attacks, malware, ransomware or spyware to obtain personal data.

But not all incidents leading to data breaches are malicious. An employee could make an error and send your data to someone they shouldn’t. Or, the Navy could mismanage your data entirely. If you suffer damage mentally or financially from any type of employee data breach, you could be eligible to claim GDPR data breach compensation.

How Our Guide Could Help

Below, you could find the answers to common questions about employee data breach claims against the Royal Navy. However, if you’d like to talk about the specifics of your case, you could always use Live Chat to talk to our knowledgeable team.

If, however, you’re ready to get started with a data breach claim, clicking the banner below could take you to Legal Expert’s website. They could provide you with an experienced lawyer specialising in data breaches to help you claim the compensation you deserve.

Select A Section

• What Is An Employee GDPR Data Breach Claim Against The Royal Navy?
• What Are The GDPR Rules?
• Is Royal Navy Employee Data Covered By The GDPR?
• The Seven Key Principles Of The GDPR
• Types Of Employment Data The GDPR Protects
• What Is A Breach Of The GDPR By An Employer?
• How Could The Armed Forces Breach The GDPR?
• Does Your Employer Need To Obtain Consent To Share Data?
• What Happens If Your Employer Has Breached The GDPR?
• What Is The Role Of The Information Commissioner?
• ICO Guidelines On Protecting Staff Data Privacy
• Could You Report A Royal Navy GDPR Breach To The ICO?
• How Do You Calculate Compensation For A GDPR Data Breach Claim Against The Royal Navy
• No Win No Fee GDPR Data Breach Claims 
• Where To Find Out More
• GDPR – FAQs For Government Employees

What Is An Employee GDPR Data Breach Claim Against The Royal Navy?

There are a variety of laws in place to protect the personal data of any EU data subject. All employers, no matter whether they are in the public or private sector, must take steps to protect employee data.

And this does not just mean data held on cloud databases and on computers and networks. It also means they must protect documents that contain personal data, whether these are manager’s notebooks or personnel files in filing cabinets.

If your employer fails in their legal duty to protect your data, this could result in a number of unwelcome consequences. You could suffer anxiety, depression or stress. In addition, if your financial data is exposed, someone could steal money from you or commit identity fraud.

While employee data breach claims against the Royal Navy wouldn’t completely erase what happened, they could go some way towards compensating you for such damage.

To make a claim for data breach compensation, you would have to evidence firstly that a breach occurred, and secondly that it caused you damage. You would need to take action within 6 years of you learning about the data breach too, and within 1 year for a breach of your human rights.

The below sections explain how you could go about taking action for a data breach by the Royal Navy.

What Are The GDPR Rules?

In 2018, the General Data Protection Regulation, or GDPR, was put in place to protect the personal information of every EU data subject. The UK has enacted the GDPR into UK law via the Data Protection Act 2018. This means that all UK employers, including the Royal Navy, must abide by it.

GDPR and the Data Protection Act don’t just cover the protection of data on computers from hackers and cybercriminals. You may think the biggest threat to your personal data would be a cybercriminal such as a hacker who could launch phishing attacks, use bots, infiltrate computer security and network security protocols and steal your data.

However, there are many other causes of data breaches. For example, human error could cause a data breach. A staff member could accidentally send personal data to a third party who shouldn’t access it. Or, someone could lose a USB stick containing personal data.

If you have evidence, employee data breach claims against the Royal Navy could be justified for the resulting financial or emotional harm you suffer.

Is Royal Navy Employee Data Covered By The GDPR?

The Royal Navy could collect lots of different types of data while you’re working for them. They could even collect data when you first complete an application to work for them.

If you’re wondering what information could be classed as personal data, this would, by the definition of the Information Commissioner’s Office, be data that someone could use to identify you. This includes information that could identify you on its own, as well as data that could be combined with other information to identify you.

If your employer collects such data on you, you would be considered a data subject, and as such would have rights. Your rights could include:

• A right to access your personal information
• The right to have personal data erased
• Rights to have incorrect data corrected
• The right to make an objection to personal data processing
• Rights to restrict processing of your information
• Some rights that relate to automated decisions and profiling
• A right to be told about your personal data and the organisation’s use for it
• Rights relating to the portability of your data

You can read more about your data rights on the ICO website. A breach of any of these rights by your employer could lead to those impacted making employee data breach claims against the Royal Navy for the harm a breach inflicts.

The Seven Key Principles Of The GDPR

GDPR has seven main principles. Any organisation must comply with these principles when they collect and process personal data. They are:

• Limitation of storage
• Accountability
• Minimisation of data
• Limitation of purpose
• Integrity and confidentiality (security)
• Accuracy
• Lawfulness, fairness and transparency

There is a lot of information on the ICO website about how organisations could comply with these principles. If you can prove that the Royal Navy failed to comply with GDPR, and you suffer a data protection breach, you could be eligible to claim data breach compensation for the harm you suffer as a result.

Types Of Employment Data The GDPR Protects

As we mentioned, during your employment, and even at the application stage, the Royal Navy could collect lots of personal data. This could include:

• Personal information including your date of birth, contact detail, address (including e-mail address) and your name, for example.
• Medical information – this could relate to any illnesses you suffer from, and any injuries, for example.
• Employment information – this could relate to your pay grade, your disciplinary record and more.
• Financial information – the Navy could hold some of your financial information, such as your bank details, for example.
• Special category data – this is data that is sensitive. It could include information on your religious beliefs, biometrics (if used for identification purposes), genetics, any Trade Union membership, your sex life or sexual orientation and your racial or ethnic origin, for example.

Can Employee Data Breach Claims Against The Royal Navy Be Made For Verbal Disclosure?

Your personal information is not limited to that which is held on computers. Documents that go in your personnel file that contain personal data are subject to the same laws. So is personal information in notepads or on post-it notes.

Your employer should also train staff to be careful about disclosing personal information to other employees. This could also lead to a privacy violation that could cause you anxiety, stress and loss of sleep.

What Is A Breach Of The GDPR By An Employer?

A breach of GDPR by your employer could include any data security incident that leads to:

• The loss of personal data
• A theft of personal data
• The loss of availability of personal data
• Unlawful or unauthorised transmission, disclosure, alteration, processing, storage of, or access to personal data

Personal data breaches could be caused by incidents inside or outside of the organisation. They could be the result of malicious acts, human error or data mismanagement. Employee data breach claims against the Royal Navy could lead to compensation for psychiatric/psychological injury you suffer because of a breach. You could also claim data breach compensation for financial expenses suffered due to a data protection breach.

How Could The Armed Forces Breach The GDPR?

There are lots of different ways in which you could suffer an employee information data breach by the armed forces. We have illustrated some examples below, in addition to describing one breach that could have affected some employees of the Royal Navy.

Examples Of How The Armed Forces Could Breach Your Data

Incidents could involve:

• The loss of documents containing your personal information
• Theft of computer equipment holding your personal data
• A cyber attack, such as a ransomware or spyware attack, or a hacking
• A senior member of staff discussing your disciplinary or health record with an unauthorised member of staff

This is by no means an exhaustive list, but with evidence to support them, they could lead to employee data breach claims against the Royal Navy. Why not get in touch with our advisors, by using the Live Chat feature. We could offer you help and guidance.

Was There A Royal Navy Employee Data Breach?

In 2008, according to reports, there was a security incident that could have breached the data of over 100,000 personnel from the Royal Navy, RAF and British Army. Reportedly, a portable computer drive which contained personnel records was lost.

The drive, which belonged to a contractor known as EDS, contained information that could have included the names, passport details, addresses and driving licence details of many MoD personnel.

Source: https://www.theguardian.com/uk/2008/oct/10/military-defence

Should your employer breach your data in a similar way, or in any other security incident that breached GDPR, you could be eligible to make a claim for any damages you incur as a result. This could include financial damage in addition to psychological injuries.

Does Your Employer Need To Obtain Consent To Share Data?

One incident that could lead to employee data breach claims against the Royal Navy could be sharing personal information without consent. However, this is not always a breach of your personal data. The ICO identifies the reasons it may be considered a valid reason for an organisation to share such information without asking for your consent. These reasons are:

• Vital interests
• Legitimate interests
• Legal Obligation
• Public task
• Contract

You can find out what these reasons involve by clicking on each link. Should the Royal Navy not gain your consent, and share your personal information without a valid reason, this could be a data breach.

What Happens If Your Employer Has Breached The GDPR?

If your employer discovers they have breached your personal data, and that the breach risks your rights or freedoms, they should make a report to the Information Commissioner’s Office within 72 hours.

They should include information such as the number and type of records, the number of people that could be affected and the nature of the breach. The organisation should also give details of who to contact about the breach and any potential consequences of the breach.

In addition, they should tell the ICO what action they’re taking or are going to take to rectify the breach. They should also inform affected data subjects without delay.

What Happens If A Data Breach Doesn’t Pose Risks To The Rights And Freedoms Of Data Subjects?

If the organisation identifies no risks, the organisation does not need to inform the ICO of a breach. However, they must keep records.

What Is The Role Of The Information Commissioner?

As a public body, the Information Commissioner’s Office has the responsibility to uphold the data rights of individuals and enforce data protection law. If they investigate a data security incident and find an organisation has infringed GDPR, they could issue fines as large as 4% of the organisations global annual turnover, or £17.5m.

The ICO does not pay compensation to victims of data breaches, however. If you would like to make employee data breach claims against the Royal Navy, you could take the matter up with the organisation directly, or find the best data breach lawyer for you to help you get the compensation you deserve.

ICO Guidelines On Protecting Staff Data Privacy

There is a helpful guide that the ICO has produced to help organisations understand how to protect staff data privacy. The publication, which is called the Employment Practices Code, offers insight into methods of protecting personnel and health records, in addition to giving guidance on workplace monitoring.

It reminds employers that they must take steps to protect current staff data, in addition to that of:

• Contractors (both current and former)
• Previous applicants
• Unsuccessful or successful applicants
• Agency workers
• Former employees

Could You Report A Royal Navy GDPR Breach To The ICO?

If you fall victim to a Royal Navy GDPR data breach, you could ask for help from the ICO. However, they would ask that you try and resolve your complaint with the organisation that has breached your data first.

You could write to your employer and ask them to investigate your complaint. If their response isn’t satisfactory, you could then direct your complaint to the ICO, who could investigate the breach.

However, you don’t need to have made a data breach complaint to the ICO to launch employee data breach claims against the Royal Navy. If it has been three months since you’ve received any meaningful type of response to your complaint, you could use a data breach solicitor to assist you with making a data breach compensation against them.

How Do You Calculate Compensation For A GDPR Data Breach Claim Against The Royal Navy?

Section 168 of the Data Protection Act 2018 gives data breach victims the right to claim compensation for material (financial) damages and non-material (mental) damages.

While you could use bank statements and credit card bills to evidence the financial impact of a data breach, claiming non-material damages could require other evidence. If you suffer psychiatric injuries, or psychological injuries, which could include anxiety and distress, then there is a legal precedent that could allow you to claim compensation for this too.

A case from 2015 set the precedent when the Court of Appeal said psychological/psychiatric injury awards like those from personal injury claims could be considered in a data breach case in respect of mental harm. That case was Vidal-Hall and others v Google Inc [2015] – Court of Appeal.

You would need to obtain medical evidence from an independent medical professional to back up your claim, which would involve an assessment. The resulting report could provide useful evidence, and courts and lawyers could look at this evidence alongside what the Judicial College Guidelines deem appropriate for such injuries.

You can see some of the guideline payout amounts from the Judicial College Guidelines 2019 edition in the table below. This could offer some rough guidance on compensation amounts.

Injury	Severity	Approx Guideline Amount
General psychological damage	Less severe	Up to £5,500
PTSD injuries	Less severe	Up to £7,680
General psychological damage	Moderate	£5,500 to £17,900
PTSD injuries	Moderate	£7,680 to £21,730
General psychological damage	Moderately severe	£17,900 to £51,460
PTSD injuries	Moderately severe	£21,730 to £56,180
PTSD injuries	Severe	£56,180 to £94,470
General psychological damage	Severe	£51,460 to £108,620

No Win No Fee GDPR Data Breach Claims

Employee data breach claims against the Royal Navy could be somewhat complicated. Many claimants prefer to get legal support when making such claims against an employer, and there is a way for you to do so without paying legal fees until the end of your claim.

These are called No Win No Fee claims. They require you to sign a No Win No Fee agreement. The claimant in such cases agrees to pay a small, legally capped success fee to their lawyer once compensation comes through. This fee, which is usually a proportion of your compensation, is only payable in successful cases. Should your lawyer not get you any data breach compensation, you wouldn’t pay them the success fee or any of their other fees.

If you’d like to chat to an advisor about how No Win No Fee claims work, you can use Live Chat to reach us. If you’re interested in connecting with a data breach lawyer, however, you could always click the banner below. This could take you to Legal Expert’s website. They could help you begin your data breach claim with a No Win No Fee lawyer.

Where To Find Out More

Data Security Incident Trends – Here you can find out which industries have been affected by data breaches.

Be Data-Aware – The ICO has also given some useful guidance on being data-aware, which you can find here.

Guidance On Data Breaches From The NCSC – The National Cyber Security Centre offers guidance on data breaches, which you can access here.

What Are My Rights At Work?– Our guide to workplace rights might be of interest to you if you’re taking action against an employer.

Employer Data Breaches – You can find general information on data breach claims against an employer here.

What Is A No Win No Fee Claim? – This guide offers further insight into claiming on a No Win No Fee basis.

GDPR – FAQs For Government Employees

In this section, we’ve included answers to some questions we often see asked.

Does My Employer Need Consent To Use My Data?

Unless your employer has a valid reason to use your personal data, they would need your consent to do so. You can find out more about valid reasons for them to use your personal data without your consent on the ICO website. In general terms, the valid reasons are legitimate business reasons, public interest, vital interest, to fulfil a contract and to fulfil legal requirements.

What Is A Data Protection Impact Assessment?

A data protection impact assessment or DPIA is something an organisation should undertake. They should do so when attempting to process information that could risk the rights and freedoms of a data subject. An organisation should assess the risk and take steps to minimise the risks.

Does Employee Data Have A Retention Limit?

Under GDPR, an organisation should not keep personal data for longer than they need to. The usual limit for keeping employee records is 6 years.

Can I Ask To See My Data?

You have a legal right to ask to see your personal data. You could make a subject access request (SAR) to an organisation and they would have a legal obligation to comply with your request.

We appreciate you checking out our guide to employee data breach claims against the Royal Navy.

Guide by JEF

Edited by BIL

My Employer Breached My Data Privacy, What Rights Do I Have?

This article is about why employee data breach claims against HSBC might be necessary. It will explain how the General Data Protection Regulation (GPDR) applies to data held by employers. Furthermore, we’ll show how the Information Commissioner’s Office (ICO) could step in if data breaches occur. Importantly, if a data protection breach causes you to suffer, you could take legal action to seek compensation. Therefore, we’ll explain what you could include within your claim and how much compensation you might receive.

The GDPR came into play in May 2018 after the Data Protection Act 2018 (the DPA) was passed into law. Since these laws were implemented, the focus on the security of personal data has been elevated.

It might not be clear to those who haven’t been affected, but data breaches can cause all sorts of problems. They can lead to distress, depression and anxiety and they can result in financial losses too. It is these forms of suffering which could make you eligible to begin a compensation claim. Therefore, we’ll provide details of the claims process throughout this guide.

Whilst our team is happy to answer any questions in live chat, we believe that having legal representation provides your best chance of being compensated fairly. Legal Expert is a law firm that will review your claim for free. You can call them on 0800 073 8804 or click on one of their banners. If your case is suitable, one of their No Win No Fee data breach solicitors could be appointed to it.

Select A Section

• What Is An Employee Data Breach Claim Against HSBC?
• What Is The GDPR In Simple Terms?
• Is Employee Data Protected By GDPR Rules?
• What Principles Are Set Out In The GDPR?
• What Types Of Private Data Could Be Covered By The GDPR?
• The Definition Of An Employer Data Breach
• Ways In Which Employers Could Breach Employee Data Privacy
• Does Your Employer Need Permission To Share Data About You?
• Steps Employers Should Take After Suffering A Data Breach
• What Is The Information Commissioner’s Office?
• ICO Recommendations On How To Protect Employee Data Privacy
• How To Report A Breach Of Your Data Privacy By An Employer
• Calculating Compensation For Employee Data Breach Claims Against HSBC
• Make A No Win No Fee Employee Data Breach Claims Against HSBC
• Related Services And Guides
• GDPR FAQs

What Is An Employee Data Breach Claim Against HSBC?

In a moment we will explain more about HSBC employee data breach claims. Before we do, let’s set out some GDPR terminology that will be used in our guide:

• Data processing. Any action performed on personal information. This can include collection, storage, deletion and dissemination.
• The data subject. This is an individual whose data will be processed i.e. an HSBC employee.
• Data controllers. These are the organisations that would like to collect your personal data.
• Data processors. This can be the data controller or third-party organisations that perform the data processing.

Employee data breaches will be the result of a security incident. As a result, information about an employee could be unlawfully disclosed, lost, changed, accessed or destroyed illegally.

If you are thinking of seeking damages, you’ll need to demonstrate that:

• Personal information about you was involved in a data breach.
• You suffered as a direct result of the incident. Suffering can include financial losses and/or psychological injuries.

It is common to hear news reports about how criminal cyberattacks have caused data breaches. They use techniques like ransomware, phishing emails, firewall exploits and keyloggers to try and access data and then extort money from companies.

However, there are many ways that breaches can be caused by human mistakes, leading to a data subject suffering damage. You could seek compensation in either case if the breach has meant you were harmed.

Bear in mind that time limits apply. Mostly, there is a 6-year limitation period from the date you became aware of the breach. However, 1-year limits apply to cases based on human rights breaches.

What Is The GDPR In Simple Terms?

The GDPR is a set of rules relating to the processing of personal data about individuals. It applies to data controllers and processors within the UK as well as any others who process information about any residents that live in the EU.

The new laws mean that a lawful basis is needed before any data processing of personal information can occur. There are several ways this can be achieved. One method is to tell the individual about the requirement and asking them to consent. You’ll probably have seen that in action when you’ve visited a website and a pop-up box appears.

Another important part of the GDPR is data security. Data controllers must now make sure processing occurs in a secure and confidential manner. This means many have had to upgrade their security protocols.

So, what data do these laws apply to? In general, all digital data of a personal nature is covered. Furthermore, paper-based information is also covered if it is a) stored in a filing system or b) going to be transferred to an electronic system.

If you have any queries, please connect to live chat. To see if one of Legal Expert’s data breach lawyers could help you claim, please use their banner above.

Is Employee Data Protected By GDPR Rules?

It would be impossible for companies to function properly without information about their staff. How could they pay you each month if they didn’t store your bank details, for instance? However, while the information is necessary, your employer must try to protect it in line with the GDPR. This means using processes and systems to keep it secure.

So, what type of harm could result from a data breach? Here are two examples:

• If criminal gangs steal your data from your employer’s computers, you could suffer financially. They could use your information in identity theft crimes or they could use sensitive information to extort money from you.
• If contact details were accessed by a colleague, you might be worried or distressed about how they’ll use them.

These are some of the forms of suffering that could entitle you to take action.

What Principles Are Set Out In The GDPR?

Let’s now take a look at the principles of data processing as set out within the GDPR. They are:

1. When processing personal data, the process must be transparent, fair and lawful.
2. The data that is processed can only be used for the purposes specified when it was collected.
3. To reduce risk, only the data that is needed should be collected.
4. Where errors in retained data are found, it should be updated or deleted straight away.
5. Processing data must be a confidential and secure process. Techniques like anonymisation or encryption could help here.
6. No time limits are specified but the GDPR says data must not be stored for longer than necessary.
7. The data controller should be able to demonstrate how they comply with these principles. They must also take full accountability for the data they control.

What Types Of Private Data Could Be Covered By The GDPR?

Before processing any data, the controller should check whether it is classed as being personal or not. If it is, the GDPR’s rules will apply. The ICO defines personal data as any information that might identify a data subject. This includes data that could directly or indirectly help to identify somebody.

Types of data your employer holds that could identify you directly:

• Employee numbers.
• Computer usernames.
• Your name.
• Your home address.
• Mobile phone numbers.
• National Insurance numbers.
• Your email address.

Other information that could indirectly help to identify you includes data about:

• Ethnicity or race.
• Sexual orientation.
• Marital status.
• Religious beliefs.
• Any disabilities.
• Your age.

The Definition Of An Employer Data Breach

We will look at a real-life employer data breach in the next section. Before we do, let’s look at some theoretical ways that breaches can occur in the workplace:

• Where inadequate IT security allows you to view your colleagues’ staff records.
• If devices containing sensitive data aren’t encrypted and are lost.
• Where documentation including personal details is found and read because it wasn’t shredded before it was disposed of.
• If your manager tells one of your colleagues your personal telephone number without your permission.
• If your records are accessed by a member of staff who has no business need to access it.
• Where criminals access the computer network and steal sensitive information.

If your data has been exposed by a data breach, you could be eligible to claim for any suffering caused. Click on live chat to find out more.

Ways In Which Employers Could Breach Employee Data Privacy

In this section, we are briefly going to look at a case where a supermarket, Morrisons, was found to be liable for the actions of one of its staff.

The employee stole information about 100,000 members of staff. This included names, addresses, salary and bank account details. Following the incident, he posted the information online and also sent it to newspapers.

In the High Court, the supermarket was found to be vicariously liable for the employee’s actions. This means that although the incident was caused by an individual member of staff, the company was liable for the suffering of those affected as his actions were carried out in the course of employment. The supermarket said it would contest the decision.

https://www.bbc.co.uk/news/uk-england-42193502

Does Your Employer Need Permission To Share Data About You?

The world seems to revolve around data these days. It flows from mobile phones, across the cloud, into offices and onto computer screens. Data sharing allows a lot of processes to happen much quicker than before, which is a good thing usually.

However, there still needs to be some control over what sort of information is being passed around. Often, before your information can be shared, you’ll be asked to consent to its use. However, there are some times when your employer won’t need your permission.

A lawful basis for sharing data without your consent could be where there is a legal obligation. One example of this is where your employer provides details of your salary payments to HMRC.

Another situation is where your employer believes somebody’s life is at risk. Where that’s the case, they are allowed to provide your details to the police, for example, without consulting you.

Steps Employers Should Take After Suffering A Data Breach

Organisations need to have a process in place to deal with identified data breaches. They should begin an investigation and risk assessment as soon as they are aware of the breach. If the breach needs to be reported, the ICO should be told:

• When the incident occurred and when the data controller found out.
• What happened.
• Who has been affected or who might be affected.
• What steps the data controller has taken to try and resolve the issue.

Another important step is to let those who might be at risk know about the security breach. This will usually involve a letter or email being sent explaining what happened. In employee data breach claims against HSBC, that letter could be vital evidence to support the case. As a result, we’d advise you to keep a copy in a safe place.

Other evidence could be used to support your claim too. To find out more, please use live chat today.

What Is The Information Commissioner’s Office?

The ICO is the UK’s data security watchdog. They oversee a number of different pieces of legislation including the DPA and the GDPR. The work they do includes:

• Investigating concerns raised by members of the public (and data controllers).
• Maintaining a database of fee payers.
• Overseeing data protection laws.
• Fining companies that have broken the law.
• Using enforcement action to improve data protection practices.

The one thing that the ICO can’t do, though, is to award compensation to those affected by data breaches. As a result, you’ll need to take your own legal action.

ICO Recommendations On How To Protect Employee Data Privacy

As part of their supportive role, the ICO tries to help organisations comply with the GDPR’s rules. They do this by providing reactive support and proactive training. One example of this is the Employment Practices Code.

The code sets out ways in which employers can modify their processes relating to staff records, health records and recruitment processes to ensure they comply with the law.

How To Report A Breach Of Your Data Privacy By An Employer

Data safety concerns can be raised with the ICO where:

• You have already complained to your employer.
• They have responded in writing.
• It has not been more than 3-months since the last meaningful update.

Your request could be turned down, according to the ICO’s website, if there is an undue delay in raising your personal information concerns with them.

Calculating Compensation For Employee Data Breach Claims Against HSBC

Data breach claims usually consist of two different elements. You could be entitled to claim for one or both of them. They are:

• Material damages. The compensation you seek to recover costs and financial losses sustained following a data breach.
• Non-material damages. To cover any pain and suffering resulting from psychological injuries linked to the breach.

In an important case at the Court of Appeal, two important decisions were made. When deciding the Vidal-Hall and others v Google Inc [2015] case, it was said that:

• Compensation for any psychological injuries that result from data breaches should be considered, even if there isn’t financial damage. In the past, the latter was required in order to claim for the former.
• If a settlement is made, the amount of compensation paid for mental harm should be based on personal injury law.

So, to demonstrate what that means, we’ve provided the compensation table below. As personal injury settlements are based on figures from the Judicial College Guidelines, we’ve used the same figures in our table.

Injury	Severity	Compensation	Notes
General Psychiatric Injuries	Severe	£51,460 to £108,620
General Psychiatric Injuries	Moderately Severe	£17,900 to £51,460
General Psychiatric Injuries	Moderate	£5,500 to £17,900
General Psychiatric Injuries	Less Severe	Up to £5,500
General Psychiatric Injuries			These claims consider the following factors: 1) How the victim can cope with life or education; 2) How likely treatment is to help; 3) What impact their injuries have had on relationships; 4) Future vulnerability; 5) The medical prognosis.
PTSD	Severe	£56,180 to £94,470
PTSD	Moderately Severe	£21,730 to £56,180
PTSD	Moderate	£7,680 to £21,730
PTSD	Less Severe	Up to £7,680
PTSD			Symptoms associated with PTSD include sleep disturbance, flashbacks, nightmare, avoidance, hyper-arousal, suicidal ideation and mood disorders

To receive the correct level of compensation, you must provide evidence that shows the extent of your injuries. Therefore, a medical assessment is needed as part of your claim. To reduce the amount of travel required, law firms are usually able to book appointments locally.

An independent medical specialist will conduct the meeting. They will try to find out how your injuries have affected you. They’ll also try to determine if you’ll suffer in the future. To achieve this, they’ll ask questions and look in your medical records.

Once the meeting has been completed, a report detailing your injuries and a prognosis will be prepared. This will be used to prove your injuries were caused by the data breach.

Make A No Win No Fee Employee Data Breach Claims Against HSBC

There is no doubt that lots of people worry about the costs of hiring a legal team when seeking compensation. However, that’s not really something that should be considered as many data breach solicitors provide No Win No Fee services.

By doing so, the law firm takes on the financial risk which reduces your own. You still get access to a solicitor which should make everything a bit less stressful.

To offer this service, the law firm will have to assess your claim first. If it is suitable, you’ll be sent a Conditional Fee Agreement (CFA). The formal title of a No Win No Fee agreement, the contract sets out the terms that your solicitor will need to meet before you need to pay them. Essentially, though, you’ll only need to do that if a compensation payment is made.

The CFA will explain that a small portion of any compensation you receive will be deducted to pay for your solicitor’s work. This is called the success fee. It is a fixed percentage that you’ll agree to when you sign the contract. By law, success fees are capped which means you won’t be overcharged.

The solicitors at Legal Expert provide a No Win No Fee service for accepted claims. You can ask them to review your case for free by calling 0800 073 8804.

Related Services And Guides

We are nearing the end of this article on how to make employee data breach claims against HSBC. Therefore, we will use this section to provide further resources that might be useful.

Raising Data Safety Concerns – Advice about how you can inform a company if you’re worried about how they’re using your data.

Mental Health Charities – NHS information about where you search for a support provider.

Ministry Of Defence (MoD) Claims –  A look at home MoD employees raise data breach claims.

Data Breach Claims Against An Employer – Information on how to claim for GDPR data breaches caused by an employer.

NHS Data Breaches – Advice about how NHS staff could seek damages if affected by a data breach.

GDPR FAQs

Thank you for completing our guide about employee data breach claims against HSBC. In this final section, we’ve answered some frequently asked questions about GDPR claims for you.

Can I get compensation for a GDPR breach?

On its own, a data breach won’t entitle you to make a compensation claim. However, if the event has caused you to suffer, you could seek damages. The claim could cover any financial losses you’ve incurred. Additionally, you could claim for the pain and suffering caused by anxiety, depression or distress linked to the incident.

How do I claim my GDPR compensation?

As with other types of compensation, you will need evidence to prove your case. If you can prove that the breach took place and that you’ve suffered, a claim could be possible. Evidence to support your claim could include an ICO investigation report, a letter confirming the breach took place and medical records.

What is the penalty for GDPR violation?

There is no fixed penalty for breaking the rules of the GDPR. The ICO will try to help any organisation that is involved in a data breach. However, where laws have been broken, fines of up to £17.5 million or 4% of the company’s turnover can be handed out.

Thanks for reading our guide to employee data breach claims against HSBC.

Guide by HAM

Edited by BIL