News

Employee Data Breach Claims Against Sainsbury’s

free advice on data breach claims

Check What You Could Do If Your Employment Data Privacy Has Been Breached

This guide about employee data breach claims against Sainsbury’s aims to give information to help you.

If you have been the victim of a data breach, you may have suffered financially, if your banking information had been accessed. Or, perhaps you were affected emotionally, suffering from anxiety, stress or depression because of the breach. Should you suffer such harm due to a breach, you could claim.

This is because there are strict data privacy laws that employers must adhere to, including the General Data Protection Regulation (GDPR). This EU regulation has been enshrined into UK law via the Data Protection Act 2018. Section 168 of this Act gives data breach victims the right to claim compensation for mental harm and financial loss caused by a breach.

employee data breach claims against Sainsbury's

You may be under the misapprehension that you could only make employee data breach claims for cybersecurity breaches. After all, there are lots of threats to our digital data, from hackers that use spyware and malware to steal data to those who launch DDoS attacks designed to restrict access to data.

However, there are many causes of data breaches that don’t relate to computer security or network security threats. If your employer has your personal information in a physical file or notebook, they must also protect that data from unauthorised access.

How This Guide Could Assist You

This guide explores how employee data breach claims work and offers insight into the data breach compensation you could receive. But this is not the only way we could help. If you have evidence of a valid claim and would like to talk about it, please use the live chat feature to get further advice. Alternatively, you could click the banner below to be connected to Legal Expert.

Select A Section

  1. What Is An Employee GDPR Data Breach Claim Against Sainsbury’s?
  2. What Is The GDPR?
  3. Does The GDPR Protect UK Retail Employees?
  4. The Principles Of Data Protection Under The GDPR
  5. What Data Does The GDPR Protect?
  6. What Is An Employer GDPR Data Breach?
  7. Examples Of How Employers Can Breach Data Privacy
  8. Can An Employer Share Your Data Without Your Consent?
  9. How Employers Should Handle Data Protection Breaches
  10. What Does The Information Commissioner’s Office Do?
  11. What Is The ICO Employment Practices Code?
  12. How To Report A Breach Of Data Protection By Your Employer
  13. Employee Data Breach Claim Against Sainsbury’s Compensation Calculator
  14. No Win No Fee Employee Data Breach Claim Against Sainsbury’s
  15. Supporting Resources
  16. Workplace Data Privacy FAQs

What Is An Employee GDPR Data Breach Claim Against Sainsbury’s?

Employers in the UK are duty bound to protect the personal information they process about their employees. Whether this includes personal information such as their contact details, name, date of birth and address, or sensitive health information, the law requires them to protect employee data privacy.

But sometimes things go wrong. If a security breach causes your data to become exposed, stolen, lost, or accessed without authorisation, you could suffer harm. Not only could a breach of your financial information lead to identity fraud or theft, but you could also be impacted emotionally.

A data breach could cause you to experience anxiety and distress. If this happens, you could make a claim for compensation. You could claim whether the data breach was malicious in nature, due to a mistake by another employee or related to the mismanagement of your data.

While employee data breach claims wouldn’t erase what happened, GDPR data breach compensation could allow you to recoup any expenses you’ve incurred due to a breach. It could also compensate you for mental suffering.

While you don’t legally require a data breach solicitor to help you, many claimants prefer to obtain legal support when claiming. Luckily, you could do so without having to pay solicitor fees unless your claim is successful if you find a No Win No Fee solicitor to assist you.

However, you may need to act quickly, depending on when the breach occurred. You could have six years to claim from the date you obtained knowledge of the breach. However, for a breach of your human rights, you might only have a year.

In this guide, we are going to explain the justifications and evidence you might need to make employee data breach claims against Sainsbury’s. If you need our advisors’ help, get in touch through our live chat. 

What Is The GDPR?

The GDPR, or to give it its full title the General Data Protection Regulation, is a strict data security and privacy law. It came into force in 2018 to protect the data privacy and security of EU data subjects. (A data subject is someone whose data is processed.)

The UK has enacted the GDPR into law through the Data Protection Act 2018. This gives every data controller, including employers, certain responsibilities when it comes to data protection. (A data controller is a party—usually an organisation—that decides how and why personal data will be processed.)

They must take steps to protect employee data. This could involve an employer training its employees on how to protect data. It could also involve installing security software, such as a firewall to protect cloud-based data, or using a virtual private network (VPN).

But data controllers should also protect personal data that is not digital. If a filing cabinet of employee records containing personal data is left unlocked, for example, this could lead to an unauthorised person accessing it. This could also be considered a data breach.

Does The GDPR Protect UK Retail Employees?

The GDPR gives data subjects certain rights, including the right to claim compensation for financial and psychological damage they suffer due to a breach. Other data rights include:

  1. The right to object to an organisation processing their personal data
  2. A right for data to be portable
  3. The right to have inaccurate data corrected
  4. A right to be informed about their personal data
  5. The right of access to their data
  6. A right to erasure of their data
  7. Some rights that relate to profiling and automated decision making
  8. A right to put restrictions on the processing of their data

The ICO website provides further guidance on individual rights. If an employer breaches your data rights and you can prove you suffered mental harm or financial loss, you could make an employee data breach claim for compensation.

The Principles Of Data Protection Under The GDPR

There are 7 key principles of data protection under the GDPR. These are:

  1. Accuracy
  2. Accountability
  3. Lawfulness, transparency and fairness
  4. Purpose limitation
  5. Data minimisation
  6. Integrity and confidentiality (security)
  7. Storage limitation

The Information Commissioner’s Office, which enforces the GDPR in the UK, offers further guidance on these principles on its website. An infringement of the principles of the GDPR could lead to a data breach and, consequently, the ICO issuing a fine to that organisation.

If you have evidence of a valid claim and would like more information about employee data breach claims against Sainsbury’s, please call our advisors today.

What Data Does The GDPR Protect?

In terms of the personal data GDPR protects, this could include any information that could identify a data subject. This data could be used alone or in combination with other information to identify someone. So, employers could collect, store and process personal information that includes:

  • Your name, your date of birth, address and contact details.
  • Digital information such as your IP address or email address.
  • Financial data, including bank details, so that they could pay you.
  • Employment data such as your salary, or sickness record.
  • Sensitive data relating to your physical and mental health, your race or ethnic origin and your political opinions, for example.

It is crucial that employers consider protecting not only digitally held data, but personal data held on paper. They should also be careful when discussing your personal data. A failure to protect the privacy of your data could cause mental harm or financial loss to an employee.

What Is An Employer GDPR Data Breach?

Essentially, personal data breaches involve a security incident leading to the unauthorised or unlawful:

  • Access of personal data
  • Loss of availability of personal information
  • Transmission or disclosure of personal data
  • Processing, storage or destruction of personal data
  • Theft or loss of personal data
  • Alteration of personal data

A Sainsbury’s employment data breach could involve a mistake by a member of staff. It could also happen due to a malicious cyberattack if a hacker were to use a bot to expose vulnerabilities in computer security or network security systems, for example.

If they were to gain access to such systems, they could steal data or use malware, a virus or ransomware to destroy it. However, another potential cause of a data breach could be the mismanagement of your data.

Do you have proof of a valid claim? Get in touch with our advisors through our live chat. Alternatively, click on the banner below. 
free advice on data breach claims

Examples Of How Employers Can Breach Data Privacy

If you’re wondering whether Sainsbury’s has ever been affected by a data breach, you might be interested to learn that in 2015, it fell victim to attacks by a hacker known as Courvoisier.

The hacker also targeted other large organisations, launching phishing attacks to steal personal data.

The hacker, whose real name is Grant West, was caught after a 2-year investigation and was ordered to pay back stolen funds amounting to approximately $1.1 million (£900,000) in cryptocurrency.

Source: https://thenextweb.com/news/hacker-who-sold-ubers-and-sainsburys-customer-data-forced-to-give-up-1m-in-cryptocurrency

Potential Causes Of Employee Data Breach Claims Against Sainsbury’s

There are lots of different types of data breaches that could potentially occur in a workplace. These could include:

  • Someone in payroll sending a payslip to the wrong employee
  • Employees falling victim to phishing attacks, leading to someone gaining access to Sainsbury’s databases containing personal information
  • Someone discussing your sick record in front of your colleagues who aren’t authorised to hear about it
  • An employee leaving a USB containing personal data on a train

If you have evidence of a valid claim and would like us to talk to you about whether you could be eligible for data breach compensation, simply use Live Chat to get in touch. We’d be happy to help.

Can An Employer Share Your Data Without Your Consent?

While you might assume that sharing personal information without consent would always be a breach of employee data, this might not be the case. An organisation doesn’t always need your consent. There are other valid reasons your employer could do so. They are:

  • For legitimate business interests
  • Public interest tasks
  • To fulfil a legal obligation
  • Vital interest reasons
  • Contract fulfilment

However, employee data breach claims could be possible if you suffer mental harm or financial loss because they share your data without your consent or valid reason to do so.

How Employers Should Handle Data Protection Breaches

Employers have an obligation to report data breaches that risk the rights or freedoms of data subjects to the ICO. They must do so within seventy-two hours of the discovery of the incident unless they have a valid excuse.

The organisation must also inform any victims without undue delay. However, if a breach doesn’t pose risks to someone’s rights and freedoms, they are not obliged to report it. Organisations that have such breaches should, however, keep their own records.

What Does The Information Commissioner’s Office Do?

The Information Commissioner’s Office upholds the public’s data rights in the UK. It is responsible for enforcing a number of pieces of data protection legislation, including the Data Protection Act 2018.

Should a data breach occur, the ICO could investigate it and the organisation could face hefty fines from the ICO. In fact, the ICO could fine an organisation up to tens of millions.

It might surprise you to learn that the ICO does not pay data breach compensation, however. If a victim of a data breach would like to exercise their right to claim compensation, they must do so alone or with the help of a solicitor.

If you have evidence of a valid claim and would like more information about the potential justifications behind employee data breach claims against Sainsbury’s, please call our advisors today.

What Is The ICO Employment Practices Code?

In an effort to guide employers in best practices for data protection, the ICO has issued an employment practices code, which gives employers useful information they could use to improve their ability to protect the data of employees.

As part of the code, there are sections on workplace monitoring and protecting health and personnel records. Perhaps one of the more important points within the guide is where the ICO informs employers of the need to protect the personal information of the following groups, as well as current employees:

  • Casual workers (former and current)
  • Applicants (this includes former applicants and current applicants. It also includes those that are successful and unsuccessful)
  • Contract staff (former and current)
  • Agency workers (current and former)

You do not need to currently work for the organisation to make employee data breach claims. However, you must be mindful that there is a limitation period on such claims. If you’re not sure how long you could have left to claim, why not Live Chat with our team?

How To Report A Breach Of Data Protection By Your Employer

If you believe you’ve fallen victim to an employee data breach, you should take the matter up with your employer. For example, you could write to them and ask them to look into the incident. After that, they should work with you to achieve a resolution. However, if you’re unhappy with their response, or you don’t receive one, you could report them to the ICO, who could investigate.

You would have to make a complaint to the ICO within 3 months of your employer’s final response. If you act after that time, it could affect the decisions the ICO makes.

You are not required to make a report to the ICO to claim compensation, however. You could look for a data breach lawyer to help you make a claim for compensation.

Employee Data Breach Claim Against Sainsbury’s Compensation Calculator

Data breach claims could include compensation for non-material and material damages. Non-material damages compensate you for the psychological harm the data breach causes. Material damages compensate you for the financial loss it causes.

Claiming material damages could involve submitting evidence such as bank statements and bills that show the financial harm you’ve suffered.

However, if you haven’t suffered financially, you could make a claim for a psychological injury. This is due to a legal precedent that was set in a case from 2015. During Vidal-Hall and others v Google Inc [2015], the Court of Appeal heard the assessment of compensation in such cases and held that compensation for psychological/psychiatric injuries should be considered even when there is no financial loss.

Therefore, if you could prove you suffered anxiety, stress or distress due to a data breach you could be eligible to claim compensation for it.

During this case, the Court also held that psychological injuries could be valued as they are in personal injury law.

Calculating Psychiatric/Psychological Injury Compensation For Employee Data Breach Claims Against Sainsbury’s

To evidence such injuries, you’d need to undergo an independent medical assessment as part of the claims process. From this, you should receive a medical report, which courts and lawyers could use to work out how much compensation you could receive.

They could measure it against what the Judicial College Guidelines (JCG) say could be appropriate for different levels of injury to come to a value for your claim.

In the compensation table below, we’ve used some figures from the (JCG) publication, to give you a rough idea of how much could be appropriate for such injuries.

The kind of injury sufferedThe Judicial College Guideline BracketLevels of severity
Psychological damage (General)£51,460 to £108,620Severe
PTSD damage£56,180 to £94,470Severe
PTSD damage£21,730 to £56,180Moderately severe
Psychological damage (General)£17,900 to £51,460Moderately severe
PTSD damage£7,680 to £21,730Moderate
Psychological damage (General)£5,500 to £17,900Moderate
PTSD damageUp to £7,680Less severe
Psychological damage (General)Up to £5,500Less severe

If you’re not sure which level your case could fall under, why not use Live Chat to contact our team? You could get a free estimate.

No Win No Fee Employee Data Breach Claim Against Sainsbury’s

Those making employee data breach claims may wish to use the services of a lawyer to do so. No Win No Fee claims don’t require any solicitor fee payment upfront to begin your claim, as legal fees would be paid from your compensation. And, you would only pay them if your claim won.

How Do No Win No Fee Employee Data Breach Claims Against Sainsbury’s Work?

  • Before launching your case, your lawyer would ask you to sign a No Win No Fee agreement, within which is the ‘success fee’ you’d pay them from your compensation. It would usually be a small, legally capped proportion of your total payout.
  • When you’ve signed and returned the agreement, your lawyer could begin to take action. They’d build your case and negotiate compensation for you.
  • Should your case be successful, you’d benefit from the total payout, minus the success fee the lawyer would take out
  • If your case failed, you wouldn’t pay any solicitor fees.

If you have evidence of a valid claim, you can Live Chat with us and learn more about No Win No Fee claims. Or, you could contact Legal Expert after clicking the below banner.
free advice on data breach claims

Supporting Resources

Data Security Incident Reports– The ICO keeps records of data breaches. Though these figures aren’t clear on employee data breach statistics, they could give you some insight into how common breaches are.

Data Awareness – Are you data aware? The ICO offers some useful guidance on becoming more data aware.

NCSC Data Breaches Guidance – The National Cyber Security Centre offers some insight into protecting yourself from data breaches.

Your Rights In Work – It may be important for you to find out what rights you have at work. This guide could help with this.

Employee Data Breach Claims – We have created general guidance on such claims here.

No Win No Fee Claims – For further information on No Win No Fee claims, why not look here?

Workplace Data Privacy FAQs

What If An Employer Has A Data Breach?

If an employer has a data breach that impacts the rights and freedoms of data subjects, it must report the incident to the ICO within 72 hours and inform the potential victims without undue delay.

How Much Compensation Will I Get For A Data Breach?

The compensation you could receive for employee data breach claims could vary significantly, depending the damage you suffer. You could claim for both distress and other non-material damages as well as the financial impact of the breach.

How Quickly Should A Data Breach Be Reported?

Within 72 hours of a data breach, an organisation must report it to the ICO if it’s notifiable. However, if it doesn’t risk any of the freedoms or the rights of data subjects, the organisation doesn’t have to report it. However, they must retain their own records.

Thanks for reading our guide to employee data breach claims against Sainsbury’s.

Guide by JJ

Edited by VR

Employee Data Breach Claims Against The MoD

free advice on data breach claims

In this guide, we look at employee data breach claims against the MoD. We’ll explore what a data breach is, what could cause a personal data breach and what could follow.

Victims of a data breach could suffer a multitude of consequences. Not only could they suffer financially if someone gains access to exposed data, but they could also suffer stress, distress and anxiety due to such a breach.

A data controller is a party (such as an employer) that decides why and how data is processed. Data controllers should, under the General Data Protection Regulation and the Data Protection Act 2018 take steps to protect personal data.

If your personal data is involved in a data breach at work, you could be eligible to make a claimproviding you can prove that you suffered mentally or financially (or both). Not only this, but the Information Commissioner’s Office could investigate a data protection breach and could issue an enforcement notice and a fine.

employee data breach claims against the MoD

You may have suffered a government employee data breach due to a cybersecurity incident. This may have involved a cyberattack using ransomware, malware or a virus to breach data in cloud databases or on computer systems.

Or, someone may have sent your personal details to a third party without your consent, either maliciously or by mistake.

Other data breaches could involve personal information on documents being left in unsecured places, or computer equipment being stolen, for example. Whatever the cause of the employee data breach, GDPR allows victims to claim compensation if they suffer financial or psychological harm because of it.

How This Guide Could Help

We have created this guide to provide lots of useful information on making data breach claims. If you have any questions about whether you could claim or any of the information contained in the sections below, please don’t hesitate to click the live chat button to chat with us.

Alternatively, you could click the banner below to speak to Legal Expert.

Select A Section

  1. What Is The General Data Protection Regulation?
  2. Does The GDPR Protect The Information Of Ministry of Defence Employees?
  3. The Seven Principles Set Out In The GDPR
  4. What Is Personal Data Under The GDPR?
  5. What Counts As A Breach Of GDPR By Civil Service Employers?
  6. How An Employer Could Breach GDPR Guidelines
  7. What Is An Employee Data Breach Claim Against The MoD?
  8. Does An Employer Need Consent Before Sharing Protected Data?
  9. What Steps Should Employers Take If There Is A Breach Of The GDPR?
  10. What Is The ICO Responsible For?
  11. The ICO Employment Practices Code
  12. How Do I Report The Ministry Of Defence To The ICO?
  13. Calculate Compensation For An Employee Data Breach Claim Against The MoD
  14. No Win No Fee Employee Data Breach Claims Against The MoD
  15. GDPR Data Breach References
  16. FAQs About The GDPR For Government Employee Data Protection

What Is The General Data Protection Regulation?

GDPR, or the General Data Protection Regulation, to give it its full title, is important legislation that protects the personal data that data controllers collect, hold and process. It is arguably the most stringent data privacy and security law in the world.

The UK enshrined the GDPR into law via the Data Protection Act 2018, and it affects all data controllers, including employers, requiring them to take measures to protect the personal data of data subjects, whether they are employees or are connected with the data controller in another way. (A data subject is someone whose personal data is processed.)

Whether you work for the Ministry of Defence in Counter Fraud, Communications, International Trade or another capacity, your employer would need to collect some of your personal information. They should, therefore, protect that information under GDPR.

They should take steps to protect data held digitally, such as that on a virtual private network (VPN) or cloud databases. However, data protection is not limited to that which is on computers. Data controllers should also protect employee information in notebooks and filing cabinets for example.

If they fail to do so, whether your data is hacked, sent by mistake to someone who shouldn’t see it, or is accessed without authorisation, this could harm you mentally as well as materially. If this has happened to you and you have evidence, you could be in a position to make an employee data breach claim.

Does The GDPR Protect The Information Of Ministry of Defence Employees?

During your employment at the Ministry of Defence, they would obtain personal data about you. Some of this data may be needed to fulfil your employment contract, such as your bank details, for example.

Other information could include your contact details, email address, sickness records and, of course, your name and address.

Some of the information your employer may hold about you could include sensitive medical or disciplinary information. Data Protection laws require your employer to protect the personal information of data subjects.

Under GDPR, you would have certain individual rights as a data subject. These rights include:

  1. A right to restrict the processing of your personal data
  2. The right to data portability
  3. Rights relating to profiling and automated decision making
  4. A right for inaccurate information to be corrected
  5. The right to access your personal data
  6. A right to have your data erased
  7. The right to be informed about your data
  8. A right to object to the processing of your data

If your employer breaches your rights in a data breach incident, you could suffer financially or emotionally. If this happens to you, and you have evidence to prove it, you could make an employee data breach claim.

To learn more about why employee data breach claims against the MoD might be possible, please click on the live chat button below.

The Seven Principles Set Out In The GDPR

There are 7 main principles of the GDPR that employers should be aware of. These are the principles that should underpin their activities as a data controller. They are:

  1. Confidentiality & integrity – they should ensure the security of your personal information.
  2. Compliance – they should be able to demonstrate that they are GDPR compliant.
  3. Lawfulness, fairness and transparency – they should be transparent about the data they process, and all processing must be done fairly and lawfully.
  4. Purpose limitation – they should only process data for its specified purpose.
  5. Minimisation – they should only store the minimum data required for its specified purpose.
  6. Storage limitation – they should only store data for as long as it is required for its specified purpose.
  7. Accuracy – they should ensure your personal data is accurate and up to date.

The ICO website has further information on these principles.

What Is Personal Data Under The GDPR?

We have explained that the MoD would need to process some of your personal data while you work for them. But what is such personal data? The Information Commissioner’s Office describes personal data as being information that could identify a data subject, either alone or with other information.

Personal data could, therefore, include:

  • Your address, date of birth, email address and phone number.
  • Financial data such as your bank account information.
  • Medical data such as your sickness records or details of medical conditions, for example.
  • Employment data such as disciplinary action or sick leave, for example.

Protecting Personal Data

It is important for employers to recognise that protecting personal data by putting network security or computer security protocols in place may not cover all data. They must also protect data in document format, which could include paper files, and data held in notebooks for example.

If they fail to do so and your personal information is involved in a data breach, and you suffer mental harm or financial loss, you could make a claim. A data breach solicitor could help you put such a case together.

If you have evidence of a valid claim, why not use the live chat feature to chat with our advisors?

What Counts As A Breach Of GDPR By Civil Service Employers?

A personal data breach involves a data security incident that causes:

  • Loss of data
  • Theft of data
  • Unavailability of data
  • Unauthorised or unlawful access, transmission, destruction, alteration, storage, disclosure or processing of data

The ways in which an employee information data breach could occur varies wildly between cases. Personal data breaches could involve:

  • Phishing attacks that lead to unauthorised access to your personal data.
  • A hacking involving malware, ransomware or DDoS attacks that breach your data.
  • HR accidentally sending your sick record to an unauthorised recipient.
  • Senior management discussing your illness in earshot of other colleagues.

If you’d like to ask us about a government employee data breach you’ve been affected by, please don’t hesitate to use Live Chat to talk to our team.
free advice on data breach claims

How An Employer Could Breach GDPR Guidelines

If you’re wondering if the Ministry of Defence has ever had a data breach, MoD reports reveal that in 2019/20, there was a significant amount of certain personal data breaches. There were 49 incidents involving a loss of inadequately protected paper documents, electronic equipment or devices from secured Government premises.

Seven data security incidents were notifiable and so were reported to the ICO. Some of these included:

  • A whistleblowing report was not properly anonymised
  • Criminal investigation files were lost during archiving
  • MoD material was disposed of wrongly by a subcontractor

The Ministry of Defence data breach that affected you may have been due to an incident similar to the above, or it was caused by something else. You may have evidence that a data breach impacted you financially or emotionally.

We understand that employee data breach claims may not be able to truly assuage the psychological effects of such a breach. However, they could help you as you move on.

What Is An Employee Data Breach Claim Against The MoD?

Data subjects whose data has been breached have a right under the Data Protection Act 2018 to claim compensation for financial damage and psychological damage they experience because of it. To claim, you would need to be able to provide evidence that:

  1. The employer was responsible for a data breach
  2. You experienced damage (financial or psychological, or both) due to the breach

If you did not suffer any harm from the breach or can’t prove it, you would not be able to make employee data breach claims against the MoD. If you’d like to learn more about the data breach claims process or have any questions about claiming, please don’t hesitate to use our live chat to connect with our advisors.

Does An Employer Need Consent Before Sharing Protected Data?

While sharing personal information without consent could be considered a data breach in some cases, in others it may be lawful. This is because aside from ‘consent’, there are other reasons a data controller could share your personal data legally. They are:

  • To complete public interest tasks
  • For legitimate interests
  • In order to fulfil legal obligations
  • For vital interest reasons (e.g. to protect life)
  • To fulfil a contract with the individual

Should your employer share your personal data without valid reason or consent, you could hold them liable for any mental or psychological harm you suffer as a result.

What Steps Should Employers Take If There Is A Breach Of The GDPR?

If there is a government data breach by the Ministry of Defence, and it risks the rights or the freedoms of a data subject, the department should aim to report it to the ICO within 72 hours. If they report the breach any later, they should have a valid excuse for not reporting within 72 hours.

The ICO data breach report should contain:

  • Who to contact about the breach
  • How many records/subjects the breach could affect
  • Any potential consequences of the breach
  • Any action taken or planned to rectify the incident
  • The type and nature of the breach

If your employer suffers a data breach and it risks your rights or freedoms, they must inform you as well. They should keep records of data breaches that do not risk the rights or freedoms of individuals, but they do not have to report such breaches to the ICO.

What Is The ICO Responsible For?

The ICO is an independent public body that protects individuals’ data rights. It enforces data protection laws in the UK, including the Data Protection Act 2018, and could investigate breaches of such legislation.

The Information Commissioner’s Office has the power to issue fines worth millions of pounds for data breaches. However, it does not issue compensation to data breach victims.

If you would like to make a data breach claim against your employer, you could do so alone, or get a data breach solicitor to help you.

The ICO Employment Practices Code

The Employment Practices Code, issued by the ICO, provides data controllers with guidance on data protection with regards to employee records, health records and workplace monitoring.

The code explains that employers must protect the personal data of not only their current employees but also the following people:

  • Casual workers
  • Previous applicants
  • Successful/unsuccessful applicants
  • Former employees
  • Agency workers
  • Current and former contractors

As you can see, you don’t have to be currently working for your employer to make employee data breach claims. If you’d like us to talk to you about your case because you have evidence of a valid claim, you could use the live chat feature on this page to get in touch.

How Do I Report The Ministry Of Defence To The ICO?

If you discover that your personal data was involved in an employer data breach, you should, according to ICO advice, report this to your employer directly. They should work with you to resolve any issues concerning your personal data.

However, if you don’t receive a response that is satisfactory, you could escalate your report to the ICO. The ICO advises that you should only contact them within 3 months of the final response from your employer. If you report after this time limit, it may affect how the ICO deals with your concerns.

We should mention that you don’t have to report a breach to the ICO to make employee data breach claims. You could seek the services of a data breach solicitor to help you make a claim for data breach compensation.

Calculate Compensation For An Employee Data Breach Claim Against The MoD

As we have mentioned, you could be compensated for both financial and psychological damages within a data breach claim.

Material damages relate to the financial costs of a data breach. For example, if a data breach leads to theft from your bank account, you could recover the losses in a claim.

Non-material damages relate to the psychological and psychiatric harm resulting from a breach. They could include things like anxiety, depression and distress.

You could claim for both material and non-material damages or either. The reason this could be possible relates to a legal precedent that was set in Vidal-Hall and others v Google Inc [2015]. Before this case, it was only possible to claim pf psychological harm if you’d also suffered financially.

During the case, the Court of Appeal also held that awards like those in personal injury cases for psychological/psychiatric harm should be considered in data breach cases.

What Evidence Do I Need?

Evidencing psychological injuries would involve a medical assessment with an independent medical professional. You would need to undergo such an assessment so that you could obtain a medical report that confirmed your injuries and prognosis were caused or exacerbated by the data breach.

Courts and data breach solicitors could use this vital evidence and look at it next to what the Judicial College Guidelines (JCG) say could be appropriate for such injuries. The JCG is a publication that solicitors may use to value injuries.

In the compensation table below, we’ve included figures from the JCG. This could give you a rough guide as to how much compensation could be appropriate.

InjurySeverityPotential Compensation
Psychiatric Damage GenerallySevere£51,460 to £108,620
Psychiatric Damage GenerallyModerately severe£17,900 to £51,460
Psychiatric Damage GenerallyModerate£5,500 to £17,900
Psychiatric Damage GenerallyLess SevereUp to £5,500
Post-Traumatic Stress DisorderSevere£56,180 to £94,470
Post-Traumatic Stress DisorderModerately severe£21,730 to £56,180
Post-Traumatic Stress DisorderModerate£7,680 to £21,730
Post-Traumatic Stress DisorderLess severeUp to £7,680

If you’re not sure what category your injury would be in, please don’t hesitate to discuss this with us via Live Chat. We’d be happy to discuss your case with you.

No Win No Fee Employee Data Breach Claims Against The MoD

If you make a No Win No Fee data breach claim, you would not pay any solicitor fees to your data breach lawyer upfront. Instead, you would pay them a pre-agreed success fee at the end of your claim. These terms mean that irrespective of your financial situation, you could receive professional assistance when making employee data breach claims.

The No Win No Fee Data Breach Claims Process: A Breakdown

  • Your data breach lawyer sends you a Conditional Fee Agreement (the formal term for No Win No Fee agreement) which contains details of the success fee. Please note this is usually a small percentage of your total payout. If you’re happy with it, you would sign the document to agree to pay this fee if your claim is successful.
  • Once the solicitor receives your signed agreement, they could start your claim
  • When they have negotiated a payout for you, and it comes through, they would deduct the agreed fee, and leave the balance for your benefit.
  • If they don’t arrange compensation for you, you don’t pay any of their fees.

If you want to find out more, why not click the banner below? You could speak to Legal Expert about your case.
free advice on data breach claims

GDPR Data Breach References

Hopefully, this guide has given you some insight into employee data breach claims against the MoD. The below resources may also be useful to you.

Responding To Data Concerns – You can find out how long data controllers should take when responding to data concerns here.

ICO Action – The ICO’s enforcement actions can be found here.

Data Breach Trends – While these statistics don’t directly provide employee data breach statistics, they do explain what sectors have suffered data breaches.

Agency Worker? – If you’re considering claiming against an employer as an agency worker, this guide could be helpful.

Victim Of An NHS Data Breach? – If you’ve suffered harm due to an NHS data breach, this guide could be useful.

Employee Data Breach – Claims Guidance – We’ve also created a general guide to employee data breach claims.

FAQs About The GDPR For Government Employee Data Protection

Is There A Time Limit To Make A Claim?

You would have 1 year to make claims for breaches of your human rights from the date you obtained knowledge of the breach, but 6 years for data breaches in other cases.

How Long Could A Claim Take?

The length of a data breach claim varies. In cases where an organisation accepts liability straight away and works to negotiate a settlement, you could receive compensation quite quickly.

However, in other cases, the organisation may take some time to investigate a breach and negotiate a settlement. In some cases, they might dispute your claim entirely, and you may have to go to court. All this could impact how long your claim takes.

How To Start A Claim

You could start a claim alone by writing to an organisation that breached your data. However, many claimants prefer to find a data breach lawyer to help them. You could contact Legal Expert by clicking the banner above, as (if you have evidence of a valid claim) they could assist you.

What Evidence Do I Need To Make A Claim?

You would need to submit evidence that the MoD breached your data, as well as the impact it had on you. This could involve bank statements, bills and credit card statements for material damages, and medical evidence for psychological or psychiatric injury.

Thank you for reading our guide exploring the concept of employee data breach claims against the MoD.

Guide by JJ

Edited by VR