What Are Your Rights If Your Employer Breaches Your Data Privacy?
In this guide, we’re going to examine the concept of employee data breach claims against Tesco. You might be wondering whether you could make a personal data breach claim for compensation. After all, if your employer breached your data, you could have suffered financial or emotional damage from such a privacy violation.
And, under the Data Protection Act 2018 and GDPR, those who’ve suffered psychological or financial harm from a data breach could have the right to seek compensation. We have created this guide to offer you insight into who could make such claims and what you would need to do to get started.
A data breach could be caused by lots of different incidents. You may assume that many of these relate to cybersecurity issues, such as malicious cyberattacks by hackers, intent on using exposed data for nefarious purposes.
You may already be aware that phishing attacks could lead to a hacker gaining access to computer systems and stealing your data using spyware, ransomware or malware. However, data breach claims could be made for breaches due to human error or mismanagement of your data—providing you can prove you suffered mentally or financially (or both).
How Could We Help With Employee Data Breach Claims Against Tesco?
We have provided answers to common questions about data breach claims in the sections below. However, we are aware that some claimants might be looking for advice on their specific circumstances. If you have any questions about the data breach claim process, or would like to chat with us about your case, you can use the Live Chat messaging service to speak to us.
Or, if you have evidence of a valid claim, why not use the banner below to be connected to Legal Expert? They could connect you with a data breach solicitor if your case has a favourable chance.
Select A Section
- What Is An Employee Data Breach Claim Against Tesco?
- What Are The Rules Of The GDPR?
- Does The GDPR Protect Employees In The Retail Sector?
- Introducing The Seven Principles Of The GDPR
- What Information And Data Are Protected By The GDPR?
- What Is A Breach Of The GDPR By An Employer?
- How Employers May Be In Breach Of GDPR Regulations
- What Consent Do Employers Need To Share Employee Information?
- What Should An Employer Do If There Has Been A GDPR Breach?
- Who Are The ICO?
- Guidelines From The ICO About Protecting Employee Information
- Who Do I Report Data Breaches To?
- Calculating Compensation For Employee Data Breach Claims Against Tesco
- Making No Win No Fee Employee Data Breach Claims Against Tesco
- Related Services And Guides
- FAQs On Breaches Of The GDPR By An Employer
What Is An Employee Data Breach Claim Against Tesco?
The EU and UK have strict legislation to protect the data of individuals. The GDPR and the Data Protection Act 2018 put in place strict rules that data controllers must abide by. Should your employer cause a personal data breach and, as a consequence, you suffer financial or emotional harm, the law could allow you to make a data breach claim.
After all, a data breach could cause you to become the victim of theft, or identity fraud. This could impact you financially. Other effects that you could experience because of a data breach could be emotional. You could suffer stress, distress or anxiety because of a breach.
If you could prove that you have experienced either mental or financial harm because of a breach, you could be eligible to claim data breach compensation. You would also need to launch your claim within 6 years from the date you obtained knowledge of the data breach. However, this is 1 year for a human rights breach.
This guide should give you plenty of useful information so you could get some idea of whether you could have a valid claim.
What Are The Rules Of The GDPR?
GDPR is a piece of legislation that came into force in 2018. It is, arguably, the most far reaching, strictest data privacy and security law in the modern world. It mandates a certain set of data protection standards that organisations must comply with when processing information relating to EU data subjects.
The GDPR was enacted into UK law via the Data Protection Act 2018. All UK employers must comply with the GDPR when it comes to processing personal information of employees. A failure to do so could lead to an organisation receiving hefty fines. They could also be held liable for any psychological or financial damages experienced by victims of a data breach due to a breach of GDPR.
Under GDPR, an organisation should take steps to protect the security and privacy of personal data from being breached. While you might assume this would involve installing a firewall, transferring data via secure methods such as via a VPN (Virtual Private Network) and ensuring they have computer security and network security protocols in place, the threat of a data breach is not solely digital.
A breach could happen due to a number of reasons such as the mismanagement of your personal data or because of a human error. You could even claim as a former employee, or if you worked for Tesco as an agency worker and they breached your data. However, you would have to prove that the breach had caused you mental or financial harm. Financial harm could occur if you become the victim of theft or identity fraud due to a breach. You could also claim for the emotional impact for such a breach.
Does The GDPR Protect Employees In The Retail Sector?
When you apply to work at Tesco, or they employ you, they could record a number of different pieces of personal information about you. This would make them a data controller, and you would be a data subject to them. You have certain rights as a data subject, which include:
- A right to portability of your data
- The right to ask for restrictions on your data processing
- A right to ask for an organisation correct inaccurate data
- The right to have access to your data
- A right to have data erased
- The right to make an objection to the processing of your data
- Rights surrounding automated decision making and profiling
- A right to be informed about an organisation’s processing of your data
You can find out more about your data rights by visiting the Information Commissioner’s website. A breach of these rights could represent a breach of the GDPR. If you suffer psychological harm or financial loss from such a breach you could make an employee data breach claim.
Introducing The Seven Principles Of The GDPR
GDPR requires every data controller to comply with its 7 key principles. These are:
- Data minimisation
- Storage limitation
- Accountability
- Fairness, lawfulness and transparency
- Purpose limitation
- Security (integrity and confidentiality)
- Accuracy
A failure of a data controller to comply with these principles could lead to an investigation by the ICO. If they find they have infringed the Data Protection Act, they could issue the organisation with a hefty fine. In addition to this, victims of such breaches who suffer financial or psychological harm could claim GDPR data breach compensation.
If you would like more advice about what could justify employee data breach claims against Tesco, why not use our live chat today?
What Information And Data Are Protected By The GDPR?
The GDPR protects a variety of different types of personal data. During your course of employment, upon application and even after you’ve left the company, your employer should protect:
- Your personal information such as date of birth, telephone number, address, name, and contact details.
- Online identifiers such as your email address.
- Medical data. This could include your sickness record and any workplace injuries.
- Financial data including your bank details, which they may need to pay you.
- Sensitive data. This could include information about your religious or philosophical beliefs, genetics, racial or ethnic origin, physical and mental health, sex life and sexual orientation. It could also include details of trade union membership, and biometrics, if used for identification.
This does not only mean an employer has to protect digital data. They should also protect data in documents such as notebooks and personnel files. A failure to protect your personal data could have a number of unwanted consequences. If you can prove you suffered emotional harm or financial expense due to a data breach, you could make a claim.
What Is A Breach Of The GDPR By An Employer?
Data breach claims could be made for a variety of different data breaches. A personal data breach could involve the unlawful or unauthorised:
- Loss of data
- Disclosure of information
- Loss of availability of data
- Theft of data
- Alteration, processing access to or destruction of data
The ICO explains that breaches could be caused by those inside or outside the organisation. They could be accidental (for example, due to negligence) or caused by malicious acts.
How Employers May Be In Breach Of GDPR Regulations
There could be a number of potential triggers for the financial or emotional harm that can lead to data breach claims. Some examples could be:
- A member of HR discussed your sickness record with your manager in earshot of your colleagues.
- Staff members lost a USB stick containing your personal data.
- Payroll sent your payslip to the wrong address where an unauthorised recipient accessed it.
- A hacker breached a firewall and stole your personal data.
- Cloud databases containing personal data were not secured, leading to a hacker accessing them without authorisation.
- Other cyberattack incidents using DDoS software, a virus, spyware, malware or other malicious software led to a data breach.
Has There Ever Been A Tesco Data Breach?
In 2020, there was a Tesco Clubcard data breach that reportedly affected loyalty card data of over 620,000 customers. The Tesco data breach of 2020 involved a hacker stealing a database of usernames and passwords, according to reports. While the retailer claimed that no financial details were breached, Tesco blocked access to affected accounts and informed affected parties of the breach.
Source: https://www.which.co.uk/news/2020/03/boots-advantage-card-tesco-clubcard-both-suffer-data-breaches-in-same-week/
No matter whether you suffered a data breach as a customer or an employee, if you can prove you endured emotional or financial harm because of such a breach, you could have your case assessed. That way, you could see if you could be eligible for compensation.
What Consent Do Employers Need To Share Employee Information?
Your employer should gain your consent before sharing your personal data, unless they have a lawful reason for sharing personal information without consent. If you’re wondering what valid reasons there could be for an employer sharing information without consent, you can find details on the ICO website. Generally speaking, the following reasons could be considered valid:
- Contract
- Legal obligation
- Legitimate interests
- Vital interests
- Public tasks
This guide about valid employee data breach claims against Tesco aims to provide information to help you. However, if you’d like to speak to an advisor and access free legal advice, click the banner below.
What Should An Employer Do If There Has Been A GDPR Breach?
The action an employer should take if they have a data breach depends on whether the rights or freedoms of data subjects are at risk. If they are, an organisation has 72 hours to report the breach to the ICO unless they have a valid excuse for not doing so within the timeframe. They should also inform affected data subjects.
Should a data breach happen without risk to the rights and freedoms of individuals, the organisation should make a record of it. However, they do not have to report this kind of breach to the ICO.
Who Are The ICO?
We’ve referred to the ICO a number of times in this guide. ICO stands for Information Commissioner’s Office. This public body protects the data protection rights of individuals in the UK. It could investigate breaches of individuals’ data rights, and enforces data protection law in a number of different ways.
One way it could enforce GDPR is by issuing a fine to an organisation for a data breach. Fines could be hefty and reach tens of millions.
Could The ICO Help Me Make Employee Data Breach Claims Against Tesco?
The ICO would not issue compensation for the suffering a data breach causes. You would need to launch your own claim if you suffer harm from a data protection breach. A data breach solicitor could help with this.
Guidelines From The ICO About Protecting Employee Information
There is a useful document on the ICO website, known as the Employment Practices Code. This publication offers guidance to employers on best practices for data protection of health and personnel records, as well as giving guidance on workplace monitoring. It re-iterates to employers that they must protect the data privacy of:
- Current and former employees
- Former and current contractors
- Agency workers
- Applicants (former and current, whether they are successful or not)
- Contract workers
Who Do I Report Data Breaches To?
If you’re assuming you have to report a data breach to the ICO to claim compensation, this is not necessarily the case. The ICO prefer you to try and settle complaints directly with an organisation that breaches your data.
If, however, they do not respond to your complaint or do not settle your complaint to your satisfaction, you could contact the ICO, who could investigate the matter further. You would need to do so within three months of your employer’s final response to you on the matter.
Even if you don’t escalate your complaint with the ICO, you could make an employer data breach claim. That is, providing you can prove your mental or financial suffering. A data breach lawyer could assist with this.
Calculating Compensation For Employee Data Breach Claims Against Tesco
We have already mentioned that data breach claims could be made for financial and emotional harm. The reason you could claim for psychological or psychiatric injuries (without also having to claim for financial losses) is due to Vidal-Hall and others v Google Inc [2015].
In this case, from 2015, the Court of Appeal held that compensation awards like those for personal injury claims involving psychiatric and psychological harm should be considered within a data breach claim. This means you could potentially claim for anxiety, loss of sleep, depression and stress if you suffer such injuries due to a data breach.
Before this case, you could only claim for psychological harm if you’d also lost out financially.
How To Calculate Employee Data Breach Claims Against Tesco
Calculating GDPR data breach compensation for financial harm could be as simple as assessing bank statements and bills to calculate the value of stolen funds or fraudulent purchases. When calculating compensation for psychiatric injuries, lawyers prefer to see a medical report.
You would obtain this by attending a medical assessment with an independent medical expert as part of your claim. The medical assessment also acts to allow you to evidence that your condition was caused or worsened by the data breach.
Lawyers and the courts could assess the medical report alongside the Judicial College Guidelines (JCG), to see how much compensation could be appropriate. The JCG contains recommended compensation amounts for varying injuries.
To give you a little insight into what the publication says could be appropriate for psychological injuries, we’ve created the compensation table below.
Injury | Approx Guideline Amount Per The JCG | Severity |
---|---|---|
General psychological damages | Up to £5,500 | Less severe |
PTSD damages | Up to £7,680 | Less severe |
General psychological damages | £5,500 to £17,900 | Moderate |
PTSD damages | £7,680 to £21,730 | Moderate |
General psychological damages | £17,900 to £51,460 | Moderately severe |
PTSD damages | £21,730 to £56,180 | Moderately severe |
PTSD damages | £56,180 to £94,470 | Severe |
General psychological damages | £51,460 to £108,620 | Severe |
If you’re not quite sure how severe your injury is or are wondering if you could be eligible for this type of compensation, why not use Live Chat to get advice and support from our team?
Making No Win No Fee Employee Data Breach Claims Against Tesco
Many claimants who would like to make employee information data breach claims prefer to have a data breach lawyer on their side. This way, they can feel assured that all paperwork would be put together professionally.
In addition, the data breach solicitor could take on all the negotiations for a compensation settlement. Using a lawyer doesn’t have to mean paying legal fees upfront either. With No Win No Fee claims, you would not have to pay legal fees until your compensation payout comes through.
How Do No Win No Fee Employee Data Breach Claims Against Tesco Work?
- Your data breach lawyer sends you a Conditional Fee Agreement (the formal term for a No Win No Fee agreement). This is a document that would set out the success fee you would pay in the event of a successful claim. It is normally a small percentage of the compensation.
- When your lawyer receives your signed agreement, they would work on your case for you. They would try to negotiate a payout on your behalf.
- Once compensation comes through, the solicitor would deduct the agreed fee, and you’d benefit from the balance.
- If your data breach compensation claim failed, you would not pay the success fee.
Do you have evidence of a valid claim and are interested in learning more about No Win No Fee claims? You can reach us via Live Chat to ask us any questions about this method of claiming. Alternatively, why not click on the banner below? It will take you to Legal Expert. Contacting Legal Expert’s advisors could result in them connecting you to a No Win No Fee solicitor.
Related Services And Guides
Trends In Data Security Incidents: You can find insight into the industry sectors that have experienced data breaches here.
Are You Data-Aware?: It is very important for people to be aware of who has their personal data and how they use it. This guide could help you become more data-aware.
NCSC Guidance: Here, you can find advice from the National Cyber Security Centre on data breaches.
Your Rights At Work: You can find useful insight into your rights while you’re at work here.
Employee Data Breach Claims: Our general guide pertaining to employee data breaches can be found here.
No Win No Fee Claim: Would you like to learn more about No Win No Fee claims? This guide could help.
FAQs On Breaches Of The GDPR By An Employer
What Constitutes A Breach Of The GDPR?
A breach of the GDPR could involve the loss or theft of personal data. Or it could involve the unlawful or unauthorised access to, or transmission, disclosure, destruction or alteration of your personal information. Even the loss of availability of your data could be a breach of data protection law.
Can I Sue My Employer For Breach Of Data Protection?
To make data breach claims against an employer you would need to be able to prove a breach occurred. You’d also need to evidence the harm it caused you, whether financial or emotional or both.
Thank you for reading our guide that explores what valid employee data breach claims against Tesco could look like.
Guide by JEF
Edited by VIC