Data Breach Claims Against Employer

Employee Data Breach Claims Against The DWP

free advice on data breach claims

What Rights Do Employees Have If An Employer Breaches Their Data Privacy?

In this guide, we will explain what could justify employee data breach claims against the DWP. Has a DWP employee data breach affected you? Then continue reading to learn more about personal data breaches.

What is the DWP? The Department for Work and Pensions (DWP) is the UK’s largest public service department. It is responsible for pensions, welfare and child maintenance policy. The DWP administers pensions and benefits to over 20 million claimants in the UK. The DWP is an organisation that operates in the UK. Therefore it has to follow the General Data Protection Regulation (GDPR) that was enacted into UK law through the Data Protection Act 2018.

Under the General Data Protection Regulation, organisations have a duty of care towards any personal data they collect from the public. Therefore, if an employee information data breach occurs, the DWP could be liable for any psychological or financial harm caused. The Information Commissioner’s Office may fine the Department for Work and Pensions. What’s more, if the DWP breaches an employee’s personal data privacy and they suffer mentally or financially, the employee could claim compensation from them.

What Can I Do If My Personal Data Was Breached?

We have provided you with advice about claiming compensation for a personal data breach in this guide. So continue reading to learn more about what evidence could justify employee data breach claims against the DWP. Or you could contact us for further information.

Alternatively, click the banner below to get in touch with Legal Expert if you would like to see if you could begin a claim.

free advice on data breach claims

 Select A Section

  1. What Is Data Protection Law?
  2. Does The GDPR Protect The Department Of Work And Pensions Employees?
  3. The GDPR’s 7 Principles of Data Protection
  4. What Data Is Protected Under The GDPR?
  5. How Can An Employer Breach Data Protection Law?
  6. How Could The DWP Breach Employees’ Data Privacy?
  7. Reasons Why An Employee Could Claim Against The DWP
  8. Claims For The Sharing Of Employees’ Personal Information Without Consent
  9. What Is The Role Of The ICO?
  10. The ICO’s Employer Practice Guide
  11. Who Can I Report My Employer To If They Breach My Data?
  12. Calculating Compensation Payouts For Data Protection Breaches
  13. Employee Data Breach Claims Against The DWP No Win No Fee Agreement
  14. More Data Breach Resources
  15. FAQs On Government Employee Data Privacy

What Is Data Protection Law?

The General Data Protection Regulation (often abbreviated to GDPR) is EU data protection legislation. The Data Protection Act 2018 enacts the GDPR into United Kingdom law. The purpose of the General Data Protection Regulation is to uphold people’s data privacy and data security. Subsequently, this legislation applies to every business and organisation in the UK that processes personal information.

Under the General Data Protection Regulation, organisations such as the Department for Work and Pensions should do the following:

  • Have a duty of care towards the data it collects. This means that they are responsible for protecting it.
  • Have systems to protect personal data. For example, training staff on data protection techniques and having an adequate cybersecurity system in place.

Does The GDPR Protect The Department Of Work And Pensions Employees?

The General Data Protection Regulation refers to “data subjects”. A data subject is an individual whose personal data is collected by an organisation. Under the GDPR, organisations that process data subjects’ personal information should protect that data.

How Should The DWP Protect Data Subjects?

employee data breach claims against the DWP

Under the GDPR, the Department for Work and Pensions could do the following:

  • Only collect personal data if the data subject has permitted them to do so.
  • Explain why they will use the personal data. Moreover, they must not use the data for another purpose.
  • Keep the data that it has collected up to date where reasonably possible.
  • Not share personal information without consent. However, they could share the data without your consent if there’s a lawful exception.

What’s more, individuals are permitted rights under the GDPR. This includes the right to access their personal data and the right to restrict data processing under certain circumstances.

To clarify, employers need to protect their employees’ personal data if they collect or process it. Therefore, if a DWP staff data breach takes place and employees have evidence that they suffered mentally or financially, they may have the right to claim compensation. To learn more about claiming data breach compensation, please feel free to contact our support service.

The GDPR’s 7 Principles of Data Protection

There are seven core principles of the General Data Protection Regulation. Let’s look at what these are, below.

  • Lawfulness, fairness and transparency: This means that organisations should process data in a lawful manner. What’s more, organisations should inform data subjects of how they will use their data.
  • Purpose limitation: This means that personal data should only be processed for the reason stated. The organisation should not process personal data for any other reason.
  • Data minimisation: This means that organisations should not collect more personal data than they need to.
  • Accuracy: This means that organisations keep their database accurate and up to date if it contains personal information. For example, an employee’s address should be updated on the database, if they inform the employer that they have moved house and provide them with the address.
  • Storage limitation: This means that organisations should not keep personal data longer than necessary. Organisations should delete personal data when they no longer need it.
  • Integrity and confidentiality (security): This means that organisations should use security and anonymisation systems (for example) to protect the personal data they have collected.
  • Accountability: When asked, an organisation’s data controllers should be able to provide evidence that they have complied with the GDPR. If they haven’t, they should be accountable for this.

This guide aims to help those considering an employee data breach claims against the DWP. However, if you have unanswered questions, get in touch.

What Data Is Protected Under The GDPR?

Personal data is information that distinguishes an individual. It is normal for organisations such as the Department for Work and Pensions to collect, process and store employee personal data.

Here are some examples of employee personal data that an employer may collect:

  • Names
  • Email address
  • Home address
  • Telephone number
  • Banking information
  • Date of birth
  • Sex/Gender
  • Race or ethnic group
  • Religion or lack thereof
  • Marital status
  • Whether or not the employee has a disability or any notable health conditions

In addition, the Department of Work and Pensions will collect job specific personal data from their employees. For example, the organisation may collect data about an employee’s job role, job location, information about performance reviews and salary information.

How do organisations store personal data?

The organisation may store the data in a filing system or electronically. Or the data may be part of a record that only authorised persons can access. No matter how it’s stored, if it is personal data, the employer has a responsibility to secure it from unauthorised persons.

How Can An Employer Breach Data Protection Law?

What is a data breach by an employer? A data breach is caused by a security breach that leads to personal data being lost, destroyed, accessed, changed or disclosed without authorisation or a lawful basis. A staff data breach can happen because of human error, or deliberately (for example, because an organisation was attacked by hackers).

An employee data breach could include the following incidents:

  • An unauthorised person gains access to personal data.
  • Personal data is lost, stolen or destroyed.
  • Employee personal data is altered or encrypted.
  • There is a personal data leak or data exposure incident.

As we have just mentioned, employee data breaches of the GDPR can happen because of errors that were made by employees. For example, the employer could send a letter to an employee. However, they may accidentally send the letter to the wrong address and an unauthorised recipient may access it. Therefore the organisation would be sharing personal information without consent or a lawful basis. These mistakes could be considered a privacy violation and a data protection breach.

On the other hand, a data breach can also happen if cybercriminals intentionally cause a data breach. For instance, the employer may be the target of a cyber-attack. This means that cybercriminals may attack the organisation using malware (malicious software). After that, the criminals may gain unlawful access to the organisation’s database and use the stolen data for malicious or illegal purposes.

Have you been affected mentally or financially by a DWP data breach? Contact us today about making data breach claims to find out more.

How Could The DWP Breach Employees’ Data Privacy?

Now let’s look at an example of a DWP data protection breach, which took place in recent years. This DWP data breach involved the breach of the DWP claimant’s personal data.

In March and June 2018 the DWP published files online, which included information about routine payments made to outsourcing company Capita. Unfortunately, the files contained National Insurance Numbers (NI numbers) belonging to approximately 6,000 people. These individuals claimed Personal Independence Payments (PIP) through the DWP. PIP is a type of disability benefit. Unfortunately, the files remained online for over two years.

In November 2020 the privacy rights group Big Brother Watch discovered the DWP breach of the Data Protection Act. The organisation alerted the DWP and the Mirror newspaper. Consequently, the files were removed. The Department for Work and Pensions apologised for the data breach.

Have you been affected by a government department data breach, such as the one above? Or have you been impacted mentally or financially by a DWP staff data breach? If you can prove you have evidence of a valid claim, then you may be eligible to claim GDPR data breach compensation. Use the banner throughout the guide to contact Legal Expert.

Source URL: www.itpro.co.uk/security/data-breaches/357724/dwp-data-breach-exposed-6000-ni-numbers

Reasons Why An Employee Could Claim Against The DWP

You may be eligible to make employee data breach claims under the following circumstances:

  1. You are an employee or former employee of the DWP and they hold your personal data. Therefore the organisation has a duty of care towards your personal data.
  2. An employee information data breach took place, which compromised your personal data.
  3. So consequently, your personal data privacy was breached. As a result, you experienced emotional distress, financial losses or both.

Sometimes a data breach lawyer can handle your claim on a No Win No Fee basis. This means that there is a lesser financial risk for you when using the services of a solicitor to claim.

To begin your employee data breach claim, contact Legal Expert today using the banner shown throughout this article. If the data breach violated your human rights, the time limit is reduced to one year. Therefore, we recommend contacting Legal Expert as soon as possible to see if you can begin the data breach claims process right away.

Claims For The Sharing Of Employees’ Personal Information Without Consent

Normally, sharing personal information without consent is not allowed under the General Data Protection Regulation. However, there is a lawful basis for employers to share personal data without consent in certain circumstances. These are as follows:

  • Vital interests: This is when an employer believes an employee’s life is at risk. For example, if an employee needs emergency medical treatment and an employer shares private medical information with paramedics or doctors.
  • Legal obligation: This is when an employer shares an employee’s personal data because they are required to by law. For example, an employer shares an employee’s salary information with HMRC.
  • Contract: They may use it to fulfil a contract with you.
  • Public task: If sharing your data is in the public’s interest, they could do so.
  • Legitimate interests: They may share your data for business interests.

You can claim compensation from your employer if they have shared your personal data without consent or without a lawful reason to do so and it’s caused you psychological harm or financial loss.

free advice on data breach claims

What Is The Role Of The ICO?

The Information Commissioner’s Office (ICO) is a public body in the United Kingdom. Their role is to protect the data privacy rights of the public. They do so by enforcing the General Data Protection Regulation and UK legislation such as the Data Protection Act 2018.

The ICO has the power to investigate companies and organisations that commit employee data breaches under the GDPR. Furthermore, the Information Commissioner’s Office can administer fines to organisations that have committed data breaches.

The ICO’s Employer Practice Guide

The ICO has an employment practices code to help employers understand their role in data protection. Employers are legally required to protect personal data that belongs to their employees if they collect or process it. The term “employees” includes individuals that meet the following criteria:

  • Full-time employees
  • Part-time employees
  • Casual workers, agency workers and contract workers
  • Interns and voluntary workers
  • People who have applied for jobs, whether successful or not

Who Can I Report My Employer To If They Breach My Data?

What should you do if you believe that your employer has breached your personal data privacy? Firstly, we recommend that you report the data breach to your employer. Escalate the complaint, if you are not happy with the response you receive.

You can report the data protection breach to the ICO if you are not satisfied with the way your employer has dealt with the matter. However, you would have to do so within three months of your employer’s final response. The ICO may investigate the DWP for the GDPR data breach.

Calculating Compensation Payouts For Data Protection Breaches

Do you wish to make employee data breach claims against the DWP? If a claimant has a valid claim and it’s successful, they could receive compensation. To see how mental suffering is valued, use the compensation table below.

The compensation table only includes non-material damages compensation. Non-material damages compensate you for psychological harm caused by the data breach.

The table does not include material damages, which compensate you for any financial loss the data breach causes.

Type of psychological injurySeriousnessCompensation rangeAbout the injury
Psychiatric InjurySevere£51,460 to £108,620The claimant may experience marked issues with the following factors:

1) Their ability to cope with things such as education, work or other parts of their life.
2) The impact the injury has had on their relationships.
3) The prognosis.
Psychiatric InjuryModerately Severe£17,900 to £51,460The claimant will experience significant problems with reference to the factors highlighted above. However, this person should have a better prognosis.
Psychiatric InjuryModerate£5,500 to £17,900Whilst the claimant will experience problems with these factors, they should have a better prognosis than the categories above.
Post-Traumatic Stress DisorderSevere£56,180 to £94,470This person may experience permanent systems of PTSD. Symptoms could include night terrors, suicidal ideation and hyper-arousal.

PTSD could impact all areas of the claimants life.
Post-Traumatic Stress DisorderModerately Severe£21,730 to £56,180This person could be affected in a similar way to those above. They should expect a better prognosis with professional care.
Post-Traumatic Stress DisorderLess SevereUp to £7,680The person would have had practically a full recovery within two years.

This table is based on the Judicial College Guidelines (JCG). The JCG is a publication solicitors may use to help them when valuing conditions.

Of course, the amount of compensation you could receive may vary. A data breach solicitor can accurately estimate how much compensation you could claim. Get in touch if you’d like a more accurate estimate.

Employee Data Breach Claims Against The DWP No Win No Fee Agreement

If you use the services of a data breach lawyer, you may want them to handle your claim on a No Win No Fee basis. No Win No Fee is a way of funding your solicitor for an employer data breach with less financial risk.

This is because, instead of paying a solicitor’s fee before the solicitor starts work on your claim, you will pay a success fee at the end of your claim. However, your solicitor will have to meet certain conditions before they can charge you a success fee.

Why Do Some People Prefer To Make A No Win No Fee Claim?

  • It is more affordable because there is no upfront solicitor’s fee to pay. Instead, your lawyer will deduct your success fee from your compensation payout.
  • The success fee is legally capped.
  • The financial risk is lower because you won’t have to pay the solicitor’s fee unless you win.

To ask us a question about claiming compensation for a DWP staff data breach, please contact us. You can contact us to ask us a question or use the live chat on your screen. On the other hand, if you have evidence of a valid claim, contact Legal Expert.

free advice on data breach claims employee data breach claim against the DWP

More Data Breach Resources

Here is some more information on employer data breaches.

Employee Data Breach Claims Against An Employer

HSBC Employee Data Breach Claims

NHS Employee Data Breach Claims

External Guides

Guidance from the ICO about raising concerns over an employer data breach.

Information from the ICO on how to be data-aware.

Dealing With Workplace Problems – Some helpful guidance from Acas on trying to resolve workplace issues.

FAQs On Government Employee Data Privacy

Who else should I report my data breach to?

If you believe you have been affected by a government department data breach, you may wish to raise a formal complaint with them. If they fail to deal with the data breach correctly, you can report the organisation to the ICO.

Does the ICO have to have fined the DWP for me to claim?

No, the ICO does not have to fine the Department for Work and Pensions, for you to make a data breach claim.

How long do I have to claim?

There is a data breach claims time limit of six years from the date you obtained knowledge of the breach. Alternatively, if the data breach involved a violation of human rights, you would have one year.

How long do claims take?

Sometimes the data breach claims process only takes a few months. Compensation claims that involve a complex data breach case can take longer to settle.

Thank you for reading our guide exploring the justifications behind potential employee data breach claims against the DWP.

Guide by CHE

Edited by VIC

Employee Data Breach Claims Against IAG

free advice on data breach claims

What Are Your Privacy Rights After A Data Breach?

Employee data breach claims against IAG could be justifiable if you’ve fallen victim to a data security incident in which your personal information is compromised unlawfully. The breach will need to have led to you suffering damage to your mental health or finances.

Employers must take data protection seriously and there are laws in the UK they must follow. If an employer fails to protect your personal information which results in a privacy violation, you could seek compensation if you suffer mental or financial damage as a consequence.

employee data breach claims against IAG

How to pursue employee data breach claims against IAG

We have produced this guide to provide information on how a data breach could happen. You will find information on when to seek legal advice from an expert. In the following sections, we cover how much a data breach claim against an employer could be worth. Furthermore, we explain how compensation is worked out and the sort of damages you could seek.

To find out more about making a data breach claim against IAG, please click on the sections below. To get in touch with a member of our team, please fill out the contact form by clicking here.

Alternatively, if you would like to begin a claim straight away, please click on the banner on this page or call Legal Expert on  0800 073 8804 to receive a free assessment of your claim.

Select A Section

What Is An Employee Data Breach Claims Against IAG?

A data breach claim against IAG could be warranted for several reasons. As an employer, IAG is a data controller. Therefore, your employer decides how your personal information is collected, processed, and stored.

As an IAG employee, you are a data subject and there are laws that protect how your personal information is processed and used by your employer. However, your information may be processed and stored by a third party which is known as a data processor.

There are many reasons why an employee data breach could happen whether intentionally, accidentally, or criminally. Whatever the reason for the breach, when personal data and privacy is compromised, you could file a claim for compensation.

For a data breach claim against IAG to be valid, you must prove:

  • Your personal data was unlawfully accessed
  • You suffered damage to your mental health or finances as a result of the breach
  • IAG was responsible for the breach occurring

Time Limits to Making a Data Breach Claim Against IAG

You also must make your claim in time. There is a 6-year time limit attached to data breach claims. The deadline runs from the time you obtained knowledge of the breach. You have 6 years to claim in standard cases, however, when your human rights are affected by a breach, you only have 1 year to seek compensation.

As such, it is far wiser to seek legal advice sooner rather than later just in case the shorter time limit applies to your case.

What Is The Purpose Of GDPR?

The General Data Protection Regulation or GDPR sets out the rules that govern how personal data is used. Your employer must abide by these strict rules to ensure data safety. Along with the General Data Protection Regulation, the Data Protection Act 2018 (DPA 2018), all data controllers must have a legal basis for collecting and processing data. Furthermore, your employer must have your permission to do so.

The GDPR and the DPA 2018 also requires that employers (data controllers) keep personal data secure. To ensure your personal information is protected at all times, your employer should have robust security protocols in place.

These protocols should apply to online and offline security. An employer, therefore, should have robust cyber-security and carry out regular testing of their defences. They must also have robust physical security measures in place to protect your physical data, such as ensuring storage cabinets are locked.

Data Protection In The Workplace

When you are employed by IAG, your employer will store information about you. This should only be what is required. As time goes by, an employer may gather more personal data about you which is both personal and sensitive.

When there is a data breach and your data is unlawfully accessed or shared, the consequences can be far-reaching. You may suffer financial losses, identity theft, or be the victim of fraud. That said, if a file containing sensitive information is left open on a desk, sensitive data about you could be seen by other people.

Data protection in the workplace is of paramount importance and employers must do all they can to protect the information they hold. When there is a breach and data is stolen or shared without permission, you could seek data breach compensation if you go on to suffer mental or financial damage.

Whether the breach was due to a criminal cyber-attack, because of human error, or it was accidental, you still have the right to seek data breach compensation if you have evidence it was the fault of your employer.

To speak to an adviser and to find out more about employee data breach claims please get in touch by filling out our contact form by clicking here.

How Many GDPR Principles Are There?

There are 7 key principles contained within GDPR which are detailed below:

  • Data controllers must use lawful, transparent, and fair methods when processing data
  • Organisations that collect and process data must only collect and process data that is required ‘for purpose’
  • Data must be used for specified reasons and no other reason
  • Personal data must be correct and up-to-date
  • Secure methods must be used when processing personal data
  • Data must not be kept for longer than necessary
  • Organisations that collect and process personal data must abide by the regulations and be accountable

For more advice and support about data breach claims against an employer, please use our contact form. You can also use our Live Chat to speak to an expert adviser.

What Is A Breach Of The GDPR In The Workplace?

A data breach in the workplace may happen accidentally, or it could be due to human error. In short, a breach of the GDPR and the DPA 2018 does not have to involve cyber-criminals or hackers. Whatever the cause of the breach, employee data breach claims against an employer could be valid if you suffer damage to your finances or mental health because of their failings.

A data breach could be due to the following:

  • An email is sent to the wrong recipient containing your personal information
  • Cyber-criminals target your employer with phishing emails and other sorts of cyber-attacks
  • Someone gains access to your personal information that is not securely stored whether in a physical file or online
  • Devices are lost or stolen that contain data that is not encrypted
  • A file containing personal data is left exposed on a desk
  • A computer screen is left on displaying someone’s personal data

To find out more about employee data breach claims against IAG, please contact us by using our Live Chat or by filling out the contact form.

Workplace Data The DPA Protects

Personal data that directly or indirectly identify an individual is protected by the Data Protection Act 2018.

The sort of personal data that could identify you directly includes:

  • Name
  • Personal address
  • Personal email
  • Private telephone number
  • National Insurance Number
  • Financial information

Personal data that could indirectly identify you:

  • A disability
  • Age
  • Race or ethnicity
  • Marital status
  • Sexual orientation
  • Religious belief

Your personal data stored by an employer whether physically or electronically is protected by the GDPR and the DPA 2018.

Please use our Live Chat to speak to an adviser, or you can fill out our contact form and a member of our team will get back to you. You will receive free advice on how to go about making a data breach claim against your employer.

free advice on data breach claims

How Employers Could Be In Breach Of The General Data Protection Regulation

There is a database the Information Commissioner’s Office holds of action taken against organisations (data controllers) that failed to follow data protection law. A breach was reported by British Airways which is owned by IAG in 2018. The breach saw 420,000 customer and staff data illegally accessed. It related to personal and financial information and led to a record fine of £20m.

Employers in the UK who do not follow the law, or who fail to have the required online and offline security protocols in place could be in breach of the law.

To discuss a data breach claim against an employer, you can either fill out the contact form by clicking here, or you can speak to an adviser using the Live Chat option.

Consent And Lawful Data Sharing Practices

Your employer must have your explicit consent to share any personal data they collect, process or store about you. That said, there are circumstances when your data could be lawfully shared without your consent. Examples of when an employer could share your data with another party include:

  • When HMRC requests information about you for tax and payroll purposes
  • If a life is at risk
  • If it is in the public interest to share your data

When an employer has the right to share your private data with other parties, the data shared must only be information that is necessary.

To find out more about making a data breach claim against an employer, please use our Live Chat. You can also fill out our contact form and a member of our team will get straight back to you.

What Steps Should Employers Take To Deal With Data Breaches?

When an employer is made aware of a data breach, there are specific actions they are obliged to take. This includes:

  • Reporting the breach to the Information Commissioner’s Office (ICO) within 72 hours
  • Launch an internal investigation into how the breach happened
  • Establish how much data was accessed in the breach
  • Determine who is affected by the breach
  • Inform anyone affected by the breach without undue delay
  • Set in place mitigation protocols

When your employer tells you about a data breach whether by email or by post, you must keep copies. The information will strengthen your case if you want to make an employee data breach claim.

To connect with an adviser, please use our contact form. Alternatively, you can opt to chat with an adviser on our Live Chat.

What Does The Office Of The ICO Do?

The Information Commissioner’s Office’s job (ICO) is to enforce data protection law in the UK. However, the ICO’s role is not just limited to enforcing data protection regulations. The authority also:

  • Hold databases of actions they have taken and fee-paying organisations
  • Responsible for enforcing several different pieces of legislation
  • Dealing with reports relating to data breaches
  • Providing data protection guidelines to data controllers and processors
  • Issuing fines to organisations that are in breach of data protection law
  • Making recommendations to organisations in breach of the law to help ensure compliance

The Information Commissioner’s Office has the power to enforce heavy penalties on organisations that do not abide by data protection laws. These fines can go into the hundreds of thousands of pounds depending on the severity of a data breach.

To find out if you have a valid data breach claim against IAG, please get in touch today by filling out the contact form, or by chatting to an adviser via our Live Chat.

Guidelines On How To Protect Employee Data

The Information Commissioner’s Office provides organisations with guidelines to reduce the risk of data breaches happening. The ICO also provides essential training documentation to data controllers. An example being the Employment Practices Code.

If you think your personal data is compromised and you want to know if you have a valid claim, please click on our contact form page above. An experienced adviser will get back to you without delay.

Reporting Workplace Data Protection Breaches

When your personal information or privacy is compromised in a breach, you have the right to request that the Information Commissioner’s Office (ICO) investigates the event. That said, you should try to resolve the problem with your employer before contacting the ICO.

To do so, you can try the following:

  • Send your employer a formal complaint
  • If you are unhappy with your employer’s response, take the matter further
  • Contact the Information Commissioner’s Office to report your concerns

However, you must not wait too long before contacting the ICO to make a complaint because if you do, the authority may not want to investigate the breach.

For more information on how to report a data breach to the Information Commissioner’s Office (ICO), please get in touch with a member of our team today.

Calculate Employee Data Breach Claims Against IAG

When you make a successful data breach claim against IAG, you could receive two forms of compensation. These are:

  • Non-material damages for the injuries/mental ham you suffered, such as stress, anxiety or depression
  • Material damages for any financial losses you incurred

An important ruling was made in the Court of Appeal in the case of Vidal-Hall and others v Google Inc [2015]. It was held that:

  • Victims of a data breach can claim non-material damages for mental harm caused by a data breach even when no financial losses are incurred
  • The amounts awarded for non-material damages should be based on personal injury law with guidance sought from the Judicial College Guidelines

The table below provides an idea of the sort of compensation you could receive for mental harm. The amounts are taken from the Judicial College Guidelines (JCG) which courts, personal injury lawyers, and insurers refer to when valuing a claim.

Mental HarmSeverityCompensation awarded for non-material damages based on Judicial College Guidelines
Psychiatric harm Severe£51,460 to £108,620
Psychiatric harmModerately Severe£17,900 to £51,460
Psychiatric harmModerate£5,500 to £17,900
Psychiatric harmLess SevereUp to £5,500
Post-traumatic stress disorder PTSDSevere£56,180 to £94,470
PTSD Moderately Severe£21,730 to £56,180
PTSD Moderate£7,680 to £21,730
PTSD Less SevereUp to £7,680

Please note, the amounts are provided as a general guideline only. For an accurate estimate, you would need to discuss your case in more detail with an expert lawyer. Why not click one of the Legal Expert banners above to speak to someone today?

No Win No Fee Workplace And Employee Data Breach Claims Against IAG

You may be worried about paying for legal representation which can be expensive. However, many personal injury lawyers provide clients with No Win No Fee terms. This means you only pay for a No Win No Fee lawyer’s services when you receive data breach compensation. In short, you will not pay an upfront fee, and you will not have to pay ongoing fees.

However, a No Win No Fee lawyer will need to review your claim before offering these terms. That said, when they find you have good reason to sue for data breach compensation, they will send you a Conditional Fee Agreement (No Win No Fee agreement). You need to read the Terms and Conditions set out in the contract before signing it and returning it to the solicitor.

A No Win No Fee lawyer will take a small percentage of the compensation you are awarded. This is the ‘success fee’ which is legally capped. To find out whether you could make a No Win No Fee data breach claim against IAG, please fill out our contact form. Alternatively, you can click on the Legal Expert banner to receive free advice on how best to proceed with your claim.

free advice on data breach claims

Workplace Data Protection Resources

Links to useful internal guides to data breach claims:

Links to helpful sites relating to data breaches:

FAQs On Protecting Data At Work

Below we have provided some answers to frequently asked questions about data breaches.

What is a data controller?

A data controller is an organisation that collects, processes, and stores the personal data of an individual (data subject).

What is a data subject?

A data subject is an individual whose data is collected, processed and stored by an organisation (data controller).

When could you be compensated?

When your personal data or privacy is compromised in a data breach, you could seek compensation.

How long could a claim take?

how long a data breach claim takes to settle will depend on the severity of a breach. Data breach claims can be settled in a few months, whereas more serious claims can take a few years to settle.

Thank you for reading our article on data breach claims against IAG.

Guide by WD

Edited by BER