What Are Your Privacy Rights After A Data Breach?
Employee data breach claims against IAG could be justifiable if you’ve fallen victim to a data security incident in which your personal information is compromised unlawfully. The breach will need to have led to you suffering damage to your mental health or finances.
Employers must take data protection seriously and there are laws in the UK they must follow. If an employer fails to protect your personal information which results in a privacy violation, you could seek compensation if you suffer mental or financial damage as a consequence.
We have produced this guide to provide information on how a data breach could happen. You will find information on when to seek legal advice from an expert. In the following sections, we cover how much a data breach claim against an employer could be worth. Furthermore, we explain how compensation is worked out and the sort of damages you could seek.
To find out more about making a data breach claim against IAG, please click on the sections below. To get in touch with a member of our team, please fill out the contact form by clicking here.
Alternatively, if you would like to begin a claim straight away, please click on the banner on this page or call Legal Expert on 0800 073 8804 to receive a free assessment of your claim.
Select A Section
- What Is An Employee Data Breach Claims Against IAG?
- What Is The Purpose Of GDPR?
- Data Protection In The Workplace
- How Many GDPR Principles Are There?
- What Is A Breach Of The GDPR In The Workplace?
- Workplace Data The DPA Protects
- How Employers Could Be In Breach Of The General Data Protection Regulation
- Consent And Lawful Data Sharing Practices
- What Steps Should Employers Take To Deal With Data Breaches?
- What Does The Office Of The ICO Do?
- Guidelines On How To Protect Employee Data
- Reporting Workplace Data Protection Breaches
- Calculate Employee Data Breach Claims Against IAG
- No Win No Fee Workplace And Employee Data Breach Claims Against IAG
- Workplace Data Protection Resources
- FAQs On Protecting Data At Work
A data breach claim against IAG could be warranted for several reasons. As an employer, IAG is a data controller. Therefore, your employer decides how your personal information is collected, processed, and stored.
As an IAG employee, you are a data subject and there are laws that protect how your personal information is processed and used by your employer. However, your information may be processed and stored by a third party which is known as a data processor.
There are many reasons why an employee data breach could happen whether intentionally, accidentally, or criminally. Whatever the reason for the breach, when personal data and privacy is compromised, you could file a claim for compensation.
For a data breach claim against IAG to be valid, you must prove:
- Your personal data was unlawfully accessed
- You suffered damage to your mental health or finances as a result of the breach
- IAG was responsible for the breach occurring
Time Limits to Making a Data Breach Claim Against IAG
You also must make your claim in time. There is a 6-year time limit attached to data breach claims. The deadline runs from the time you obtained knowledge of the breach. You have 6 years to claim in standard cases, however, when your human rights are affected by a breach, you only have 1 year to seek compensation.
As such, it is far wiser to seek legal advice sooner rather than later just in case the shorter time limit applies to your case.
The General Data Protection Regulation or GDPR sets out the rules that govern how personal data is used. Your employer must abide by these strict rules to ensure data safety. Along with the General Data Protection Regulation, the Data Protection Act 2018 (DPA 2018), all data controllers must have a legal basis for collecting and processing data. Furthermore, your employer must have your permission to do so.
The GDPR and the DPA 2018 also requires that employers (data controllers) keep personal data secure. To ensure your personal information is protected at all times, your employer should have robust security protocols in place.
These protocols should apply to online and offline security. An employer, therefore, should have robust cyber-security and carry out regular testing of their defences. They must also have robust physical security measures in place to protect your physical data, such as ensuring storage cabinets are locked.
When you are employed by IAG, your employer will store information about you. This should only be what is required. As time goes by, an employer may gather more personal data about you which is both personal and sensitive.
When there is a data breach and your data is unlawfully accessed or shared, the consequences can be far-reaching. You may suffer financial losses, identity theft, or be the victim of fraud. That said, if a file containing sensitive information is left open on a desk, sensitive data about you could be seen by other people.
Data protection in the workplace is of paramount importance and employers must do all they can to protect the information they hold. When there is a breach and data is stolen or shared without permission, you could seek data breach compensation if you go on to suffer mental or financial damage.
Whether the breach was due to a criminal cyber-attack, because of human error, or it was accidental, you still have the right to seek data breach compensation if you have evidence it was the fault of your employer.
There are 7 key principles contained within GDPR which are detailed below:
- Data controllers must use lawful, transparent, and fair methods when processing data
- Organisations that collect and process data must only collect and process data that is required ‘for purpose’
- Data must be used for specified reasons and no other reason
- Personal data must be correct and up-to-date
- Secure methods must be used when processing personal data
- Data must not be kept for longer than necessary
- Organisations that collect and process personal data must abide by the regulations and be accountable
For more advice and support about data breach claims against an employer, please use our contact form. You can also use our Live Chat to speak to an expert adviser.
A data breach in the workplace may happen accidentally, or it could be due to human error. In short, a breach of the GDPR and the DPA 2018 does not have to involve cyber-criminals or hackers. Whatever the cause of the breach, employee data breach claims against an employer could be valid if you suffer damage to your finances or mental health because of their failings.
A data breach could be due to the following:
- An email is sent to the wrong recipient containing your personal information
- Cyber-criminals target your employer with phishing emails and other sorts of cyber-attacks
- Someone gains access to your personal information that is not securely stored whether in a physical file or online
- Devices are lost or stolen that contain data that is not encrypted
- A file containing personal data is left exposed on a desk
- A computer screen is left on displaying someone’s personal data
Personal data that directly or indirectly identify an individual is protected by the Data Protection Act 2018.
The sort of personal data that could identify you directly includes:
- Personal address
- Personal email
- Private telephone number
- National Insurance Number
- Financial information
Personal data that could indirectly identify you:
- A disability
- Race or ethnicity
- Marital status
- Sexual orientation
- Religious belief
Your personal data stored by an employer whether physically or electronically is protected by the GDPR and the DPA 2018.
Please use our Live Chat to speak to an adviser, or you can fill out our contact form and a member of our team will get back to you. You will receive free advice on how to go about making a data breach claim against your employer.
There is a database the Information Commissioner’s Office holds of action taken against organisations (data controllers) that failed to follow data protection law. A breach was reported by British Airways which is owned by IAG in 2018. The breach saw 420,000 customer and staff data illegally accessed. It related to personal and financial information and led to a record fine of £20m.
Employers in the UK who do not follow the law, or who fail to have the required online and offline security protocols in place could be in breach of the law.
To discuss a data breach claim against an employer, you can either fill out the contact form by clicking here, or you can speak to an adviser using the Live Chat option.
Your employer must have your explicit consent to share any personal data they collect, process or store about you. That said, there are circumstances when your data could be lawfully shared without your consent. Examples of when an employer could share your data with another party include:
- When HMRC requests information about you for tax and payroll purposes
- If a life is at risk
- If it is in the public interest to share your data
When an employer has the right to share your private data with other parties, the data shared must only be information that is necessary.
To find out more about making a data breach claim against an employer, please use our Live Chat. You can also fill out our contact form and a member of our team will get straight back to you.
When an employer is made aware of a data breach, there are specific actions they are obliged to take. This includes:
- Reporting the breach to the Information Commissioner’s Office (ICO) within 72 hours
- Launch an internal investigation into how the breach happened
- Establish how much data was accessed in the breach
- Determine who is affected by the breach
- Inform anyone affected by the breach without undue delay
- Set in place mitigation protocols
When your employer tells you about a data breach whether by email or by post, you must keep copies. The information will strengthen your case if you want to make an employee data breach claim.
To connect with an adviser, please use our contact form. Alternatively, you can opt to chat with an adviser on our Live Chat.
The Information Commissioner’s Office’s job (ICO) is to enforce data protection law in the UK. However, the ICO’s role is not just limited to enforcing data protection regulations. The authority also:
- Hold databases of actions they have taken and fee-paying organisations
- Responsible for enforcing several different pieces of legislation
- Dealing with reports relating to data breaches
- Providing data protection guidelines to data controllers and processors
- Issuing fines to organisations that are in breach of data protection law
- Making recommendations to organisations in breach of the law to help ensure compliance
The Information Commissioner’s Office has the power to enforce heavy penalties on organisations that do not abide by data protection laws. These fines can go into the hundreds of thousands of pounds depending on the severity of a data breach.
To find out if you have a valid data breach claim against IAG, please get in touch today by filling out the contact form, or by chatting to an adviser via our Live Chat.
The Information Commissioner’s Office provides organisations with guidelines to reduce the risk of data breaches happening. The ICO also provides essential training documentation to data controllers. An example being the Employment Practices Code.
If you think your personal data is compromised and you want to know if you have a valid claim, please click on our contact form page above. An experienced adviser will get back to you without delay.
When your personal information or privacy is compromised in a breach, you have the right to request that the Information Commissioner’s Office (ICO) investigates the event. That said, you should try to resolve the problem with your employer before contacting the ICO.
To do so, you can try the following:
- Send your employer a formal complaint
- If you are unhappy with your employer’s response, take the matter further
- Contact the Information Commissioner’s Office to report your concerns
However, you must not wait too long before contacting the ICO to make a complaint because if you do, the authority may not want to investigate the breach.
For more information on how to report a data breach to the Information Commissioner’s Office (ICO), please get in touch with a member of our team today.
When you make a successful data breach claim against IAG, you could receive two forms of compensation. These are:
- Non-material damages for the injuries/mental ham you suffered, such as stress, anxiety or depression
- Material damages for any financial losses you incurred
An important ruling was made in the Court of Appeal in the case of Vidal-Hall and others v Google Inc . It was held that:
- Victims of a data breach can claim non-material damages for mental harm caused by a data breach even when no financial losses are incurred
- The amounts awarded for non-material damages should be based on personal injury law with guidance sought from the Judicial College Guidelines
The table below provides an idea of the sort of compensation you could receive for mental harm. The amounts are taken from the Judicial College Guidelines (JCG) which courts, personal injury lawyers, and insurers refer to when valuing a claim.
|Mental Harm||Severity||Compensation awarded for non-material damages based on Judicial College Guidelines|
|Psychiatric harm||Severe||£51,460 to £108,620|
|Psychiatric harm||Moderately Severe||£17,900 to £51,460|
|Psychiatric harm||Moderate||£5,500 to £17,900|
|Psychiatric harm||Less Severe||Up to £5,500|
|Post-traumatic stress disorder PTSD||Severe||£56,180 to £94,470|
|PTSD||Moderately Severe||£21,730 to £56,180|
|PTSD||Moderate||£7,680 to £21,730|
|PTSD||Less Severe||Up to £7,680|
Please note, the amounts are provided as a general guideline only. For an accurate estimate, you would need to discuss your case in more detail with an expert lawyer. Why not click one of the Legal Expert banners above to speak to someone today?
You may be worried about paying for legal representation which can be expensive. However, many personal injury lawyers provide clients with No Win No Fee terms. This means you only pay for a No Win No Fee lawyer’s services when you receive data breach compensation. In short, you will not pay an upfront fee, and you will not have to pay ongoing fees.
However, a No Win No Fee lawyer will need to review your claim before offering these terms. That said, when they find you have good reason to sue for data breach compensation, they will send you a Conditional Fee Agreement (No Win No Fee agreement). You need to read the Terms and Conditions set out in the contract before signing it and returning it to the solicitor.
A No Win No Fee lawyer will take a small percentage of the compensation you are awarded. This is the ‘success fee’ which is legally capped. To find out whether you could make a No Win No Fee data breach claim against IAG, please fill out our contact form. Alternatively, you can click on the Legal Expert banner to receive free advice on how best to proceed with your claim.
Links to useful internal guides to data breach claims:
Links to helpful sites relating to data breaches:
Below we have provided some answers to frequently asked questions about data breaches.
What is a data controller?
A data controller is an organisation that collects, processes, and stores the personal data of an individual (data subject).
What is a data subject?
A data subject is an individual whose data is collected, processed and stored by an organisation (data controller).
When could you be compensated?
When your personal data or privacy is compromised in a data breach, you could seek compensation.
How long could a claim take?
how long a data breach claim takes to settle will depend on the severity of a breach. Data breach claims can be settled in a few months, whereas more serious claims can take a few years to settle.
Thank you for reading our article on data breach claims against IAG.
Guide by WD
Edited by BER