If you experience a breach of sickness information at work, does this mean you can make a personal data breach claim? In this guide, we look at what criteria needs to be fulfilled before you, the data subject, can make a data breach claim.
In this country, we have data protection laws in place. They set out how organisations, including employers, should keep your personal data safe. Additionally, should your personal data be included in a data breach, they set out compensation eligibility. We examine these and your compensation eligibility.
Sensitive personal data is given additional protections under data protection laws. Sensitive data includes medical information. Additionally, we take a look at what other personal data is considered special category data.
If you decide to make a data breach claim, you might like to learn more about compensation. We explore the two heads that could make up data breach compensation.
To conclude this guide, we examine No Win No Fee arrangements. Hiring the services of a No Win No Fee solicitor might prove beneficial to your claim.
If you have any questions regarding a breach of sickness information at work, you can get in touch with our data breach advisory team. If your claim seems eligible, they could pass you to a No Win No Fee solicitor from our panel.
To speak to us:
Select A Section
- What Is A Breach Of Sickness Information At Work?
- Types Of Sickness Information
- Do Workplace Data Breaches Need To Be Reported?
- What Could Be Done After A Breach Of Sickness Information At Work?
- Could You Claim For A Breach Of Sickness Information At Work?
- Claim Now
- Grant data subjects more rights over how their data is processed.
- The data controller or processor is held responsible if a data breach occurs that is due to them not adhering to data protection law. A data controller is typically an organisation that determines why and how data is processed. The processor will usually process the data on behalf of the controller.
- Additionally, these pieces of legislation set out data breach compensation eligibility.
A personal data breach is a security incident. A data breach impacts the confidentiality, availability or integrity of your personal data.
Article 82 of the UK GDPR sets out your right to claim compensation if your personal data is compromised. Specific eligibility criteria apply:
- You must prove that the data controller or processor failed to comply with data protection legislation.
- In addition, the breach must have included your personal data.
- You must have experienced harm. This could be financially or a psychological injury.
To claim for a breach of sickness information at work, the breach must have included data protected under law. Also, the organisation that experienced the breach must be liable.
You might want to know what types of information your employer holds on you should you experience a breach of sickness information at work. Employers are bound to data protection legislation as much as any other organisation. Due to its sensitive nature, most of your medical data is classed as ‘special category’ data. Data protection laws give special category data additional protections.
Your personal data includes:
- Email address
- Phone Number
- Bank account and sort code information
Special category data includes:
- Medical data
- Race and ethnicity
- Trade union membership
- Political beliefs
- Religious beliefs
- Genetic and biometric information.
Compromising your medical conditions in a data breach may cause unnecessary stress. If your next of kin relative’s personal data was included in the data breach, you might even experience a family data breach.
Get in touch with our advisors for free legal advice if you’ve experienced a breach of sickness information at work caused because of lack of compliance with data protection laws.
Your employer should notify you without undue delay if your rights are infringed after a data breach. They should tell you what information the breach included. This can help you take steps to protect your data. Once notified, you can ask them what they are doing to put it right.
If you suspect your employer is failing to keep your data secure, you can report them. The Information Commissioner’s Office (ICO) is an independent body set up to protect data security. Your employer should report any data breach that affects your rights and freedoms to the ICO within 72 hours of discovery.
If you want to make a personal data breach claim there are steps you can take:
- Firstly, make a complaint to your employer. Keep any correspondence as this can be used as evidence.
- You can request to see what information an organisation holds on you. If it is inaccurate, you can request it is changed.
- You can raise a complaint with the ICO if you have not received a response or the response is inadequate. Complaints need to be brought to the ICO within 3 months of the last meaningful contact with your employer or data controller.
- You can hire a solicitor if you want help with any of this. We have an expert panel of No Win No Fee data breach solicitors.
Your employer should have data protection procedures in place should a breach of sickness information at work occur that contains your personal data. Human error could result in an accidental data breach. For example, a data breach occurs if your employer emails, faxes, or posts personal data about you in a letter to the wrong recipient.
Your employer must decide if the personal information data breach will likely infringe on your rights and freedoms. For example, if the data breach included your medical data, this could infringe on your freedoms, such as discrimination. They must report this to you without undue delay.
Free legal advice is available from our data breach claims team.
Successful personal data breach claims can include material and non-material damage.
Prior to the Court of Appeal judgement in the Vidal-Hall and others v. Google Inc. (2015) case, you needed to claim for a financial loss to qualify. However, this case set a precedent for awarding data breach damages. You can claim non-material damage, such as for post traumatic stress disorder (PTSD), stress or depression, without claiming material damage.
Legal professionals refer to the Judicial College Guidelines (JCG) when accessing personal injury claims. Legal professionals will use the same document to help assign value to your psychiatric damage in a data breach claim. It contains injuries listed alongside compensation brackets. The table below contains figures for psychological injuries from the latest edition, published in April 2022.
|Mental Health Condition||How Serious||Bracket Amounts||Description|
|PTSD||Severe level||£59,860 to £100,670||The claimant will suffer with permanent severe symptoms. A return to life before the condition is very unlikely.|
|PTSD||Moderately severe level||£23,150 to £59,860||Seeking help in a professional could help the claimant recover. However they will also suffer with severe PTSD symptoms into the future.|
|PTSD||Moderate level||£8,180 to £23,150||The claimant will make a good level of recovery. If any symptoms persist they will not be of a major disability.|
|PTSD||Less severe level||£3,950 to £8,180||Within two years a near full recovery if not full recovery will have been made.|
|Psychological Injury||Severe level||£54,830 to £115,730||The claimant's ability to cope with life and in relationships is severely impacted. Additionally, the prognosis is very poor.|
|Psychological Injury||Moderately severe level||£19,070 to £54,830||The claimant experiences significant problems coping in life and with relationships, but the prognosis is optimistic.|
|Psychological Injury||Moderate level||£5,860 to £19,070||There have been problems coping with life and relationships, but improvements occur with a good prognosis.|
|Psychological Injury||Less severe level||£1,540 to £5,860||The claimant experiences a period of disability that impacts their day-to-day activities and sleep.|
If you decide to make a breach of sickness information at work compensation claim, after your personal data was breached, you may want to hire a No Win No Fee solicitor. They could provide their services under a Conditional Fee Agreement (CFA).
For you, this means that you won’t have to pay an upfront solicitors fee. If your claim is successful, your solicitor will take a success fee from your award. Legal caps apply. If your claim is not successful, however, you will not pay a success fee.
Our advisors can give you free data breach legal advice. Why not get in touch with a member of our data breach advisory team? They can provide free legal advice about what to do after your personal data was compromised in a breach of sickness information at work.
To speak to us:
- ICO Guide to Claiming Data Breach Compensation
- Government Guidance for Making a Data Protection Complaint
- NHS Stress Guide