By Danielle Nicholson. Last Updated on 19th December 2023. This guide will explain who is eligible to make a claim for compensation if a wrong postal address data breach caused you mental or financial harm and resulted from a breach of your data protection rights.
If an organisation sends a letter or document containing your personal data to an incorrect address, then your personal information is at risk of being viewed by an unauthorised person. Consequently, you may suffer financially or experience stress due to the data breach. In this guide, we look at if you are eligible to make a personal data breach claim following such an incident.
If a postal address data breach harmed you, you might be eligible to claim compensation. Please get in touch with Advice.co.uk to speak to a claims specialist. If you meet the criteria to make a data breach compensation claim, our panel of solicitors could offer to handle your claim.
Make your enquiry by contacting us today:
- Call our helpline on 0161 696 9685
- Please fill out our online claims form to reach us
- Or you can ask an advisor any questions you may have about claiming using the Advice widget below
Select A Section
- What Are Wrong Postal Address Data Breach Claims?
- What Causes Wrong Postal Address Data Breaches?
- How Could A Wrong Postal Address Data Breach Impact You?
- Steps To Take After A Data Security Incident
- Calculating A Settlement If Your Data Was Breached
- Begin Your Wrong Postal Address Data Breach Claim
Personal data breaches are security issues which affect the confidentiality, integrity or availability of personal data at an organisation. An incorrect address data breach is an incident where a data controller or processor posts a letter or document containing personal data to an incorrect address.
The Information Commissioner’s Office is the UK’s governing body for upholding information rights. Each fiscal quarter they produce statistics following data security incidents that have been reported to them. These are known as the data security incident trends. From the financial 2nd quarter of 2019 to the financial 2nd quarter of 2022, there were 3,408 incidents that involved data posted or faxed to the incorrect recipient.
Moreover, the UK General Data Protection Regulation UK GDPR and the Data Protection Act DPA 2018 are both leading data protection legislation that must be adhered to by data controllers and processors. Generally, data controllers are organisations that will determine the means by which your data will be processed, and a processor may be hired to act on behalf of the controller.
Organisations should do the following:
- Train employees in correct, safe data management.
- Have tried and tested internal processes for handling data.
- Have an organised mailing system to avoid misdelivery of data.
Please contact Advice.co.uk if an organisation sent your data to an address that is not yours and you believe you are eligible for compensation.
You may wonder how an organisation could send your personal information to an incorrect recipient. Often human error will cause a data breach. Let’s look at some causes of the misdelivery of data:
- An administrator makes an error and writes an incorrect address when sending a letter or document by post.
- There is an error with an organisation’s automated mailing system. Therefore the organisation sends personal data to an incorrect recipient.
- A data subject tells an organisation they have moved house, but the organisation fails to update the information. So the organisation sends the person’s letter to their old address.
If the security of your personal information is compromised because of a wrong postal address data breach, the incident can harm you mentally and financially.
If a healthcare organisation sends a medical letter containing your personal health data to the wrong person, this could mean personal and confidential medical information has been shared with a party that has no authority to see it. Therefore you could experience emotional distress or mental health injuries because your sensitive data was breached.
Similarly, if a bank or building society were to send out information that contained personal financial details to the wrong address, someone could have access to data that could be used to steal funds from your account.
Claiming Compensation For A Wrong Postal Address Data Breach
Article 82 of the UK GDPR sets the criteria for being eligible to make a personal data breach claim:
- Firstly you will need to prove how the data controller or processor failed in their legal obligation to comply with data protection laws,
- Secondly, you will need to show how this led to a personal data breach,
- And thirdly, you will need evidence to show that you experienced financial losses because of the data breach. Or you suffered from emotional distress or psychological injuries.
Please call our data breach claims helpline, and an advisor can let you know if you qualify to make a data breach compensation claim.
If you believe an organisation or private company has breached your personal data, then you have the right to contact the person responsible for data protection to make a data protection complaint.
Under data protection law, if an organisation suffers a data breach involving your personal data and affecting your rights and freedoms, they must inform you of the breach without delay. They also have to report this incident to the ICO. Again you can contact the organisations where the breach has taken place and make a complaint.
However, if you receive an unsatisfactory response, you do not understand, or no response at all, you can escalate your complaint internally and proceed to make your own report to the ICO.
The ICO could investigate the organisation and impose a penalty. Please note the ICO is unlikely to investigate an older incident. So make sure you wait no longer than 12 weeks after the last proper contact with the organisation to contact the ICO.
The ICO can not award compensation to data breach victims. Please call our claims team to find out how to start your own personal data breach claim.
Under Article 82 of the UK GDPR, the criteria for being eligible to pursue a personal data breach claim are listed. Data subjects who qualify to claim compensation after their data was breached could potentially receive the following payments:
- Successful claimants who have endured material losses could receive material damage compensation.
- Furthermore, claimants who have endured emotional distress or psychiatric injuries such as anxiety because of a data breach could claim for non-material damage compensation.
You may be interested to know your data breach compensation payment. We have created the table below for non-material damage, i.e. mental health injuries. The table does not include material damage compensation.
We used guidelines from the Judicial College (16th edition) to create the table of compensation. These guidelines are often used by legal professionals when valuing claims. We’ve also added the top row to show you how compensation could be awarded for severe mental harm plus your financial losses. This top figure is not from the JCG.
|Mental Health Injury
|About The Injury
|Significant psychological harm and financial losses
|Settlements could include compensation for significant emotional damage and your financial losses, for example, damage to your credit score.
|Up to £250,000+
|Mental Injury (Generally)
|All areas of the person’s life are severely impacted and the prognosis is poor.
|£54,830 – £115,730
|Mental Injury (Generally)
|The impact has been similar to above. However, the overall prognosis is better.
|£19,070 – £54,830
|Mental Injury (Generally)
|They have experienced problems in everyday life, but are now recovering to a degree.
|£5,860 – £19,070
|Mental Injury (Generally)
|Awards are dependent on how much daily life and sleep patterns are affected.
|£1,540 – £5,860
|Mental health issues so severe the person is unable to function as they did before the trauma.
|£59,860 – £100,670
|If this person can get professional help, they could have a better prognosis.
|£23,150 – £59,860
|While largely recovered, the person could have experienced problems across different parts of their life.
|£8,180 – £23,150
|After one to two years there will have been a virtually full recovery.
|£3,950 – £8,180
Please call our helpline, and an advisor can value your claim.
If you meet the eligibility criteria to claim data breach compensation, you may wish to have legal representation during the claims process. A data breach solicitor could help ease the process for you.
One of the data breach solicitors from our panel could support your claim for a postal data breach. Our panel generally offer their legal services under a type of No Win No Fee agreement known as a Conditional Fee Agreement (CFA).
When a No Win No Fee solicitor handles your claim for a wrong address data breach, they won’t ask for upfront payments to cover their services. They also don’t charge ongoing service fees. Additionally, there won’t be a fee payable for their work on your wrong recipient case if you are not awarded data breach compensation.
However, a success fee will be taken out of your awarded compensation if your claim for a wrong address data breach has a successful outcome. This amount is a legally capped percentage.
If you need any free legal advice about claiming compensation under the data protection laws, get in touch with our claims team. The free consultation will provide you with a valuation of your potential data breach compensation, and discuss how you could gather evidence and evaluate your claim. If you satisfy the eligibility requirements, you could be connected to one of the solicitors from our panel.
To discuss multiple letters going to the wrong addresses:
- Contact us online, and a member of the claims team will call you back.
- Call 0161 696 9685
- Ask about postal data breaches in our live chat.
More Information On Dealing With Data Breaches
The following resources may be helpful if you want to claim compensation for a data breach or require more advice.
Find out when you can claim for a speed ticket letter data breach if sent to the wrong address
An ICO guide to special category data, a type of sensitive data
Your right to access your personal data from a public body
An NHS guide to generalised anxiety disorder
If a wrong postal address data breach has harmed you, we hope this guide has provided help.