This guide will explain who is eligible to make a claim for compensation if a wrong postal address data breach caused you mental or financial harm and resulted from a breach of your data protection rights.
If an organisation sends a letter or document containing your personal data to an incorrect address, then your personal information is at risk of being viewed by an unauthorised person. Consequently, you may suffer financially or experience stress due to the data breach. In this guide, we look at if you are eligible to make a personal data breach claim following such an incident.
If a postal address data breach harmed you, you might be eligible to claim compensation. Please get in touch with Advice.co.uk to speak to a claims specialist. If you meet the criteria to make a data breach compensation claim, our panel of solicitors could offer to handle your claim.
Make your enquiry by contacting us today:
- Call our helpline on 0161 696 9685
- Please fill out our online claims form to reach us
- Or you can ask an advisor any questions you may have about claiming using the Advice widget below
Select A Section
- What Are Wrong Postal Address Data Breach Claims?
- What Causes Wrong Postal Address Data Breaches?
- How Could A Wrong Postal Address Data Breach Impact You?
- Steps To Take After A Data Security Incident
- Calculating A Settlement If Your Data Was Breached
- Begin Your Wrong Postal Address Data Breach Claim
Personal data breaches are security issues which affect the confidentiality, integrity or availability of personal data at an organisation. An incorrect address data breach is an incident where a data controller or processor posts a letter or document containing personal data to an incorrect address.
The Information Commissioner’s Office is the UK’s governing body for upholding information rights. Each fiscal quarter they produce statistics following data security incidents that have been reported to them. These are known as the data security incident trends. From the financial 2nd quarter of 2019 to the financial 2nd quarter of 2022, there were 3,408 incidents that involved data posted or faxed to the incorrect recipient.
Moreover, the UK General Data Protection Regulation UK GDPR and the Data Protection Act DPA 2018 are both leading data protection legislation that must be adhered to by data controllers and processors. Generally, data controllers are organisations that will determine the means by which your data will be processed, and a processor may be hired to act on behalf of the controller.
Organisations should do the following:
- Train employees in correct, safe data management.
- Have tried and tested internal processes for handling data.
- Have an organised mailing system to avoid misdelivery of data.
Please contact Advice.co.uk if an organisation sent your data to an address that is not yours and you believe you are eligible for compensation.
You may wonder how an organisation could send your personal information to an incorrect recipient. Often human error will cause a data breach. Let’s look at some causes of the misdelivery of data:
- An administrator makes an error and writes an incorrect address when sending a letter or document by post.
- There is an error with an organisation’s automated mailing system. Therefore the organisation sends personal data to an incorrect recipient.
- A data subject tells an organisation they have moved house, but the organisation fails to update the information. So the organisation sends the person’s letter to their old address.
If the security of your personal information is compromised because of a wrong postal address data breach, the incident can harm you mentally and financially.
If a healthcare organisation sends a medical letter containing your personal health data to the wrong person, this could mean personal and confidential medical information has been shared with a party that has no authority to see it. Therefore you could experience emotional distress or mental health injuries because your sensitive data was breached.
Similarly, if a bank or building society were to send out information that contained personal financial details to the wrong address, someone could have access to data that could be used to steal funds from your account.
Claiming Compensation For A Wrong Postal Address Data Breach
Article 82 of the UK GDPR sets the criteria for being eligible to make a personal data breach claim:
- Firstly you will need to prove how the data controller or processor failed in their legal obligation to comply with data protection laws,
- Secondly, you will need to show how this led to a personal data breach,
- And thirdly, you will need evidence to show that you experienced financial losses because of the data breach. Or you suffered from emotional distress or psychological injuries.
Please call our data breach claims helpline, and an advisor can let you know if you qualify to make a data breach compensation claim.
If you believe an organisation or private company has breached your personal data, then you have the right to contact the person responsible for data protection to make a data protection complaint.
Under data protection law, if an organisation suffers a data breach involving your personal data and affecting your rights and freedoms, they must inform you of the breach without delay. They also have to report this incident to the ICO. Again you can contact the organisations where the breach has taken place and make a complaint.
However, if you receive an unsatisfactory response, you do not understand, or no response at all, you can escalate your complaint internally and proceed to make your own report to the ICO.
The ICO could investigate the organisation and impose a penalty. Please note the ICO is unlikely to investigate an older incident. So make sure you wait no longer than 12 weeks after the last proper contact with the organisation to contact the ICO.
The ICO can not award compensation to data breach victims. Please call our claims team to find out how to start your own personal data breach claim.
Under Article 82 of the UK GDPR, the criteria for being eligible to pursue a personal data breach claim are listed. Data subjects who qualify to claim compensation after their data was breached could potentially receive the following payments:
- Successful claimants who have endured material losses could receive material damage compensation.
- Furthermore, claimants who have endured emotional distress or psychiatric injuries such as anxiety because of a data breach could claim for non-material damage compensation.
You may be interested to know your data breach compensation payment. We have created the table below for non-material damage, i.e. mental health injuries. The table does not include material damage compensation.
We used guidelines from the Judicial College (16th edition) to create the table of compensation. These guidelines are often used by legal professionals when valuing claims.
|Mental Health Injury||Severity||About The Injury||Payout|
|Mental Injury (Generally)||Severe||All areas of the person's life are severely impacted and the prognosis is poor.||£54,830 - £115,730|
|Mental Injury (Generally)||Moderately Severe||The impact has been similar to above. However, the overall prognosis is better.||£19,070 - £54,830|
|Mental Injury (Generally)||Moderate||They have experienced problems in everyday life, but are now recovering to a degree.||£5,860 - £19,070|
|Mental Injury (Generally)||Less Severe||Awards are dependent on how much daily life and sleep patterns are affected.||£1,540 - £5,860|
|PTSD||Severe||Mental health issues so severe the person is unable to function as they did before the trauma.||£59,860 - £100,670|
|PTSD||Moderately Severe||If this person can get professional help, they could have a better prognosis.||£23,150 - £59,860|
|PTSD||Moderate||While largely recovered, the person could have experienced problems across different parts of their life.||£8,180 - £23,150|
|PTSD||Less Severe||After one to two years there will have been a virtually full recovery.||£3,950 - £8,180|
Please call our helpline, and an advisor can value your claim.
If you have legitimate grounds to claim compensation because your personal information was sent to an incorrect address, a skilled solicitor from our panel could work on your claim.
Many claimants opt to work with No Win No Fee solicitors because they won’t pay a solicitors fee upfront. Very often, both you and your solicitor will enter into a Conditional Fee Agreement which means on the condition that they win your claim, you agree to pay a capped success fee. However, you won’t pay a success fee if your claim fails.
Please contact us today to see if you can claim compensation for a data protection breach:
- Call 0161 696 9685 to speak to an advisor
- Send us a message via our online claims form
- Alternatively, ask us a question using our advice widget below
More Information On Dealing With Data Breaches
The following resources may be helpful if you want to claim compensation for a data breach.
An ICO guide to special category data, a type of sensitive data
Your right to access your personal data from a public body
An NHS guide to generalised anxiety disorder
If a wrong postal address data breach has harmed you, we hope this guide has provided help.