A breach of criminal offence data can cause very real distress and aggravation. To avoid this, there are laws in the UK called the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR) which require all organisations and agencies to safeguard personal information to a very specific standard.
Failure to protect personal data by not complying with these laws means that they could be investigated and fined by an independent body that upholds data protection rights for the public called the Information Commissioner’s Office (ICO). It also means you could sue them for compensation if the data breach harmed you.
A data controller is an organisation that will set the purpose for processing your personal data. Data controllers that could process your criminal offence data include the courts, police, solicitors, barristers or even your employer. Under data protection laws, these entities must ensure they keep this data secure so as not to comprise its integrity.
Speak to our team about starting a claim:
- You can call us on 0161 696 9685
- Contact us and request a callback
- Or use the live support option in the bottom right screen
You can also click on the highlighted text throughout this guide for additional help and information.
Select A Section
- What Is A Breach Of Criminal Offence Data?
- Is Criminal Offence Data A Kind Of Special Category Data?
- Conditions For Processing Criminal Offence Data
- How To Claim For A Breach Of Criminal Offence Data
- What Could You Claim For A Breach Of Criminal Offence Data?
- No Win No Fee Claims For A Breach Of Criminal Offence Data
Firstly, it’s helpful to understand that protected personal data is any information that can be used in isolation or alongside other details to positively identify you as a living person. With this in mind, it can be contact details. Or data relating to your health, beliefs or personal criminal offence data. A personal data breach is defined as:
- Sharing personal data with an unauthorised party
- A party sending your personal information to the wrong person or parties
- A data controller or processor losing files that contain data
- Or devices being stolen that have stored personal data on them
- Alteration of personal data in a security incident
- Personal data is compromised through unauthorised disclosure or access.
It can be possible to have an eligible breach of criminal offence data compensation claim if a data controller or processor has failed to adhere to data protection laws, and this has meant this data has been breached. You would be able to pursue compensation for the harm this has caused.
The 7 Core Principles
In order to help organisations avoid potential security incidents and data breaches, the UK GDPR have identified 7 core principles for ideal data processing. They state that data must be:
- Collected in a lawful and transparent way
- With an explicit purpose
- Kept to a minimum
- Retained in an accurate state
- Stored for limited periods (then destroyed in a secure way)
- Kept secure at all times
- Handled with personal accountability by all involved in the data use
As well as complying with these principles, organisations must meet at least one of 6 lawful bases for data processing.
UK GDPR classifies some personal data as ‘special category data’, and this reflects the potential that data has to cause greater harm to the data subject if breached. Some special category data are health information, ethnic origin, sexual orientation and political or religious beliefs.
Personal data concerning convictions, criminal allegations or details relating to legal proceedings are not classified as a special category. However, there are very similar obligations when it comes to the processing of criminal offence data.
In the context of personal data in relation to allegations, criminal activity, and ongoing or past investigations, the controller must complete a data protection impact assessment (DPIA) if the processing is high risk.
Recital 75 of the Data Protection Act 2018 states that criminal offence data merits enhanced protection because of the potential risk it could pose to the fundamental rights and freedoms of the data subject. The stigma attached to those accused or convicted of crimes means that details leaked about them can fundamentally compromise their rights, liberty and security, the right to a fair trial, family life and freedom to conduct business.
Criminal offence data can only be processed if one of these conditions is met;
- Satisfies a condition in Schedule 1 of the DPA 2018.
- Under the control of official authority;
Not all instances of a breach of criminal offence data will mean those affected can make a personal data breach claim. If all has been done to protect the data, but still a breach occurs, then a claim is less likely.
To have a valid criminal offence data breach claim, you must be able to determine that the controller or processor failed in its obligation to comply with data protection laws; this caused your criminal offence data to be breached, and you suffered harm as a consequence.
Following a breach of your criminal offence data, you could take the following steps;
- Contact the party you think is responsible for breaching your data. They should respond to your enquiry. If they fail to do so or you are not satisfied, you can escalate your complaint.
- Complain to the ICO if your complaint is not taken seriously.
- The ICO cannot award compensation, but they can open an investigation
- Start to collect proof of the negative impacts of the data breach on your finances, health or reputation
- Change passwords and other security options on your devices
- Start to consider legal help.
A breach of criminal offence data can trigger some devastating consequences for the data subject. In data breach cases, it’s possible to present evidence that shows the financial and psychological injury caused. Firstly, material damage can use receipts, bank statements or other documentation that shows financial losses.
Other costs can include:
- Securing your anonymity (and that of your family) by moving location
- Having provable loss of earnings
- The need to replace devices like laptops or smartphones
- The cost of seeking counselling to deal with the anguish the data breach created
In addition to this, it’s possible to claim non-material damage for the psychological distress caused by a breach of criminal offence data. The resultant stress, worry and fear can give rise to severe mental health problems for some.
After a precedent case called Vidal-Hall and Others vs Google Inc, it was decided that damages could apply for psychiatric harm independently of financial loss.
|Description of Psychiatric/Psychological Harm||Severity and JC Guideline Bracket||Further Notes|
|General||(a) Severe Type - £54,830 to £115,730||Marked issues in all areas of life and a poor future prognosis|
|General||(b) Moderately Severe Type - £19,070 to £54,830||Long-standing mental health disability with a better prognosis than above|
|General||(c) Moderate Level - £5,860 to £19,070||Although there were issues like those above, a marked improvement is seen by the time the case may come to trial|
|General||(d) Less Severe Degree - £1,540 to £5,860||These awards acknowledge the length of illness and the creation of any specific anxiety disorders like phobias|
|PTSD (Post-Traumatic Stress Disorder)||(a) Severe Degree - £59,860 to £100,670||An acute and permanent injury that has detrimental impacts in all areas of the person's life|
|PTSD (Post-Traumatic Stress Disorder)||(b) Moderately Severe Degree - £23,150 to £59,860||Similar severities that see an improvement after professional intervention and counselling|
|PTSD (Post-Traumatic Stress Disorder)||(c) Moderate Degree - £8,180 to £23,150||More or less a recovery with persisting issues not being grossly disabling|
|PTSD (Post-Traumatic Stress Disorder)||(d) Less Severe Degree - £3,950 to £8,180||A recovery within one or two years with only minor symptoms continuing after this period.|
These amounts are not guarantees, merely guideline award brackets.
You can start a data breach claim independently or with the help of a data breach solicitor. But if you are worried about costs, a solicitor can represent you under a No Win No Fee agreement. This means you often only need to pay a maximum 25% deduction from any settlement awarded when the case wins under a Conditional Fee Agreement. There are no fees to pay your solicitors if the case fails.
Our team can connect you with a data breach No Win No Fee solicitor to take up your case today.
There is a 6-year time limit to data breach compensation claims. This reduces to 1 year in cases against a public body. So please don’t delay. Get in touch by:
A breach of criminal offence data is only one scenario:
- Read more on how to claim for a witness data breach
- Information on claiming after an employer data breach
- Or how a family data breach claim could be appropriate
- As well as this, please see statistics on the subject
- Also, more reading on the Data Protection Act 2018
- And in conclusion, tips on how you can stay safer online