Data Breach Compensation Amounts


If you believe your data protection rights have been breached, the first step to claiming compensation is to seek professional, independent legal advice from accredited and reliable data breach experts. If your chosen legal adviser agrees with your claim for data breach compensation, then the next step is for the accredited legal professional to make a claim against the part responsible for the data breach on your behalf. The claim will proceed to court to be heard if an agreement cannot be made between your legal representative and the party that has breached your data protection rights.

Throughout this post, we will provide you with details on exactly how to claim your data breach compensation, the amount of compensation you can expect and an overview of recent and historic data breach cases. All of this information has been produced by our accredited data breach expert Ellie Watts and is thoroughly referenced with the latest data breach news and laws.

How much compensation will I get for a data breach?

The amount of compensation that you may receive from a data breach claim will depend on the type of breach that has taken place, the high risk nature of the information that has been breached and if you have suffered from any distress as a result.

As of May 25th, 2018 all European Union member states are held accountable to the General Data Protection Regulation (GDPR).  This legislation outlines rules relating to the protection of natural persons with regard to the processing of personal data and rules related to the free movement of personal data. GDPR also protects the fundamental rights and freedoms of natural persons, and in particular their right to the protection of personal data. This harmonised legal regulation also states, “The free movement of personal data within the union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

 

Related: Data Protection Breach Fines 

Privacy Breach Compensation

Under the privacy data protection law General Data Protection Regulation (GDPR) you have the right to claim data protection breach compensation from an organisation if you have suffered as a result of that organisation breaching data protection law with your personal data  This applies to both “material damage” (e.g., if you have lost money as a result) and “non-material damage” (e.g. if you have experienced anxiety or distress as a consequence). You may be able to claim more compensation if a breach of your personal data has caused you severe distress.

 

Related: Divide By Data Breach – March 2021

Compensation for breach of confidentiality

As data breach experts, we appreciate the importance of our clients being up-to-date with all our cases, as we frequently update our site case studies to ensure all our site visitors have the most updated and accurate data breach information. Below are some of the recent case studies we’ve updated.

A postal administrative error by a council resulted in £12,000 in compensation

Local Authorities unredacted report error to our client’s former coercive and controlling partner results in  £4,300.00 in compensation

How much compensation can I claim for distress caused by a data breach?

If you are distressed as a result of your data being breached, then you are likely able to claim slightly more compensation from a data breach claim. If you can credibly prove that you have physically and or mentally suffered as a result of your personal data being breached (such as experiencing depression) then you may be able to claim more compensation.

However, due to the number of variables involved in each data breach compensation claim, it can be difficult to estimate the amount of compensation you may receive from just assessing previous cases. Furthermore, if you fail to demonstrate you have suffered damage or distress, the court will not award you any compensation, and in some cases can order you to pay the other party’s costs.

What data breaches have resulted in the biggest fines and settlements?

To give you an idea of the scale and severity of data breaches, we’ve detailed some of the largest settlements and fines that there have ever been as a result of data beach violations.

Equifax (2017 data breach): 162 million records breached resulted in a $575m fine.

British Airways (2018 data breach): 400,000 customers were affected and a fine of £20m was imposed by the Information Commissioner’s Office (ICO).

Uber (2016 data breach): 57 million customers and drivers had their data breached and Uber were fined $148m.

Marriott (2018 data breach): the data of 500 million guests was stolen, and Marriott International were charged £18.4m.

Yahoo (2013 data breach): more than 1 billion accounts were compromised as Yahoo were fined $85 million.

Can you get compensation for breach of data protection?

Due to the General Data Protection Regulation (GDPR), you have a right to claim data protection breach compensation if you have suffered as a result of an organisation breaking the data protection law. Under GDPR, you can claim compensation for material damage (i.e lost money) or non-material damage (if you’ve suffered distress). If you believe your personal data has been lost or misused and you have suffered loss or distress, you may be able to claim compensation.

What compensation can you get with a data protection claim?

Material damage

Data protection breach compensation won on the basis that material damage has been caused describes cases in which you have been compensated for tangible suffering. This often describes a loss of money directly.

Non-material damage

Date breach cases where compensation has been won as a consequence of non-material damage describe cases where damage has been caused in intangible ways. Examples of this include when the victim has suffered distress, depression, identity theft or a damaged reputation directly as a result of the victim’s personal data being breached.

What are some examples of compensation won from data breaches due to distress? 

Data breach compensation claims have been steadily increasing since Vidal-Hall and others v Google Inc. (2013). In this case, the Court of Appeal in London concluded that a distress claim suffered by the privacy breach can sound damages even though there was no financial loss. Pre-GDPR, compensation was lower; most data breach compensation rewards started from about £750, whereas now they generally begin around £1,000. 

More recently, data breach compensation amounts for distress have increased as data laws have become clearer and, unfortunately, mass data breaches more common. For example, in the Gulati & Ors V MGN Ltd Phone hacking case damages (2015) were confirmed to be over £250,000. Even more recently, in the Alexander Aristides Reid v Katie Price [2020] EWHC 594 (QB) case, £25,000 was awarded in compensation. Below, we’ve listed a range of data breach compensation examples including the data breach type and compensation amounts.

Are you looking for GPDR data breach compensation?

Get in touch with us today to find out if you have a valid data breach claim and how much compensation you could potentially receive.

Unfortunately, data breaches are increasingly common, so it’s important you check to see if any of your personal data has been breached at all; if it has, then we’re here to help guide you from complaint to compensation.

Get In Touch

What happens to organisations that fail to comply with data protection standards?

Failure to comply with these data protection standards means organisations can be liable to provide compensation to ‘data subjects’ (the individuals the data relates to) who have incurred either damage or destress as a result of a DPA violation.

Organisations that fail to comply may also be fined significant amounts by the relevant territorial authorities. In the UK, the Information Commissioner’s Office may hand out fines that are equivalent to 4% of an organisation’s turnover or £17.159 million, whichever is greater.

Do I have to go to court to get compensation for a breach of data protection law?

The GDPR gives you a right to claim compensation from an organisation if you have suffered damage as a result of it breaking data protection law. You do not have to go to court to obtain compensation, as the organisation may agree to pay you. If the company does not agree to pay, you may need to make a claim in court to claim your compensation. You can claim for both “material damage” (e.g. you have lost money) or “non-material damage” (e.g. you have suffered distress). You do not have to make a court claim to obtain compensation – the organisation may simply agree to pay it to you.

How long does a data breach claim take?

While some claim that data breach cases can be over in just a few weeks, the reality is that data breach claims can take several years from complaint to compensation.

Related: Data Protection Breach Compensation Examples 

How much compensation can you claim for a data protection breach?

Data protection breach compensation amounts vary from case to case depending on the type of claim that has been made and the severity of the distress or damage caused to the claimant. Cases involving ‘low risk’ personal information that is unlikely to lead to serious distress can be settled from between £750 and £1000 in compensation.

This should be considered the lowest end of the spectrum, and whilst it’s important that data protection breaches of all kind should be reported to the ICO, many solicitors will not consider taking on any cases of a lower value as they will not be able to take a suitable fee for their time spent processing the claim.

How much is the average compensation for breach of the Data Protection Act?

The average compensation for breach of the Data Protection Act is between £1,000 and £42,900. In some cases, you may be able to claim more compensation for personal data breach that causes you distress.

How much money have previous data breach victims been compensated?

The amount of money that previous data breach victims have been compensated has risen over the years, with initial breaches of the Data Protection Act only winning around £2,500 in damages related to disclosure of private information. However, as organisations have been accruing more personal information, more cases have been going to court, resulting in more precedents being set.

Most data breach claims are settled outside of court, however, the amount of compensation that is settled on is usually informed by cases that are similar in nature.

Example compensation amounts for distress caused by GDPR data breach

The average compensation awarded for GDPR data breaches is between £1,000 and £42,900, however, in some cases, you can claim more compensation if the breach of your personal data has caused you distress.

While data breach distress compensation amounts vary hugely based on the type of data breached, the effect it’s had on you, and the high-risk nature of the information, there are general guidelines (outlined below) for how much compensation certain data breaches typically lead to. 

  • £1,000 – £1,500 for breaches of basic personal data. For example, name, date of birth, home and email addresses.
  • £2,000 – £5,000 for breaches of medical records.
  • £3,000 – £7,000 for breaches of financial information.
  • £25,700 – £42,000 for breaches that cause mental or physical illness such as depression, for example.

Below, we’ve detailed a range of major data breach cases, the nature of the breach and the amount of compensation that was awarded to the claimant.

CaseData breachCompensation
Archer v Williams [2003] EWHC 1670 (QB)Disclosure of medical information£2,500
Campbell v MGN Ltd [2004] UKHL 22Publication of articles/photographs disclosing private information£2,500 plus aggravated damages of £1,000
Applause Store Productions Limited v Raphael [2008] EWHC 1781False defamatory profile and group on Facebook£2,000 plus award for libel totalling £20,000
Mosley v News Group Newspapers Ltd [2008] EWHC 1777Publication of private information relating to sexual practices£60,000
Cooper v Turrell [2011] EWHC 3269 (QB)Misuse of private informationClaimant 1 £30,000 Claimant 2: £50,000
Sean Robert Grinyer v Plymouth Hospital NHS Trust; 28th October 2011Unauthorised access of medical records by nurse£12,500
AAA v Associated newspapers Ltd [2013] EWHC 2103 (QB)Publication of photographs£15,000
Weller v Associated Newspapers Ltd [2014] EWHC 1163 (QB)Publication of photographs without consent£10,000
Gulati and others v MGN Ltd [2015] EWHC 1482 (Ch)Phone hacking£72,500 – £260,250
Brown v Commissioner of Police of the Metropolis and Chief Constable of Greater Manchester Police [2015] EWCA Civ 646Unauthorised processing of flight details, in lead up to disciplinary£9,000
TLT and others v Secretary of State for the Home Department and Home Office [2016] EWHC (QB)Publication of confidential personal information of around 1,600 applicants for asylum or leave to remain£2,500 – £12,500
Wooley & Wooley v Nahid Akbar Or Akram [2017] SC Edin 7CCTV surveillance carried out by a neighbour£17,268
Ali & Anor v Channel 5 Broadcasting Ltd [2019] EWCA Civ 677Disclosure of private information in television show£10,000 per claimant
Alexander Aristides Reid v Katie Price [2020] EWHC 594 (QB)Disclosure of sexual preferences and lying about retaining Personal Information.£25,000
Aven and others v Orbis Business Intelligence Ltd [2020] EWHC 1812 (QB)Inaccurate processing of the allegation regarding “illicit cash”.£18,000 per claimant

About Data Breach Help

Operated by Cobleys Solicitors – one of the leading law firms in the UK – we are a dedicated team of experienced solicitors well versed in every aspect of evolving data breach law. Utilising our wealth of experience and expertise, we assist our clients in claiming rightful compensation from both public and private organisations that have failed to protect their data.

Get in touch with us today to find out if you have a valid data breach claim and how much compensation you could potentially receive.

FAQs

How much are solicitor’s fees for a data breach compensation claim?

Solicitor’s fees for data breach compensation claims vary depending on the firm. Data Breach Help’s solicitors work on a No Win No Fee agreement which guarantees the claimant peace of mind in the event of a case being taken on. Our solicitors only take on cases that they are confident in winning.

When a compensation claim is successfully made our solicitors take 25% of the awards won as their payment, the rest of the money awarded goes directly to the claimant. Should the case not be successful then the claimant will not be liable to pay a thing, unless they have deliberately misled the solicitors, or backed out of the process after it has already been put in motion.