At KP Law, our expert data breach lawyers want to lessen the impact of a data violation as much as possible. To help, we have collated a range of support, information and other resources to help you get your life back on track.
We also understand that making a data breach compensation claim can seem difficult, and that not knowing what to expect can be stressful. To protect you from any unnecessary worry, we make sure you are fully informed at every step of the process. To help with this, our handy data breach jargon buster explains some of the key legal phrases and terminology you might come across when making a claim.
Here is a list of organisations who might also be able to provide help at this time.
The ICO is an independent authority, set up to uphold information rights in the public interest, and to promote openness by public bodies and data privacy rights. You have the right to ask the ICO to assess if an organisation breached the Data Protection Act.
If you are concerned about the way an organisation has handled your personal information, you should make a complaint to the ICO.
Action Fraud is the reporting centre for fraud and cybercrime. If you have been scammed, defrauded or experienced cybercrime in England, Wales and Northern Ireland, you should also report this to Action Fraud.
Once you make a report, Action Fraud will provide you with a police crime reference number and your case will be passed to the relevant local police force/law enforcement agency for investigation. Action Fraud does not investigate the cases and cannot advise you on the progress of a case.
It is important to make a report via Action Fraud, as it uses this data to make reports and passes these to the National Fraud Intelligence Bureau (NFIB). The NFIB uses this data to identify serial offenders, organised crime groups and find emerging crime types.
See our answers to the FAQs we get asked about making a data breach compensation claim with our expert data protection lawyers.
Anyone who has had their personal information put at risk because an organisation has not protected their data in the way it is legally obliged can claim data breach or cybercrime compensation. Our expert lawyers help people to come together and make a wide range of Privacy and GDPR group action claims after a data protection breach. This is called making a Group Action claim.
If you are the victim of a data protection breach, check out our current group actions to see if we are running a claim related to that specific breach. If the action you want to join is not listed, please tell us about it. Where enough people come forward, we may launch a new claim.
Yes. If you have already contacted the ICO about a breach, we can still help you to make a claim. In fact, we use the evidence uncovered in ICO investigations to support your case.
Yes. Anyone who has had their personal data exposed or put at risk can make a compensation claim. This includes customers, former customers, employees and former employees.
An employer cannot fire you or harm your career in any way if you make a claim. They would be breaking employment law if they did, and any action could be classed as discrimination.
Under the UK GDPR, organisations MUST tell you if they have breached your personal data. If you suspect your data has been breached and you haven’t heard from the company in question, you should report this to the ICO.
If you are told that you are involved in a data breach, or if you hear that a company has suffered a data breach and are worried you might be affected, check to see if we are running a group action in relation to that claim. If we are, sign up to see if you are entitled to make a compensation claim.
You should also note your version of events ASAP, including the impact on you. This could provide valuable evidence in court.
You should also protect yourself following a data breach or cybercrime.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant or multi-party actions.
At KP Law data breach, all our actions are group actions.
A group action allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and make a big organisation take the matter seriously. This increases their chances of settlement or success in litigation.
Just because your case is part of a group action doesn’t mean that everyone will receive the same amount of compensation if successful. All claims are settled based on their merits, and you will receive what you are owed.
Yes, you can, although you should check the terms of your retainer with your current solicitor first to check you would not have to pay any fees to them if you leave them. If you are part of a group action with another firm and you would like to know more about switching to KP Law, contact us today.
If you are the victim of a data protection breach, check out our current group actions to see if we are running a claim related to that specific breach. If the action you want to join is not listed, please tell us about it. Where enough people come forward, we may launch a new claim.
No-win, no-fee means that, if your claim is not successful, you won’t have to pay a penny towards your case. There are no hidden charges or other administration fees.
If your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. At KP Law, our fees are reasonable and we always explain what you will have to pay if you win up-front.
There are no costs to join a claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. At KP Law, our fees are reasonable and we always explain what you will have to pay if you win up-front.
Our CFA (otherwise known as a no-win, no-fee agreement) explains the fees you are liable for when you appoint us. Legally, we must word our CFA in a specific way, but we understand that it can be confusing.
Here’s what you need to know:
*As long as you follow our T&Cs (which means being honest and truthful about your claim).
There are no guidelines about how much compensation you can be awarded for a claim under the Data Protection Act. If you do go to court, it is up to the judge to consider all the circumstances, including the seriousness of the breach and the impact on you.
You can claim for financial losses, emotional distress, and the failure to protect your data.
You are entitled to claim for any losses you can link directly to the breach of data. For example, has your card been used without permission or are there any transactions on your bank statement that you haven’t made? Let us know about any losses, and we will include them in your claim. You can do this at any time up to the point of settlement, but you should let us know as soon as you are aware of any such loss.
If the data breach has caused you stress or anxiety, then yes you can.
Any organisation can be held accountable for a data breach if they have not protected your data in the way they are legally required to do.
If you are the victim of a data protection breach, check out our current group actions to see if we are running a claim related to that specific breach. If the action you want to join is not listed, please tell us about it. Where enough people come forward, we may launch a new claim.
You do not need to have suffered any financial loss or emotional distress to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.
In some group action cases, there will also be deadlines set by the court to join a case. With strict time limits in place, it’s important to act now.
Each case is different. We always keep you updated, so you know what is happening and what to expect.
The Information Commissioner’s Office (ICO) is the UK’s independent data privacy regulator. It investigates data breaches and fines organisations who fail to meet the requirements of the Data Protection Act. You have the right to ask the ICO to assess an organisation if you think it is guilty of a breach.
The ICO does not award compensation, but you can use evidence uncovered by the ICO to support a data protection compensation claim.
No, the ICO does not award compensation to data breach victims.
Our expert data breach lawyers use evidence uncovered by the ICO to support your data protection compensation claim.
No. We can start a data breach action against an organisation without you going to the ICO, but we would always recommend this as a first step.
No. We can start a claim before the ICO has concluded its investigation. In some cases, actions are settled before an organisation has been fined by the ICO.
Our data breach lawyers remove the jargon from data privacy claims to ensure you are always fully informed.
Victims of data breaches often become the target of cybercriminals. To keep yourself safe, our expert data breach lawyers have provided some helpful tips.
What does no-win, no-fee actually mean? And are there any hidden costs you should know about?
If your claim is not successful, you will be responsible for a share of the Defendant’s costs. These costs will have been incurred in defending the claim. When we take out ATE Insurance on your behalf, we protect you from having to pay these costs and expenses if you lose your case.
The person(s) making the claim.
A CFA is also known as a No-Win, No-Fee agreement between you and your solicitor. It states that you won’t have to pay a penny if your claim is unsuccessful.
A data protection breach refers to any situation where personal data has been wrongly accessed, altered, disclosed, destroyed, or lost. A data protection breach can occur because of hackers and other cybercriminals, or by human error, negligence and poor security processes.
A data protection hack is caused by people with malicious intent who break into a company’s systems to steal information.
The organisation(s) that has breached your data and who you are claiming against.
A payment we make on your behalf to a third party.
A legal document that asks for specific information about the data breach incident you were involved in. For example, it might ask about any bookings/purchases you made with a defendant and details of the card you used to do this.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.
With a group action claim, the claimants collectively bring their cases to court against a defendant. These victims then fight together to achieve compensation in the High Court of Justice.
Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.
An order of the court in England and Wales, a GLO allows people who have suffered common or related issues to have their cases managed collectively via a group action.
The group register is a large database of everyone seeking to claim against the defendant.
A Letter of Claim lets the defendant know that we plan to start proceedings against them on your behalf.
A legal document that asks how the breach has affected you. This could include things such as spam/nuisance phone calls and emails, cancelled cards, financial loss and emotional distress. You can fill in our Impact Form online.
A legal agreement between you, your solicitors, and all the other claimants in the group action. It establishes how the case will be managed in the most cost-effective and least troublesome way to you.
A two-page court document. It briefly outlines your claim against the defendant.
Also known as a CFA, a no-win, no-fee agreement is a contract between you and your solicitor. It states that you won’t have to pay a penny if your claim is unsuccessful.
A Part 36 Offer is an offer of settlement. It can be made by either the claimant or the defendant. A Part 36 Offer aims to settle a claim early without the matter having to go to court.
The Particulars include all the necessary details and background information the court needs from us to make a data breach compensation claim. This document also sets out what we hope to achieve on your behalf. A Particulars of Claim is needed only if court proceedings are necessary.
A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.
Personally identifiable information (PII) is any data that can be used to identify a specific individual – either on its own or together with other information.
Examples of PII include full names, bank account numbers, passport numbers, email addresses and a whole range of other data.
The Schedule 2 form asks you about any financial losses, distress, and/or inconvenience you have suffered as a result of the data breach. Sometimes this means providing information that you have already supplied to us. We appreciate that this is frustrating, but the impact of a data breach isn’t always immediately apparent. So, it’s vital that we regularly assess the level of loss and upset you have suffered to ensure you receive the maximum compensation possible.
A Statement of Truth is a statement that confirms that the facts stated in a document are true. For example, we often ask you to sign a Statement of Truth to verify that a defendant has advised you that you were involved in the data breach incident.
Signing a Statement of Truth which you know contains false evidence can negatively impact the success of your claim. Contempt of court proceedings may also be brought against you if you have provided statements that you do not believe to be true. So, before you sign a Statement of Truth, you should verify this to be correct.
If your claim is successful, we will charge a success fee. This fee covers the costs we have incurred in representing you in your case. At KP Law, our fees are reasonable and we always explain what you will have to pay if you win up-front.
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses, and the government. The Data Protection Act is the UK’s implementation of the General Data Protection Regulation (GDPR).
The UK General Data Protection Regulation is an EU regulation law on data protection and privacy. Despite Brexit, all UK organisations must comply with the GDPR. In the UK, the Data Protection Act (DPA) is the UK’s interpretation of the GDPR.
The Online Safety Bill is a proposed Act of the Parliament. The Bill is intended to improve internet safety. The Bill would create a new duty of care for online platforms towards their users. For example, it would require them to take action against illegal and legal but harmful content.
The Computer Misuse Act helps to stop people from using computers for illegal purposes. It deals specifically with the crime of accessing or modifying data stored on a computer, without being authorised to do so.
The Copyright, Designs and Patents Act gives the creators the right to control how their material is used. Music, books, videos, games and software can all be covered by copyright law.
The Privacy and Electronic Communications Regulations (PECR) governs email marketing. The latest version of PECR came into effect on 29 March 2019.
The Protection from Harassment Act protects the victims of harassment. This includes stalking, racial harassment, and anti-social behaviour by neighbours. Tech abuse often falls under this act.
The Malicious Communications Act 1988 makes it illegal to “send or deliver letters or other articles for the purpose of causing distress or anxiety”. It also applies to emails. Communications sent via social media could also breach this act.
The Human Rights Act sets out the fundamental rights and freedoms that everyone is entitled to. Part of this act is your right to respect for your private life, your family life, your home and your correspondence (e.g. letters, telephone calls and emails). What this means is that you have the right to live your life privately without government interference.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.