Data breach victims seeking compensation are often faced with difficult choices when pursuing claims. Would you know how to proceed?
A member got in touch with the Which? Money Helpline after their local council suffered a cyberattack towards the end of 2020. They’d then seen an advert on their Facebook feed from a firm suggesting they can use it to claim compensation for the data breach.
But can ads like that really be trusted?
Data breaches, where companies lose or alter our data without permission, are a growing problem. We’ve highlighted in the past that personal details such as names and credit card details stolen from breaches are sold on the dark web and used by scammers.
In the case of this local council, the disruption caused to essential online services led to a number of property purchases falling through, and extra costs for those affected. But people are right to be sceptical of adverts like this, which could have been posted by criminals looking to collect personal details.
You can check the firm is on the Solicitors Register and make sure the website address listed there matches the website the advert is leading you to. Be aware, however, that even genuine ‘no-win, no-fee’ firms can take a hefty cut of any compensation you may receive.
General Data Protection Regulation
The General Data Protection Regulation (GDPR), part of the Data Protection Act 2018, gives you a right to claim compensation from an organisation if you have suffered damage (financial or distress) as a result of it breaking data protection law.
But before taking your council to the small claims court, you should approach it directly and request compensation. You may also wish to seek a judgment from the Information Commissioner’s Office (ICO) over whether your council broke the law.
The ICO can’t award compensation but a judgment in your favour could make your court case more likely to succeed. You can find our guide to the small claims court, and a costs calculator, here.
Difficult choices
Data breach victims seeking compensation are faced with a difficult choice: hand over much of your compensation to a claims firm, or put in a lot of legwork yourself. That’s why we want not-for-profit organisations, such as Which?, to be able to bring collective redress actions to court on behalf of people on an ‘opt out’ basis.
This would avoid individuals having to shoulder the cost and responsibility themselves. If companies knew that a breach was likely to result in a major legal claim against them, they would be incentivised to better protect our data, reducing the chance of a breach happening in the first place.
Has your data ever been involved in a breach? How did you deal with the situation?
Helping our members
Did you know about Which? Money Helpline? It’s staffed by financial experts with more than 100 years’ experience in the financial services industry between them.
Members can ask us questions about a range of personal finance subjects, and there are no limits to the number of calls you and your family can make, or the length of time you can spend talking to us.
What the Which? Money Helpline can help you with
- Banking
- Borrowing – credit cards and loans
- Car, home and travel insurance
- Equity release
- Investments
- Long-term care
- Mortgages
- Pensions
- Protection insurance
- Savings and Isas
- Tax
- Wills/probate/trusts
Which? members with a Which? Money subscription can call the helpline on 029 2267 0001.