Get In Touch
Dispute Resolution for Individuals

Data Breaches & Privacy Claims

Chun Wong
Chun Wong
Ruhul Ameen
Ruhul Ameen
Bahareh Amani
Bahareh Amani
Karolina Kupczyk
Karolina Kupczyk
Reema Chugh
Reema Chugh
Brenel Menezes
Brenel Menezes
Senior Associate
Declan Storrar
Declan Storrar
Finley Levell
Finley Levell
Mandhir Seera
Rabiah Farooq
Rabiah Farooq

The law states that organisations must keep your information safe, accurate, used in the way you have agreed, and not disclosed without your permission. However, they often fail to do so. Whether or not the failure is intentional, the consequences can be devastating.

If your personal, private and or confidential information is disclosed in such a way, you may be able to claim for breach of the General Data Protection Regulation (GDPR) or Data Protection Act 2018, and/or misuse of private information, breach of confidence and or breach of your human rights. 

Making a data protection claim

We suggest the following course of action:

  • Speak to our solicitors

Our team will talk to you about your case to identify what you would like to achieve and provide you with guidance on the matter.

  • Representation

It is important that you work with a specialist, so once your claim has been assessed, we’ll allocate the solicitor best suited to your specific situation.

  • Outcome

Our lawyers will work tirelessly to get you the outcome you deserve. They’ll also keep you up to date throughout the matter so you know where you stand.

"Excellent lawyers. Very supportive and sympathetic and caring. Always available if you are unsure about anything to talk you through your queries."

Back to top

General Data Protection Regulation 2018 (GDPR) & Data Protection Act 2018

The GDPR and Data Protection Act 2018 provides a legal framework for the collection, use, storage and dissemination of “personal data” and “sensitive personal data”. This legislation is there to protect your information and give you greater transparency over its use.

Under the GDPR and Data Protection Act 2018, there are two types of data; personal data and sensitive personal data.

  • Personal data is identifying information and can include names, addresses, bank details and photographs. There are fewer safeguards for personal data than there are for sensitive data.
  • Sensitive personal data can include sensitive health history such as your psychiatric history or gender reassignment, religious beliefs, sexual orientation, sex life, genetic data and biometric data. In most cases a person must be asked specifically if sensitive personal data can be kept about them.

Information relating to criminal convictions and or offences has its own separate special category and has specific regulations on how it’s processed.

The GDPR and Data Protection Act 2018 place greater obligations on how organisations control and process personal information in line with your legal rights. The incorrect use or unauthorised disclosure of this information can cause distress and often urgent action is needed.

The unauthorised disclosure of your information and/or storage of inaccurate information can have financial and reputational repercussions. Our specialist solicitors can advise you on the best way to make a data protection claim.

Back to top

Data protection claims – group actions

Offending organisations

In some cases, organisations may suffer a data leak where multiple people’s data are either hacked or disclosed. Our team represent both individuals and groups in actions against offending organisations. A group action can be beneficial as we work with a whole group of claimants to obtain resolution and compensation.

Request of official information

We’re also able to make group representations in relation to requests for official information, made under the Freedom of Information Act and or the Environmental Information Regulations, held by public authorities.

Contact our specialist team on
0330 822 3451
or request a call back.
Back to top

Misuse of Private Information

There’s no right to privacy in English law. However, the torts of misuse of private information and breach of confidence can be used by those whose privacy has been breached.

Private information is information in which an individual is said to have a realistic “expectation of privacy”. Usually what amounts to private information will be clear.

The “misuse” in these claims is typically the unauthorised disclosure (including the wrongful publication) of private information, but can also include the accessing of such information. However, you may not have a reasonable “expectation of privacy” if the disclosed information is already in the public domain (i.e. available on the internet) or if the publication of the information is in the public’s interest.

Information is usually both private and confidential and breach of privacy claims are often brought in both misuse of private information and breach of confidence.

Human Rights Act 1998

If a public body has beached your privacy, you’ll also be protected by the Human Rights Act 1998 under Article 8 of the European Convention of Human Rights – the right to respect for an individual’s private and family life, his or her home and correspondence.

Breach of Confidence

The law on Breach of Confidence has developed in case law over many years. In order to establish breach of confidence you’ll need to show that the information has the necessary quality of confidence (i.e. medical records, trade secrets or financial information), the information was communicated in a manner which imposed an obligation of confidence (i.e. doctor to patient or employer to employee) and that there has been an unauthorised use of the information that has caused you detriment.

Back to top

How do I claim for compensation?

Our specialist solicitors can help you to claim compensation from both individuals and organisations who breach data protection rules, provided you can prove that you have suffered financial loss and/or distress as a result of the breach. We can also bring challenges under the Human Rights 1998 if we can show that your right to private and family life has been breached.

It’s not enough to claim for compensation simply because an organisation has breached your data – you have to show that you have suffered some financial loss

"Brilliant company. Very reliable and trust worthy. If ever needed would highly recommend!"

Back to top

Why choose Hodge Jones & Allen?

If you believe your information regarding your personal details have been shared without your consent, our specialist team are available to provide initial and confidential advice. Provided you can prove that you have suffered distress and or financial loss as a result of the data breach, we can claim compensation from those who breach the law on privacy.


Our specialist team of solicitors have a proven track record and have succeeded in obtaining compensation for victims of data and privacy breaches in a number of complex claims in this developing area of law.

Supportive & cost-effective

We understand the impact and inconvenience data breaches can have. Our solicitors will not just advise on the best and most-effective strategy, but also provide assistance and support to all of our clients.

“Thank you so much for all of your hard work, and also for your support. It’s been a really tough experience, but your explanations and contextualising of a lot of the processes have really helped."

Back to top

How do I pay for my case?

We’ll always explore all possible ways of funding your case. Your lawyer will be able to explain your options in greater detail at your initial meeting and, if appropriate, during the running of your case.

Firstly, you should check whether you’re covered by legal expenses insurance (also known as before-the-event insurance). This type of insurance is normally to be found on household or motor insurance policies, but you should check all your insurance policies, premium bank accounts and credit cards as these can sometimes provide it too. If you are covered, then you should notify the insurance provider straight away.

For privately paying clients we charge for work based on time spent on a case. At the outset of a case you’ll be provided with details of your lawyers’ charging rates and estimates of time and costs throughout the duration of your case for each specific stage of work.

In some cases, we may instead be able to act on a conditional fee agreement basis (“CFA”). Before agreeing to fund your case with a CFA, we’ll have to assess your case carefully. If we agree to act under a CFA and you win your case, a percentage deduction will be taken from any compensation you receive.

Back to top

Frequently asked questions

Can you sue for breach of data protection?

Yes, provided that you can prove you have suffered financial loss and/or distress.

What defences are there for a claim for breach of privacy or data protection?

Potential defences to claims for breach of privacy may include:

  • The information disclosed is not confidential or that it’s not information which an individual has a reasonable expectation of privacy, for example if the information is already available to the public via social media and/or other platforms on the internet
  • The information disclosed is in the public interest
  • The individual consented to the disclosure
  • The organisation was not in any way responsible for the disclosure

How long do you have to claim for a privacy breach?

There is no definitive authority; however, the general consensus is that claims for breach of privacy including data breaches should be brought within 6 years. This means that breaches within the last 6 years are potentially eligible.

Claims for human right breaches have to be brought within 1 year.

Which type of organisations would hold personal data?

Businesses, organisations and the government.

What types of data could be held by an organisation?

Various types of personal information could be held by organisations. For example:

  • Names
  • Addresses
  • Contact information
  • Employment history
  • Medical conditions or history
  • Convictions or criminal record
  • Credit history
  • Financial details (i.e. credit card details, bank details etc.)

What funding options are available?

Our specialist data protection lawyers offer a variety of funding options for breach of privacy claims:

  • Privately paying
  • Conditional fee agreements – if we think you have a particularly strong case, we may be able to offer a “no win no fee agreement”
  • Legal expenses insurance

What is the Data Protection Act 2018?

The DPA is a set of UK legislative principles which organisations, businesses and the government must abide by. It sets out how your personal information can be used.

Personal information must be:

  • Fairly and lawfully processed
  • Processed for specified lawful purposes
  • Adequate, relevant and not excessive
  • Accurate, and where necessary, kept up to date
  • Not kept for longer than is necessary
  • Processed in accordance with the rights of individuals
  • Must be kept secure.
  • Personal data must not be transferred outside the European Economic Area without adequate protection.
Further Reading
View all