Suffering a data breach can be a distressing event. If your personal details have gotten into the public domain, whether through a cyber attack or human error, you could suffer stress, anxiety or even post-traumatic stress disorder. There also could be a financial loss to you as you have to take time away from work to deal with the data breach. If wrongful conduct from someone responsible for your data is involved, you could be entitled to claim compensation. In this guide, we will look at making a claim for a journalist data breach.
Journalism can be a special case when it comes to data protection, as part of a journalist’s role is to release information to the public, but this does not mean they are completely exempt from data protection laws.
We will cover how data privacy and journalism mix, when you might be able to make a claim against a journalist for a data breach and also what forms of compensation could be awarded to you. We will also inform you about how a No Win No Fee solicitor could help you with a claim.
If you would like to speak to us about any aspect of journalist data breach compensation, you can
- Call us on 0800 073 8801
- Contact us online
- Use the live chat feature on this page
Select A Section
- What Is A Journalist Data Breach?
- Do Journalists Have To Comply With Data Protection Principles?
- How Should Journalists Keep Personal Information Secure?
- What Is The Journalism Exemption In Relation To Data Protection?
- How Much Compensation For A Journalist Data Breach?
- Make A Journalist Data Breach Claim On A No Win No Fee Basis
- Learn More About How To Claim Data Breach Compensation
What Is A Journalist Data Breach?
Legislations called the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) lay out the rules and regulations all organisations need to follow when processing the personal data of UK citizens. Together, the form data protection laws.
A personal data breach occurs when there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data. Personal data is information that, either on its own or with another piece of information, could be used to identify you. Personal data includes things like:
- Your name
- Address
- Nation Insurance Number
- An email address unless it is communal, e.g. name@workplace.com
Some personal data is of a more sensative nature and needs to be handled more carefully. This is called ‘special category data’ and includes information about:
- Ethnicity or race
- Political opinions
- Religious beliefs
- Health data
- Sexual orientation or sex life
For journalist data breach claims to be successful, you must show some wrongful conduct (e.g. sending data to the wrong address) on behalf of the journalist in question. This wrongful conduct must have led to some form of harm, which could be financial, such as the cost of having to relocate your home, or it could be for the psychological injuries the data breach has caused you.
A journalist could be liable for a data breach, although there are some special rules and exemptions which we will cover in the coming sections. It is also worth noting that a data breach claim cannot be made against an individual, only against an organisation. Journalists often work in organisations, and this is something we can discuss with you.
If you think you may have a journalist data breach claim, you can contact us on the details we have provided.
Do Journalists Have To Comply With Data Protection Principles?
The Independent Commissioner’s Office (ICO) is an independent body that enforces data protection legislation. They have given guidance in their code of practice for data protection and journalism. This states that, in general, journalists must comply with the DPA and the UK GDPR, however, journalists do have an exemption if they meet certain criteria.
Under this code of practice, journalists should be able to demonstrate how they have complied with data protection principles. They must have appropriate and proportionate data protection measures and update them when they need to.
In summary, journalists have to comply with data protection legislation, but there is an exemption which will be covered in a coming section of this guide.
What Is A Data Protection Impact Assessment (DPIA)?
A Data Protection Impact Assessment (DPIA) is a process designed to help organisations analyse, identify and minimise the data protection risks of a plan or project. It is a key part of an organisation’s accountability under the UK GDPR. If done correctly, it will help in assessing and demonstrating how data protection obligations have been met.
The goal of a DPIA is not to remove all risk but to help minimise it. An organisation can then think about whether the level of risk identified is appropriate or not. A failure to carry out a DPIA can open an organisation up to enforcement action from the ICO, which can up to £8.7 million or 2% of global turnover, whichever is higher.
The ICO stresses that this is not simply just a compliance exercise and that it should ensure that relevant staff think about privacy and data protection as they plan work or projects.
If you believe a journalist has not complied with data protection law and this resulted in a breach of your personal data, you can contact our advisors to see whether you may be eligible for compensation.
How Should Journalists Keep Personal Information Secure?
Journalists must keep personal information secure. They must have appropriate, proportionate security measures and update them as needed. In this context, security measures include cybersecurity, organisational security measures and physical security of personal data.
The ICO journalism code sets out some steps that journalists and journalism organisations should take under data protection legislation:
- Have a backup system to restore lost personal data.
- Ask those working on their behalf to demonstrate how they can keep personal data safe.
- Keep a record of personal data breaches and notify the ICO if the breach is likely to cause someone harm.
- Inform those who are affected by a data breach if there is likely to be a high risk (unless the journalism exemption applies).
To comply with this guidance, journalists should:
- Manage risk with adequate security measures. This could include considering the physical premises, computer systems and who has access to personal information.
- Have strong security measures in place in case a journalistic source has their address compromised and this becomes public knowledge.
- Review and update security measures, e.g. through an internal audit.
- Consider how to keep data secure whilst working remotely or whilst travelling.
To discuss any aspect of making a journalist data breach claim, you can use the contact details provided.
How Long Can A Journalist Keep My Personal Information?
Journalists must use personal information transparently. This includes providing privacy information to people whose personal data they hold, including:
- Why they are using your personal information.
- How long they expect to keep your personal information.
- Who they will share personal information with (if relevant).
If the personal information a journalist has about you came from someone other than you, they may not have to provide privacy information if it would be disproportionate for them to do so.
A journalist should only keep personal information for as long as they need to. This will vary based on the circumstances and a journalist must be able to justify the time period for which they hold your personal information. The risk of harm caused by keeping personal data must be assessed and also the data should only be kept if it is fair and lawful to do so.
Personal information should be deleted from systems and backup systems as soon as it is no longer needed.
If you think a journalist may have used your personal data in an unlawful manner and would like to know more about making a data breach claim, please contact an advisor for a free, no-obligation case assessment.
What Is The Journalism Exemption In Relation To Data Protection?
We have shown that it is normally expected that journalists need to comply with data protection law, but there is a journalism exemption that can be used if they meet certain criteria.
To apply the exemption, a journalist must:
- Use the personal data for a journalistic purpose.
- Act with a view to the publication of journalistic material.
- Reasonably believe that publication of the information will be in the public interest.
- Reasonably believe that complying with data protection law would not be compatible with their journalistic purpose.
Journalism is one of the ‘special purposes’ in data protection law covered by an exemption. Journalism is not defined by data protection law and should be interpreted in line with the everyday meaning of the word. The exemption is likely to apply to everything published in a newspaper, magazine, or broadcast on radio or television and can include online content.
The ICO give detailed guidance about terms such as ‘journalistic purpose’, ‘reasonable belief’ and ‘in the public interest’ in their Data Protection and Journalism Code. You can report a data breach to the ICO if you think your personal data has been misused.
If you are unsure if a journalist will be responsible for unlawfully handling your personal information, it is best to contact one of our advisors, who can assess your case and, if eligible, put you in contact with one of our expert data breach solicitors.
How Much Compensation For A Journalist Data Breach?
If you are successful in claiming against a journalist for a data breach, then you will be awarded compensation. Compensation could be awarded for your material damage and non-material damage.
Material damage is the financial losses you have expereinced due to the personal data breach, such as:
- Loss of earnings for taking time off to sort out a data breach.
- The costs of relocating where you live after a personal data breach of your address causes you to fear for your safety.
- Home security that has to be installed for the same reason as the point above.
- Therapy costs that are required to help you with the mental harm you suffered.
Non-material damage is the mental injuries that the personal data breach has caused you to suffer. In serious cases, a person could feel suicidal if their personal data was breached.
Those valuing your claim for your non-material damage may refer to the Judicial College Guidelines (JCG). Within this document are compensation guidelines for psychological injuries at various severity levels.
We have included a table of the guideline figures. Please note that these are just guidelines, and no figures are ever guaranteed in a data breach compensation claim. Additionally, the first entry has not come from the JCG.
| Injury | Severity | Compensation Guideline | Notes |
|---|---|---|---|
| Severe Psychological Injuries With Significant Financial Losses | Serious | up to £500,000 plus | Serious psychological injuries that lead to significant out of pocket expenses such as large loss of earnings and rehabilitation costs. |
| Psychiatric Damage | Severe | £66,920 to £141,240 | Significant impact on the ability to cope with life and work. Effects on relationships and a poor prognosis. |
| Moderately Severe | £23,270 to £66,920 | Similar to a severe injury above but with a more optimistic prognosis. | |
| Moderate | £7,150 to £23,270 | Problems with every day life and work but a marked improvement by trial with a good overall prognosis. | |
| Less Severe | Up to £7,150 | A period of disability with an impact on sleep and daily life. | |
| Post-Traumatic Stress Disorder | Severe | £73,050 to £122,850 | Permanent effects that prevent working or at least at functioning at pre-injury levels. |
| Moderately Severe | £28,250 to £73,050 | Some recovery with professional help, but significant disability in the forseeable future. | |
| Moderate | £9,980 to £28,250 | Largely recovered and continuing effects will not be grossly disabling. | |
| Less Severe | £4,820 to £9,980 | Virtually a full recovery within 1 to 2 years and only minor symptoms over a longer period. |
Our solicitors can help you get the compensation you deserve. Why not contact our friendly team to see if your case is eligible to be passed to a data breach solicitor?
Make A Journalist Data Breach Claim On A No Win No Fee Basis
If your claim is accepted by one of our solicitors, they can offer to work on your case under a Conditional Fee Agreement which a type of No Win No Fee Agreement. This allows you to claim data breach compensation and fund your case with the following advantages:
- No up-front solicitor service fees.
- Ongoing solicitor service fees do not need to be paid.
- No solicitor service fees if your case fails.
If your journalist data breach claim is successful, a success fee will be deducted from your compensation and paid to your solicitor. The success fee is on a percentage basis and the exact size of the percentage is limited by law. It is only payable if your case wins, and only at the end of the case.
To work with one of our No Win No Fee solicitors for your journalist data breach claim, contact us for a free eligibility assessment of your case. You can:
- Call us on 0800 073 8801
- Contact us online
- Use the live chat feature on this page
Learn More About How To Claim Data Breach Compensation
Hopefully, we have answered some of your questions about personal data breach claims, but if you have remaining questions, then these resources might help:
- Learn how to make a bank data breach claim.
- What are your rights after an employer data breach?
- Learn how to claim if your data has been breached by your workplace.
Here are some external resources to help you:
- Guidance on data breaches from the National Cyber Security Centre.
- A guide to identity theft from the ICO.
- Data security incident trends from the ICO.
Thank you for considering our guide about how to make a journalist data breach compensation claim. If you need any help, please do get in touch as there is no obligation to go any further than an initial talk.
