GDPR Breach

wealdroam

Doodle16 said:

I have a storage unit, if someone broke into the unit and stole my property because of lack of adaquete security I wouldnt be happy and would want to be compensated but when someone steals your personal details its not a big deal?

Similarly, if someone used your leaked details to (say) empty your bank account, then of course you could rightly seek compensation for that loss.

As I understand it, you have lost nothing yet.
And don't say you have lost your personal details - you still have them, it's just that someone else has them too.  

Arnisdale

Doodle16 said:

Aylesbury_Duck said:

Doodle16 said:

I honestly dont get how people make assumptions about me being money hungry. Im not expecting to be able to buy a yacht and sail away into a bright gold plated future. I also think its weird how people are so blase about data breaches. I have a storage unit, if someone broke into the unit and stole my property because of lack of adaquete security I wouldnt be happy and would want to be compensated but when someone steals your personal details its not a big deal? 

I know some people wouldnt think twice about this but I know I will be worrying about this for a long time. 

Probably because your opening post said this:
 I emailed them asking them to confirm how this happened and what compensation they are willing to offer. 
And ended with this:
I was wondering if anyone has had a similar experience and if so what compensation (if any) was offered?

That's a pretty clear indication your primary concern is the level of compensation you might get.  How else did you think it would come across?

Considering I immediately contacted my bank to inform them and contacted the three credit rating agencies and  changed all my passwords, what else should I have done? 

I didnt ask about any of the above because I had already taken all the actions available to me to protect myself! 

I can see that I am just money hungry 'snowflake' thanks to everyone who offered some practical advice! 

So you were only interested in 'how much' compo you could squeeze out of them?

Aylesbury_Duck

Doodle16 said:

Aylesbury_Duck said:

Doodle16 said:

I honestly dont get how people make assumptions about me being money hungry. Im not expecting to be able to buy a yacht and sail away into a bright gold plated future. I also think its weird how people are so blase about data breaches. I have a storage unit, if someone broke into the unit and stole my property because of lack of adaquete security I wouldnt be happy and would want to be compensated but when someone steals your personal details its not a big deal? 

I know some people wouldnt think twice about this but I know I will be worrying about this for a long time. 

Probably because your opening post said this:
 I emailed them asking them to confirm how this happened and what compensation they are willing to offer. 
And ended with this:
I was wondering if anyone has had a similar experience and if so what compensation (if any) was offered?

That's a pretty clear indication your primary concern is the level of compensation you might get.  How else did you think it would come across?

Considering I immediately contacted my bank to inform them and contacted the three credit rating agencies and  changed all my passwords, what else should I have done? 

I didnt ask about any of the above because I had already taken all the actions available to me to protect myself! 

I can see that I am just money hungry 'snowflake' thanks to everyone who offered some practical advice! 

You've said it yourself.  You don't need advice on what to do, you want advice on how much compensation you might expect.  That's your prerogative, but you can't then expect people to think you're not motivated by the prospect of a payout.

You've had the advice you needed, that until you suffer an actual loss as a result of the breach, it's impossible to say how much compensation is due to you. 

williamgriffin

Chooo chooo all aboard the compo train. 

IvanOpinion

Doodle16 said:

I just recieved an email from my conveyancing solicitor who informed me that they had a data breach and my financial/personal info/address history has been stolen. They have informed the police and ICO.

While these have to be reported as possible data breaches there are many categories that it could actually fall under.  For example maybe someone broke into their offices and stole some computers - possibly have no interest in the data but wanted some hardware to flog on ebay.  Maybe they have simply mislaid a hard disk or pen drive.  Maybe an employee took some data because they are setting up by themselves and wanted some contact details.  Maybe a report went in the bin instead of through the shredder. All are effectively breaches.  Do you know the nature of this data breach?

We are in the 21st century and these things are going to happen - they are effectively as much part of every day life as someone being robbed in the street.  I am sure they will have explained exactly what 'financial information' has been put at risk and as long as you have taken the right actions to secure related accounts then you should be fine (you don't stop going out because of possible risks, this is similar).

Sandtree

Doodle16 said:

I have a storage unit, if someone broke into the unit and stole my property because of lack of adaquete security I wouldnt be happy and would want to be compensated but when someone steals your personal details its not a big deal? 

If they stole your £2,000 TV from that storage unit then you would have been deprived of that item and could correctly claim the £2,000 it would cost to go out and buy a new one.

In this case however they have taken your name and date of birth but you still have your name and date of birth and can continue to use it. So the data breach itself has cost you nothing. If they go on to use that data for other purposes well generally speaking a) banks etc protect you against identity theft and b) if this fails then you have a claim for compensation.

At the moment you are limited to a theoretical risk... like coming to the storage unit and seeing the lock wasnt on but nothing was taken... and so compensation is simply a token amount of goodwill and maybe something like the Experian alert service for a year.

Now if you want to claim the anxiety has caused you to be medically ill then you can go down a personal injury claim route but thats a lot of time speaking to psychiatrists and having people pouring over your medical records to substantiate the extent that this event alone has caused the issue and not just general life at present

Robbo66

Doodle16 said:

I just recieved an email from my conveyancing solicitor who informed me that they had a data breach and my financial/personal info/address history has been stolen. They have informed the police and ICO. I suffer from general anxiety disorder and OCD and my anxiety around this had exploded. I understand this can happen but the scale of the breach and the possible impact this will have is stressing me out. I am also aware that the information can be used to get finance and credit etc. I emailed them asking them to confirm how this happened and what compensation they are willing to offer. 
I am waiting on their response but I am really  not happy. I understand that I have a resonsibility to manage my mental health and I am on medication and currently in counselling but I know this will exactrabate my condition and it is already having an impact on my mental health.
I was wondering if anyone has had a similar experience and if so what compensation (if any) was offered?

Firstly they don't owe you any compensation as at this point you haven't lost anything financially, if you are concerned about I.D theft register with CIFAS, cost around £20 for a year. If any credit is applied for in you name you are contacted to confirm that it is you making the application. Notify your bank and credit card providers so they can leave a note on your account as well.

MattMattMattUK

Doodle16 said:

I honestly dont get how people make assumptions about me being money hungry. 

People will make assumptions based on available data, the available data was that your first email back to them, upon being told of the data breach was not how they could help you be secure, was not what actions you would need to take, was not what data had actually been obtained, but was about money. "I emailed them asking them to confirm how this happened and what compensation they are willing to offer."

Doodle16 said:

I also think its weird how people are so blase about data breaches. I have a storage unit, if someone broke into the unit and stole my property because of lack of adaquete security I wouldnt be happy and would want to be compensated

A better example, in relation to data, is that someone else now knows you have a storage unit and that it contains some personal items, but the items are still in the storage unit, untouched. You have not lost anything by the breach of the data, the same as you have not lost anything by someone knowing you have a storage unit. If the data breach allows someone to commit fraud then you may be entitled to compensation, just as if someone actually stole things from your storage unit you may be entitled to compensation, or an insurance claim. The data breach has cost you nothing and deprived you of nothing.

Doodle16 said:

but when someone steals your personal details its not a big deal? 

Generally because almost all data breaches come to nothing and in the very occasional instances that something does happen the consumer is protected by a large amount of legislation, meaning that they do not loose out and any costs they incur are reimbursed. 

Jenni_D

As I understand things, a GDPR breach does not require provable loss - it also covers "non-material damage (e.g. distress)". https://ico.org.uk/your-data-matters/data-protection-and-journalism/taking-your-case-to-court-and-claiming-compensation/

2021BJ

Jenni_D said:

As I understand things, a GDPR breach does not require provable loss - it also covers "non-material damage (e.g. distress)". https://ico.org.uk/your-data-matters/data-protection-and-journalism/taking-your-case-to-court-and-claiming-compensation/

Yes, it requires provable loss.   Non-material damage is still provable.