Data Breach Jargon Buster

Making the data breach claims process simple and transparent.


Don’t get lost in legal speak

At Keller Lenkner UK, our expert data breach lawyers understand that making a data breach compensation claim can seem difficult. And not knowing what to expect can be stressful.

To protect you from any unnecessary worry, we make sure you are fully informed at every step of the process.

To help with this, our handy data breach jargon buster explains some of the key legal phrases and terminology you might come across when making a claim.

Common legal phrases and terminology

After the Event (ATE) Insurance
If your claim is not successful, you will be responsible for a share of the Defendant’s costs. These costs will have been incurred in defending the claim. When we take out ATE Insurance on your behalf, we protect you from having to pay these costs and expenses if you lose your case.
The person making the claim.
Conditional Fee Agreement (CFA)
A CFA is also known as a No-Win, No-Fee agreement between you and your solicitor. It states that you won’t have to pay a penny if your claim is unsuccessful.
Data Protection Breach
A data protection breach refers to any situation where personal data has been wrongly accessed, altered, disclosed, destroyed, or lost. A data protection breach can occur because of hackers and other cybercriminals, or by human error, negligence and poor security processes. 
Data Protection Hack
A data protection hack is caused by people with malicious intent who break into a company’s systems to steal information.
The organisation that has breached your data and who you are claiming against.
A payment we make on your behalf to a third party.
It’s essential to get as much evidence as possible in data breach cases. This includes things like:
  • Bank and credit card statements 
  • Correspondence (letters, emails, etc.) with banks, credit card providers, credit reference agencies, etc.
  • Credit score reports (with dates of any dips)
  • Details about medical appointments/prescriptions that relate to this data breach
  • Anything else that may be relevant to support your claim. 
Keller Lenkner UK asks for evidence throughout the claims process. And, we have a handy and secure online form to allow you to upload evidence quickly and easily.
Further Information Form
A legal document that asks for specific information about the data breach incident you were involved in. For example, it might ask about any bookings/purchases you made with a defendant and details of the card you used to do this.
Group Action
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.
With a group action claim, the claimants collectively bring their cases to court against a defendant. These victims then fight together to achieve compensation in the High Court of Justice.
Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.
Group Litigation Order (GLO)
An order of the court in England and Wales, a GLO allows people who have suffered common or related issues to have their cases managed collectively via a group action. 
Group Register
The group register is a large database of everyone seeking to claim against the defendant.  
Letter of Claim
A Letter of Claim lets the defendant know that we plan to start proceedings against them on your behalf.
An independent authority, set up to uphold information rights in the public interest, and to promote openness by public bodies and data privacy rights. While the ICO does not award compensation, it does have the power to impose hefty fines on organisations in breach of their duties. 
Impact Form
A legal document that asks how the breach has affected you. This could include things such as spam/nuisance phone calls and emails, cancelled cards, financial loss and emotional distress.  You can fill in our Impact Form online.
Litigation Management Agreement
A legal agreement between you, your solicitors, and all the other claimants in the group action. It establishes how the case will be managed in the most cost-effective and least troublesome way to you.
N1 Claim Form
A two-page court document. It briefly outlines your claim against the defendant.
No-Win, No-Fee
Also known as a CFA, a no-win, no-fee agreement is a contract between you and your solicitor. It states that you won’t have to pay a penny if your claim is unsuccessful.
Part 36 Offer
A Part 36 Offer is an offer of settlement. It can be made by either the claimant or the defendant. A Part 36 Offer aims to settle a claim early without the matter having to go to court.
Particulars of Claim
The Particulars include all the necessary details and background information the court needs from us to make a data breach compensation claim. This document also sets out what we hope to achieve on your behalf. A Particulars of Claim is needed only if court proceedings are necessary.
Representative Action
A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.
Schedule 2 Form
The Schedule 2 form asks you about any financial losses, distress, and/or inconvenience you have suffered as a result of the data breach. Sometimes this means providing information that you have already supplied to us. We appreciate that this is frustrating, but the impact of a data breach isn’t always immediately apparent. So, it’s vital that we regularly assess the level of loss and upset you have suffered to ensure you receive the maximum compensation possible.
Statement of Truth 
A Statement of Truth is a statement that confirms that the facts stated in a document are true. For example, we often ask you to sign a Statement of Truth to verify that a defendant has advised you that you were involved in the data breach incident. 
Signing a Statement of Truth which you know contains false evidence can negatively impact the success of your claim. Contempt of court proceedings may also be brought against you if you have provided statements that you do not believe to be true. So, before you sign a Statement of Truth, you should verify this to be correct.
Success Fee
If your claim is successful, we will charge a success fee. This fee covers the costs we have incurred in representing you in your case. At Keller Lenkner UK, our fees are reasonable and we always explain what you will have to pay if you win up-front.

Key data protection legislation


There are several essential laws designed to keep us all safe online. Here are some of the key data protection laws that apply in the UK.

Data Protection Act (DPA)
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses, and the government. The Data Protection Act is the UK’s implementation of the General Data Protection Regulation (GDPR).
General Data Protection Regulation (GDPR)
The General Data Protection Regulation is an EU regulation law on data protection and privacy. Despite Brexit, all UK organisations must comply with the GDPR. In the UK, the Data Protection Act (DPA) is the UK’s interpretation of the GDPR.
Computer Misuse Act
The Computer Misuse Act helps to stop people from using computers for illegal purposes. It deals specifically with the crime of accessing or modifying data stored on a computer, without being authorised to do so.
Copyright, Designs and Patents Act
The Copyright, Designs and Patents Act gives the creators the right to control how their material is used. Music, books, videos, games and software can all be covered by copyright law.
Privacy and Electronic Communications (EC Directive)
The Privacy and Electronic Communications Regulations (PECR) currently governs email marketing. The EU will be releasing a new ePrivacy (ePR) regulation, but until then, PECR applies.
Protection from Harassment Act
The Protection from Harassment Act protects the victims of harassment. This includes stalking, racial harassment, and anti-social behaviour by neighbours. Tech abuse often falls under this act.
Malicious Communications Act
The Malicious Communications Act 1988 makes it illegal to “send or deliver letters or other articles for the purpose of causing distress or anxiety”. It also applies to emails. Communications sent via social media could also breach this act.
Human Rights Act
In the UK, The Human Rights Act sets out the fundamental rights and freedoms that everyone is entitled to. Part of this act is your right to respect for your private life, your family life, your home and your correspondence (e.g. letters, telephone calls and emails). What this means is that you have the right to live your life privately without government interference.