Skip to main content
Book a call — £89
Menu

Breach of Confidentiality UK: Claim Your Rights

We're not a law firm — we help you find the right legal support. For advice on your situation, speak to a legal adviser or find a solicitor.

Part ofProfessional Negligence Claims UK

Written by Brad Askew Solicitor (non-practising)
Brad is on the roll of solicitors of England & Wales but does not hold a practising certificate and does not provide legal advice.
Updated June 2026 · England & Wales
When you share sensitive information with a doctor, solicitor, accountant, or other professional, you expect it to stay private. That expectation is not just a matter of etiquette, it is backed by law in England and Wales. When someone in a position of trust shares your private information without permission, the consequences can range from embarrassment to serious financial loss. This guide walks through what counts as a breach of confidentiality, how the courts look at these cases, and what practical steps you can take if you think your rights have been infringed. It also covers where data protection legislation overlaps with the common law duty of confidence, so you can work out which route fits your situation best.

Overview

A breach of confidentiality happens when someone who has a duty to keep your information private shares it, uses it, or allows others to access it without your agreement. The duty itself can arise from a professional relationship, a contract, an employment setting, or simply from the nature of the information itself.

Courts in England and Wales recognise that certain categories of information carry an inherent expectation of privacy, including medical notes, financial records, legal correspondence, personal communications, and business secrets. The breach might be deliberate, such as a professional gossiping about a client, or accidental, such as an email sent to the wrong recipient.

It can also happen through poor security practices that let third parties access data they should not see. What matters legally is whether the information was confidential in nature, whether it was shared in circumstances that imposed a duty of confidence, and whether it was then used or disclosed in a way that was not authorised.

The law treats this seriously because so much of modern life depends on being able to trust the people we share information with.

Key steps

  1. Gather the evidence. Start by writing down exactly what information was shared, who shared it, who received it, and when you found out. Keep copies of any emails, letters, messages, or documents that show the disclosure happened. Contemporary notes carry real weight if the matter later goes to court or an ombudsman.
  2. Raise a formal complaint. Most regulated professionals have a complaints procedure, and many professional bodies require you to go through it before escalating. Write to the firm or individual setting out what went wrong, what harm it caused, and what outcome you want. Keep your tone factual and give them a reasonable deadline to respond.
  3. Report to the relevant regulator. Depending on the profession, the regulator might be the General Medical Council, the Solicitors Regulation Authority, the Financial Conduct Authority, or another body. If personal data was involved, you can also report the matter to the Information Commissioner's Office, which oversees compliance with UK data protection law.
  4. Quantify the harm you have suffered. Courts and regulators want to see what the breach actually cost you. This might include financial losses, medical expenses for distress-related treatment, lost earnings, or damage to your reputation. Keep receipts, medical notes, and any correspondence that shows the knock-on effects of the disclosure.
  5. Consider your legal options. You may have grounds to bring a civil claim for breach of confidence, misuse of private information, or a statutory claim under data protection legislation. Time limits apply, so acting promptly matters. Getting guidance early helps you understand whether a claim is worth pursuing and what remedies might realistically be available.

Common questions

If you're dealing with this kind of situation, a call with an experienced legal adviser can help you work out the right next step — from £89.

Common questions

Q How long do I have to bring a claim for breach of confidentiality?
Time limits depend on the type of claim. Claims for breach of confidence or misuse of private information generally need to be brought within six years, while some statutory claims have shorter windows. If the breach caused personal injury, including serious psychiatric harm, a three-year limit may apply. Acting sooner rather than later protects your position and makes evidence easier to gather.
Q Can I claim compensation for distress alone, without financial loss?
Yes, in many cases the courts will award damages for distress, upset, and loss of control over private information, even where there has been no direct financial loss. The amount depends on how sensitive the information was, how widely it was shared, and the lasting impact on you. Data protection claims also allow for non-material damage in appropriate cases.
Q What is the difference between a breach of confidence and a data protection breach?
Breach of confidence is a common law claim that protects information shared in circumstances of trust. A data protection breach is a statutory matter under UK GDPR and the Data Protection Act 2018, focused on how organisations handle personal data. The two often overlap, and one incident can give rise to both types of claim, each with its own procedures and remedies.
Q Does the duty of confidentiality apply to friends and family?
It can, depending on the circumstances. The law recognises that certain personal communications carry an expectation of privacy, particularly intimate information shared within close relationships. Cases involving former partners sharing private images or messages have been successfully brought as misuse of private information, even without a formal professional relationship.
Q What remedies might a court order for a breach of confidentiality?
Courts can award financial compensation for both material and non-material harm. They can also grant injunctions to stop further disclosure, order the return or destruction of confidential material, and in some cases require an account of profits where someone has gained financially from misusing your information. The right remedy depends on what you want to achieve.
Q Do I need to prove the person meant to breach my confidentiality?
Not always. While deliberate disclosure strengthens a claim, liability can also arise from negligent or accidental breaches. For example, a firm that fails to secure its systems and suffers a data leak may still be liable even though no one intended to share your information. The focus is often on the duty owed and whether it was met, not only on intent.
Q Will bringing a claim make the breach more public?
It is a valid concern. Court proceedings are generally public, though in privacy-related cases the courts can order anonymity, reporting restrictions, or private hearings to protect the very information at the heart of the claim. Many disputes also settle before trial, which keeps details out of the public eye. Your adviser can help you weigh up the options.
If you're dealing with this kind of situation, a call with an experienced legal adviser can help you work out the right next step — from £89.

Sources

This guide is based on primary UK law and official guidance.

Brad Askew, Solicitor (non-practising)

Written & reviewed by

Brad Askew Solicitor (non-practising)

Brad is on the roll of solicitors of England & Wales but does not hold a practising certificate and does not provide legal advice. LegalDocuments.co.uk is not a law firm and does not provide regulated legal advice.

Full profile →SRA register ↗
Legal disclaimer
This article is for general information only. It is a tool to help you find your way — not legal advice, and not a substitute for speaking to a qualified adviser about your situation.