GDPR Solicitor mistake

[Sheswearsby]

I'm in the middle of a pretty nasty divorce. It's complicated - children and joint business involved. Mediation hasn't gone well and there have been constant emails between myself and my solicitor over the last couple of weeks.
Last week my solicitor told me that there had been a breach of the GDPR regulations concerning my case. I've learned today that an email thread between myself, my solicitor and the mediator has been mistakenly forwarded to someone completely unrelated to any of the above parties. It was 'human error' and I have been offered compensation.
I'm fragile as it is. I have been assured that the emails have been deleted. I don't know if they went to another client or another member of the legal team. Will I be told if I ask?
I'm going to end up with a whopping bill at the end of all this. I find it unacceptable that I'm paying someone nearly £300 an hour and a mistake like this has happened.
The compensation I've been offered is not even 2 hours work for my solicitor. My worry is - if I don't accept the offer it will affect our ongoing relationship?
I'm not money grabbing. I just wish it hadn't happened. My stress levels are through the roof and I don't know what to do for the best.
Any advice would be so appreciated.
I've name changed.

I wouldn't stress about it I got someone else's case details sent to me by my useless solicitor in my divorce ( later moved) and didn't get offered anything didn't even get an apology! But I know that's the different way round.
I would like to know if it was me who received the email in your case

Hi, my partner has just gone thru a divorce and I've found out that his ex's solicitor provided her with my home address. I had no knowledge of this, I don't remember ever disclosing it on any divorce paperwork as it had no bearing in the proceeding. My partners ex has used this info to search for details of my house sale.! Is this a breach of GDPR.?

Aww OP I am so sorry to hear you are under so much stress and this hasn't helped.

It is really easily done when you send a lot of emails every day. Usually what happens is someone starts typing a name eg "Julia" for "Julia Morris" and then hits enter to autocomplete the rest, not realising the top name on the list is actually "Julia Metcalfe" or because that's the most recent contact. When that happens, yes they will know who that recipient is and you can ask. They can't tell you who exactly but may be able to tell you whether it's a staff member, client, professional colleague, Land Registry clerk- whatever. The chances are high that it was sent to another professional contact either in the office or externally (who has to deal with GDPR in their own right) who will have glanced at it, realised it's not for them and deleted it either before making the sender aware, or after the sender realised their mistake and notified the recipient.

The other alternative (less likely) is that the sender was typing out an email address and mistyped eg Anne.Thompson for Anne.Thomson. In this case, they'd be highly unlikely to have any idea who or where this person might be.

In both cases they will have written to the recipient as soon as the error was realised and asked them to delete the email without reading it. As it's an unconnected party, albeit for very sensitive information, and presumably nothing that could be used against you, it will be a lower risk than if it was sent to someone involved in the case.

Compensation for this is likely to be in the hundreds, not thousands, as it's been very distressing but has not resulted in financial loss or injury to you. If it did not involve a sensitive situation it might be worth £50 or 100 - as you say "a couple of hours" I'm guessing it's closer to 300-500, which is an indication that they consider it sufficiently serious.

You can complain to the ICO about the breach if you like - you are perfectly within your rights to do so. However unless the breach was malicious or part of a pattern of negligence or poor data protection practices, the ICO is not likely to take any action as the firm has taken steps to inform you and to remedy the breach, and the ICO cannot award compensation. It may impose fines, but, because it's a fact of life that accidents happen, this is also unlikely unless the breach was part of a pattern of negligence or malicious behaviour.

I know this has been very upsetting for you. And I hope it doesn't continue to distress you once you've had a chance to absorb it. I would suggest you accept the cash and keep it to treat yourself to something when this is all over. It sounds like you're going through a really tough time. X

BattleofBeamfleot
Thank you for taking the time to write such a kind and thoughtful reply.

I have been told that the email thread was sent to a client, so not internally unfortunately. Both our full names are quoted and my address so it's quite possible that our joint business could be identified. Some of the details in the messages explain why mediation went so badly - soon to be exH isn't shown in a very good light at all and I think my initial panic was because I'm dreading his reaction if/when he finds out about this breach.

Hopefully whoever did receive the messages will be discreet and delete ...

I won't be taking my complaint further, and I expect I will accept the compensation offered. It was never about the £££'s - I won't actually see any of it any way. The compensation will be deducted from my next colossal bill!

Thank you again for being kind x