Bournemouth Borough Council Data Breach Compensation Claims Guide
Bournemouth Borough Council Data Breach Claims
Welcome to this guide that’s been created to help you understand the process of making a claim following a Bournemouth Borough Council data breach. If the council exposed your data as a result of failing to comply with data protection laws, you may have grounds to claim if you can prove they were at fault and you suffered damage to your mental health or finances as a result.
Firstly though, it’s important to be aware of what constitutes a data breach. The General Data Protection Regulation (GDPR) defines a data breach as the unauthorised access or use of someone’s personal or financial data.
The GDPR was put in place to prevent data breaches. However, in 2020, local councils reported around 700 breaches.
A council data breach could have consisted of something as simple as an employee leaving papers with sensitive information lying around on their desk for someone unauthorised to access.
If you’ve experienced a data breach, there are things you can do to get the compensation you deserve. For more information call our team on 0800 073 8804.
Alternatively, continue reading for further details on data breach compensation.
Select A Section
- A Guide On How To Claim For A Bournemouth Borough Council Data Breach
- Rates Of Cyber Security Breaches
- What Are Bournemouth Borough Council Data Breaches?
- Are Borough Councils Expected To Apply The GDPR?
- What Ways Could Borough Councils Breach Peoples Data Privacy?
- Breaches In Council Tenants Rental Information Privacy
- Do Council Data Breaches Have To Be Reported To The ICO?
- How The Data Breach Claims Process Works
- What Your Payout Could Include
- Bournemouth Borough Council Data Breach Payout Calculator
- Could I Claim For A Bournemouth Borough Council Data Breach With A No Win No Fee Solicitor?
- How Do I Make A Claim Against The Local Council?
- Contact Our Expert Team
- Useful Information
- Frequently Asked Questions About Local Government Data Breaches
In this article, we’ll be exploring the process of making a data breach claim, including what the council could have done to breach data protection.
For instance, there are a couple of pieces of legislation in place to monitor how the council uses your data, such as the Data Protection Act 2018 and the GDPR. However, if the council fails to comply with these regulations, there’s a chance your data could be at risk.
In instances where the council has compromised your data, you may be able to claim for the damage it’s caused you. Our guide will explore what you could claim compensation for and the evidence you’ll require to do so.
We’ve also provided some further resources throughout this guide so if your breach happened in a different way, click on the links throughout this guide.
Are there any time limits to making a data breach claim?
There is a time limit to be aware of when making a data breach compensation claim. You have 6 years to claim against a private company that causes a data breach. Alternatively, in claims involving a public body (including a city council), you have 1 year to make your claim. And your timeframe could change due to other factors too, so you may wish to contact us ASAP. Otherwise, you could unknowingly end up waiting too long and missing out on compensation altogether.
If you have any questions about this, you can get in touch with our team for more information on the number above.
When looking at the impact cybersecurity breaches can have on organisations, often the cost is one of the biggest impacts.
For instance, the Cyber Security Breaches Survey 2021 found that the average cost to businesses that faced breaches that resulted in a material loss was £8,460. Furthermore, for medium and large businesses the average cost was £13,400.
With this in mind, the survey conducted research to explore how much action was taken by businesses to identify, minimise and manage attacks.
The results are shown in the graph below. The percentages relate to businesses that took action over the last 12 months. Overall, 52% of businesses involved in the survey took different types of action.
However, there are some businesses more likely to take precautionary measures than others. For instance, the survey found that finance and insurance firms were 76% more likely to take action. Additionally, information and communication firms were 69% more likely.
In contrast, construction firms were 35% less likely to take any of these actions. It’s interesting that the nature of the business may determine the action taken to handle cybersecurity attacks.
The figures are provided by the Department of Digital, Sport and Culture.
Each council, whether county, borough or city, has a different set of departments and roles they’re responsible for. For borough councils, they would normally be in charge of the following services:
- Organising rubbish collections and recycling
- Collecting council tax
- Housing, e.g. housing associations and council houses
- Dealing with planning applications, e.g. for making changes to buildings
With all the departments they’re responsible for, there is a lot of data they could hold for people. For instance, name, address, date of birth, passport details and various bits of financial information.
If Bournemouth Borough Council fails to have a solid data protection procedure in place to protect your data, there are severe consequences that could affect people.
For example, a member of staff could have uploaded passport data to a computer without password protection. If someone then stole the computer, this could lead to people’s data being sold to third parties. In turn, this could lead to someone using another person’s identity to commit credit card fraud causing several financial complications.
Whether the breach is deliberate or an accident, if you can prove that Bournemouth Council did something wrong and you suffered damage to your mental health or finances, you could claim compensation.
The GDPR is a document that was created and implemented in 2018 to restrict how organisations use people’s data. The main theme of the legislation is to ensure organisations get consent both to use people’s data but also for how they plan to use data.
Additionally, the legislation’s main principles ensure that:
- The data held is correct
- There is a valid reason for using data
- An organisation is clear about its purpose for using someone’s data
- An organisation only holds relevant and necessary data
- The data is only kept for the necessary amount of time
- There are appropriate security measures in place to protect any data that is held
- An organisation takes responsibility for how they process data and their compliance with all the other principles
In the UK, the Data Protection Act 2018 was created to force organisations within the UK to comply with the GDPR. Any organisation handling EU citizen data is expected to comply with the GDPR.
However, there are a few exceptions that may apply to councils. For instance, the council doesn’t need consent to pass your council tax information to HMRC.
Despite there being a few exceptions, no one is fully exempt from following the GDPR or Data Protection Act 2018.
As the borough council covers different departments, there are various ways a breach could happen affecting both physical and digital data.
It could be as simple as leaving your computer unlocked and unattended with sensitive information on the screen for unauthorised staff to see.
Or the department responsible for planning applications forwarding information without removing sensitive data.
Additionally, it could involve:
- Failing to protect information with password-protected equipment
- Poor computer security or network security making them more vulnerable to cybersecurity attacks
- Ex-employees gaining unlawful access to databases and using it for personal use
No matter how your data was breached, you need to prove that it resulted from the council failing to meet their legal obligation to protect your data.
As mentioned previously, a borough council is in charge of housing, council tax and planning applications. For that reason, a breach of data may involve:
- Tenancy documents left in an unlocked filing cabinet for people without authorisation to access
- Rent statements sent to the wrong person
- Confidential correspondence relating to complaints about neighbours being sent to the wrong people
- Letters or emails sent to the wrong address or email address
- Failing to blind copy in emails sent to multiple people
Additionally, it could be that financial information has been stored on a computer with poor IT security software. Or a leak of data has been made by someone with unlawful access.
If you’ve suffered the consequences following a Bournemouth Borough Council data breach, there is a process that you could follow.
Firstly, the council needs to let you know about a breach without undue delay. They also need to make the Information Commissioner’s Office (ICO) aware within 72 hours of the breach occurring.
Once you’ve been made aware of the breach, you could start a discussion with the council about what they plan to do to resolve the issue. Additionally, you can start this discussion if the council hasn’t contacted you but you still have concerns that they have failed to comply with the GDPR.
If the council fails to take reasonable action or you don’t hear back from them, you could raise your concerns with the ICO. However, if there has been an undue delay in notifying them of the breach, it may be more difficult for them to investigate.
For that reason, you should try to bring it to their attention in a timely manner, usually within three months of the last meaningful contact you’ve had with the council.
Are there any consequences in place for councils that breach data protection?
The ICO has the right to take action against organisations, including councils if they find they have breached data protection regulations.
The action taken can vary depending on the severity of the breach. The ICO may issue a fine or an enforcement notice to improve the relevant area of data protection policies.
In fact, the ICO fined the Conservative Party £10,000 for sending marketing emails to people who hadn’t consented to receive them. According to an investigation carried out by the ICO, the emails included:
- People’s names
- Aspects of the party’s political agenda
- A link to the Conservative Party’s website encouraging people to join the party.
In comparison, the ICO fined British Airways £20 million as they failed to protect the personal and financial data of around 400,000 customers.
As you can see, the fines will align with the severity of the breach and how badly it may have impacted the people affected.
When contacting the council, it’s important to ensure you’re contacting the correct department. For instance, if you have concerns about the housing department, you should contact the relevant person from that department. This can avoid your query being delayed in getting to the correct person. It may also be worth looking to see if they have a data protection officer to who you can direct your complaint to.
Additionally, you should ensure all your information is accurate and you cover everything you’re concerned about from the beginning. If you leave anything out, it can cause more difficulty in providing a resolution for you.
However, if you’ve contacted the council and the ICO but the outcome with these communications hasn’t been successful, you could take the next step of seeking legal advice.
Our advisors are available to provide free legal advice and could connect you with a solicitor who can take you through the next steps. They can also help to value your claim and get you one step closer to getting the compensation you deserve.
You don’t have to have contacted the council or the ICO to start a claim. For more information, you can get in touch on the above number.
A data breach could lead to severe consequences that you end up suffering as a result of the council failing to meet its obligation to protect your data. For that reason, you may be able to claim compensation for both the financial and psychological impact you may have faced.
The financial compensation will come under material damage. It will consider the past and future implications on your financial state.
For instance, if you’ve been a victim of fraud or someone stealing your identity because of a data breach, this could have a long term impact on your finances.
On the other hand, psychological compensation will come under non-material damage. These might provide compensation for:
- Disturbance of sleep
- Stress or anxiety
- Impact on relationships, work or education
For more information on the evidence, you may need as part of your claim, see below.
How can I prove material and non-material damages?
As with any type of claim, you will need evidence to prove that the council’s failings resulted in a data breach that impacted you either financially or psychologically. This might include any correspondence you’ve had with the council. Or if the ICO has carried out an investigation, you can use the results from that as evidence.
Additionally, for any financial losses, you may need to provide:
- Bank statements
- Credit card statements
- Credit score ratings
Furthermore, for mental harm, you can provide medical records that show details of medical assessments or treatment for any psychological conditions.
In addition, a medical assessment may be arranged for you to attend as part of the claim. This can provide an independent record of your psychological state and verify that it was caused by the data breach.
The Court of Appeal decision regarding the case of Vidal-Hall and others v Google Inc in 2015 altered the way compensation is awarded for data breach claims. Before this point, it wasn’t possible to claim compensation for psychological damage without also claiming for financial damage.
However, since the Vidal-Hall case, people are allowed to claim just for the psychological suffering they’ve endured. When valuing these types of claims, solicitors may look to the Judicial College Guidelines to help them.
For that reason, we have created a psychological injuries table that provides an estimate of what you could claim for mental harm.
Mental injury Severity Description Award
Psychiatric damage Severe There will be consideration given to factors including the impact the damage has had on a person's ability to deal with life, work or education and maintain relationships where there will be permanent issues £51,460 to £108,620
Psychiatric damage Moderately severe The impact the damage has had on a person's ability to deal with life, work or education and maintain relationships will cause significant issues that may not be permanent £17,900 to £51,460
Psychiatric damage Moderate There will be an on impact on a person's ability to deal with life, work or education and maintain relationships which may result in noticeable improvements £5,500 to £17,900
Psychiatric damage Less severe Consideration will be given to how long a person was effected by the impact the damage has had on their life, work, education and relationships Up to £5,500
Post-traumatic stress disorder Severe There will be a permanent effect on every aspect of the person's life £56,180 to £94,470
Post-traumatic stress disorder Moderate The person will have mostly recovered and if there is any ongoing impact on any areas of a person's life, they won't be severe £7,680 to £21,730
Post-traumatic stress disorder Less severe The person will have fully recovered within two years and if there is an ongoing impact on any areas of a person's life, they will be minor Up to £7,680
However, the figures provided serve as a guide as your actual compensation settlement amount will greatly depend on other factors.
For instance, the additional medical assessment may also be taken into account. And, if you’re claiming compensation for any financial damage, this can vary from case to case.
So, if you have any questions regarding how compensation may be calculated, our team will be happy to help.
We understand that you may have a few reservations about using a solicitor. However, we have a great option that you could choose which allows you to avoid upfront costs and any costs during the course of your claim.
You may have heard the phrase No Win No Fee agreement or conditional fee agreement whilst researching data breach claims. This type of agreement is a great way to have the benefits of a solicitor representing you, whilst not having to worry about the costs if your claim doesn’t succeed.
It essentially means that if your solicitor fails to win your claim then you won’t pay solicitor fees.
If they do succeed, you’ll need to pay a small success fee. The success fee is legally capped though. In addition, you may agree on the fee with your solicitor before putting forward your claim.
For more information, you speak to our team on the number above.
The first thing you need to be sure of is whether you hold a valid claim. In order to determine this, you need to look at whether you can prove that the council’s failings led to your data being exposed and used in a way that you didn’t consent to.
If you need help with this, our team can provide further guidance. However, once you’ve assessed the validity of your claim, the next step is to look for a solicitor to help you.
You don’t have to look far as an advisor from our team can put you in touch with one of our solicitors. All of our solicitors operate on a No Win No Fee basis and have expert knowledge in data breach law.
Not only do they have experience handling data breach claims, but they’ll have knowledge on claims against the council too.
For more information, take a look at our review page. Alternatively, see below for how you can get in touch with an advisor to connect you.
We hope that after reading our guide, you have a better understanding of what the process of making a data breach claim entails. However, as there is so much information to digest, we encourage you to get in touch if you have any questions about anything in this guide.
Here at Legal Expert, our advisors are ready to provide you with free legal advice, 24 hours a day, 7 days a week.
So, no matter what part of the data breach claim you need help with, why not get in touch using any of the following contact details:
- Call us on 0800 073 8804
- Get instant support using the live chat feature at the bottom of the page
- Fill out our call-back request form and get help at a time best suited to your schedule
Have you or your child been affected by a school data breach? If so, our guide could help you understand the process of making a claim for compensation.
Did the NHS fail to follow data protection legislation? If so, visit our guide for more information on what you can do following a data breach.
See our guide on the process of making a claim against a bank for compromising your data.
For more information about the ICO and what they do, see their website.
Visit the government website for further information on making a complaint about a data breach.
See the ICO website for further details on the action the ICO has taken. You can see examples of the consequences organisations might face if they breach data protection.
For more information on data breach claims, see below where we’ve provided answers to some questions we’re often asked.
What damages must have been suffered?
You can either claim compensation for the impact on your finances or your mental health.
What is the scope of the GDPR?
One of the main themes of the GDPR is to enforce organisations to gain your consent for the way they intend to use your data.
Are there exceptions to being able to make a GDPR claim?
There may be certain aspects of the GDPR that may not apply to some organisations. However, no organisation handling EU data is fully exempt from complying with the GDPR.
Thank you for taking the time to read this article on Bournemouth Borough Council data breach claims.
Guide by Mitchell
Edited by Billing