Data Breach At Hastings Borough Council – Compensation Claims Guide
Welcome to our guide, which looks at the steps you could take should a data breach at Hastings Borough Council occur. Local councils need to collect a wide range of data on members of the public who use their services. But what steps could you take if a security failure in protecting personal data results in this information being exposed? This is what our guide will look at.
Personal data is classed as any data which might be used to identify you, either alone or when combined with other information. There are regulations in place that say how organisations, including councils, have to protect this data from being exposed. We will take a closer look at some data protection laws further on in this guide.
What Happens If My Right To Data Privacy Is Breached By A Council?
Who is entitled to data breach compensation? And what kinds of damages could you claim if a data breach occurs that could have been avoided? Are both questions that we look to answer within this guide.
Our guide also explains how a data breach might occur, the conditions that need to be met before you claim, and how Legal Expert can help you. Call Legal Expert today to find out more and to benefit from free legal advice. You can reach an adviser on 0800 073 8804.
Select A Section
- A Guide About Claims For A Data Breach At Hastings Borough Council
- 2021 Updated Data Breach Statistics
- What Could Be A Data Breach At Hastings Borough Council?
- What Is The Impact Of GDPR On Local Government?
- Types Of Data Breaches And Attacks Against Councils
- Tenancy Records And Social Services Data Breaches
- How Bad Does A Breach Need To Be In Order To Report It To ICO?
- Can I Sue A Council For A Breach Of The Data Protection Act?
- How Can You Be Compensated For A Data Breach?
- How To Calculate Payouts For A Data Breach At Hastings Borough Council
- No Win No Fee Solicitors For A Breach Of Data Protection Claim
- Where To Find Lawyers That Could Handle Claims For A Data Breach At Hastings Borough Council
- Speak To Us
- Similar Articles
- Frequently Asked Questions About Data Security
The personal data that is held, stored and processed by organisations is protected by strict regulations. The organisation with control over the data is referred to as the data controller, and the person that the data relates to is called the data subject.
The General Data Protection Regulations (GDPR) is the piece of legislation that outlines how data controllers must act when handling and processing personal data. These regulations were ratified into UK law through the Data Protection Act 2018. Since the UK has left the European Union, we refer to the UK GDPR with regards to data protection regulations in the UK.
The Information Commissioner’s Office (ICO) is an independent body responsible for enforcing data protection in the UK. They are able to investigate data controllers, including councils. They can also fine those that don’t adhere to the UK GDPR.
In this guide, we will examine what a data breach is, how one might occur and what can happen if personal data is breached or exposed. We will also look at the different kinds of damages that could be awarded in a data breach claim and how these are calculated. In addition, we will look at No Win No Fee agreements and how they may be useful in funding legal representation.
When you’ve been affected by a data breach, you have 6 years to start a claim. If your human rights were infringed, then this is reduced to one year. However, we always recommend seeking legal advice as soon as possible following a breach. This will give you the best chance of receiving the compensation you deserve, as providing supporting evidence will be easier the less time has elapsed since the breach.
On the eve of the new data protection legislation (2018), Hastings Borough Council accidentally exposed individuals’ personal data. They did this by CCing an email to a group of people. This email should have been blind copied to the recipients to ensure that people’s email addresses weren’t visible to everyone who received the email.
The Cyber Security Breaches Survey 2021 revealed that cyber-attacks remain a serious threat to charities and businesses in the UK. The report found that phishing is still the most common form of attack.
The government survey found that 26% of charities and 39% of businesses experienced breaches in their cyber security over a period of twelve months. Furthermore, 35% of large businesses and 40% of charities reported a negative outcome from these attacks, including things like an impact on business or a diversion of staff time.
A data breach is a security incident that causes personal data to be lost, destroyed, altered or accessed in an unlawful or unauthorised manner. A data breach can happen accidentally, for example, because staff were not properly trained or as the result of a deliberate malicious cyber attack.
Data protection laws cover physical data as well as data that is stored on a computer or online. For instance, a data breach could occur because a filing cabinet containing personal data was left unlocked, meaning that unauthorised people could access it.
Having your data exposed could cause you financial and emotional harm. For instance, a bank or credit card breach could result in you losing money or your credit rating being affected. A school or nursery data breach could leave you worried about your child’s safety in some circumstances. And if your medical records were exposed, meaning that details of your health are accessible to people who aren’t authorised to see it, this could cause you emotional harm and cause you stress or anxiety.
As we have already mentioned, “data controller” refers to an organisation that collects, stores and processes personal data. Councils, just like all other data controllers, must adhere to the UK GDPR.
There are seven key principles that underpin UK GDPR and which all data controllers must follow in order to comply with data protection laws. These are:
- Data must be processed in a lawful, fair and transparent way.
- Organisations must only use data for the purpose it was collected and not for any further purposes that aren’t compatible with this.
- All data must be kept accurate and up-to-date.
- Data must not be stored for longer than needed for the purpose it was collected for.
- Security systems must be in place to protect and secure personal data
- The organisation must take responsibility for the way they collect and use data and need to be able to show that they are compliant with the rest of these principles.
We’ve looked at the reasons that a council might need to collect your data and the things they are expected to do to keep your data secure. But how might a council data breach occur as the result of failings on the part of the data controller?
Data breaches can happen in various ways. Some could be caused because the data controller failed to put the right protocols in place to keep such personal information safe. While others can happen because even the stringent security systems managed to get hacked. But what are examples of data breaches;
- Cybersecurity systems are not kept up-to-date, meaning that hackers can access personal data
- Phishing emails allow third parties to access personal data
- An email containing personal data is sent to the wrong person because of a spelling mistake
- A computer that is not password protected and that contains personal data is left on public transport
- Tenancy documents are sent to the wrong address, despite the right address being on record
- Your employer sends your payslip to someone else, meaning that they can see your personal data and how much you are paid.
Local councils offer a wide range of services, including social services and council housing. If someone is a user of one of these services, then their information will need to be held by the council.
The sort of data a council holds will often include the following:
- Public housing audit documents relating to tenants
- Rent statements
- Tenancy documents
- Information related to, for example, your family circumstances (particularly in the case of social service agreements)
- Tenancy agreements
- Information that might be used to confirm your identity, such as a scan of your passport.
Data controllers do not have to report all data breaches they suffer. However, when the rights and freedoms of the data subject are put at risk by a breach, it must be reported to the ICO. This should be done within 72 hours, and you should be told about a reportable breach without undue delay.
If you think that the council is in breach of the GDPR in the way it is handling your data, your first step should be to raise your complaint with the local council directly. You can use this ICO template to help construct your complaint to the council.
If the response you receive is unsatisfactory, you can then contact the ICO to voice your concerns within 3 months of the last significant communication you had with the council. If you wait longer than 3 months to get in touch with them, they may refuse to investigate the issue.
You don’t have to complain to the ICO in order to pursue compensation for the harm the breach has caused you. However, doing so could support your claim down the line and can give you a better idea of how the breach occurred.
It can be difficult to know what to do if a data breach at Hastings Borough Council occurred. Speak to our team for free legal advice.
We’re often asked whether it’s necessary for you to have a solicitor represent you in a claim for harm caused by a data breach. While it’s not a legal requirement, the process of claiming for harm caused by an avoidable data breach can be daunting to face alone.
Data protection laws can be complex, and you may not know what the best steps are to take after a breach has caused you emotional or financial harm. However, having a data breach solicitor’s help can mean that you get the necessary support throughout the claims process.
If you get in touch with Legal Expert, one of our advisors can chat with you about your claim with no obligation for you to proceed. If they feel your claim has a good chance of being successful, they could then connect you with one of our solicitors who can work on a No Win No Fee agreement.
If you were successful in your data breach compensation claim, your award could consist of two different kinds of damages. These are:
- Material damages for your financial losses
- Non-material damages for the mental anguish a breach caused you
To prove your financial losses, you could provide:
- Bank statements
- Credit statements
- Additional relevant documents showing you suffered a financial loss
Non-material damages are awarded for the psychological harm a breach caused you. To prove the impact that the breach has had on you, you may be invited to be examined by an independent specialist.
The specialist will provide a report detailing the psychological harm the breach caused you. The sort of psychiatric damages you could claim for includes:
Vidal-Hall v Google  was a landmark Court of Appeal case in which it was decided that claimants could be compensated for emotional harm caused by a breach even if no financial harm occurred. Before this, it was only possible to claim for psychiatric damage following a breach if that breach had also caused you to lose money.
When calculating compensation for emotional harm following a data breach, the awards should be calculated in the same way as in personal injury claims.
This means that data breach compensation awards for emotional harm can be calculated by referring to the Judicial College Guidelines (JCG). This publication contains a list of guideline compensation brackets for a number of different injuries of varying severities.
The table above provides a general idea of compensation payouts awarded for mental harm, based on figures from the JCG. We have not included material damage amounts in our table.
|Type of Harm||Severity||Notes on severity||Potential Compensation Awarded|
|PTSD - post-traumatic stress disorder||Very severe||The claimant experiences very serious symptoms associated with PTSD which negatively impacts their ability to lead a normal life or work. Relationships are affected too||£56,180 to £94,470
|PTSD - post-traumatic stress disorder||Moderately severe||The claimant experiences moderately severe symptoms associated with PTSD. The impact is less serious than above||£21,730 to £56,180|
|PTSD - post-traumatic stress disorder||Moderate||The claimant experiences moderate symptoms associated with Post-traumatic stress disorder. The claimant is expected to fully recover with the right therapy and treatment||£7,680 to £21,730|
|PTSD - post-traumatic stress disorder||Less severe||The claimant experiences less severe symptoms associated with PTSD. Claimant is expected to make a full recovery within two years||Up to £7,680|
|Psychiatric harm-psychological damage||Very severe||The claimant experiences severe psychological harm. The level of compensation awarded will factor in whether the claimant is able to continue to work, how their lives have been impacted, and whether their relationships are affected||£51,460 to £108,620|
|Psychiatric harm-psychological damage||Moderately severe||The claimant experiences moderately severe mental harm. The prognosis is more positive than above.||£17,900 to £51,460|
|Psychiatric harm-psychological damage||Moderate||The claimant experiences moderate symptoms with marked improvement and the prognosis will be good.||£5,500 to £17,900|
|Psychiatric harm-psychological damage||Less severe||The claimant experiences less severe symptoms and is expected to make a full recovery over time.||Up to £5,500|
Our team of lawyers have the legal expertise to act on your behalf. Moreover, our lawyers provide No Win No Fee terms to claimants who have grounds to sue.
A No Win No Fee agreement means that:
- You won’t pay any fees upfront
- In the event that your claim fails, you don’t pay your No Win No Fee solicitor anything
If your claim is successful, then a small, capped percentage of your compensation will be deducted from your compensation award to cover your solicitor’s fees. Because of this, you will always get the majority of the compensation you’re awarded.
If you would like to know more about No Win No Fee agreements and the benefits they can offer, why not speak to our team today?
If you have decided to pursue legal representation for your claim, there are many different options available to you to do so. You can go off a recommendation made by a friend or family member or seek out the services of a solicitor in your area.
Alternatively, you can speak to Legal Expert. We can connect you with our solicitors. It doesn’t matter where you are; we offer representation across the country. You can also see our review page for real-life accounts of how we’ve helped other claimants in the past.
You can reach out to one of our experienced advisers in several ways. You can:
- Fill out the claims form
- Chat with an adviser on our Live Chat
- Speak to one of our advisers by calling 0800 073 8804.
We provide an initial, free consultation that allows a member of our team to answer your questions. It also means we can thoroughly review your case before introducing you to one of our No Win No Fee lawyers. To find out what steps you could take if you were affected by a data breach get in touch today.
Links to external data breach advice
Internal links to more Legal Expert data breach guides
- Blackbaud data breach
- Optician data breach claims
- Cardiff Metropolitan University Data Breach
- Cardiff University Data Breach
- Carlisle City Council Data Breach
- Charnwood Borough Council Data Breach
- Chelmsford Council Data Breach
- Chelsea and Westminster Hospital NHS Trust Data Breach
- Chesterfield Council Data Breach
- City of Lincoln Council Data Breach
- Coventry City Council Data Breach
- Cranfield University Data Breach
- Crawley Borough Council Data Breach
- Barnsley Council Data Breach
- Calderdale Council Data Breach
- Eastleigh Borough Council Data Breach
- University Data Breach Compensation Claims
- Stafford Borough Council Data Breach
- Stevenage Council Data Breach
- Stockton-on-Tees Borough Council Data Breach
- Maidstone Council Data Breach
- Medway Council Data Breach
- Is Sharing An Email Address a Breach of GDPR?
How long will my claim take?
In some cases, a claim reaches a settlement in a few months. However, more complex claims where it’s not clear who was at fault for the breach can take several years.
Could I claim on behalf of another person?
Yes. A litigation friend can claim on behalf of a child or person lacking mental capacity who was harmed by an avoidable data breach.
Do I need to have suffered a financial loss?
Vidal-Hall v Google  means that you can now claim non-material damages even when you don’t incur financial losses.
How do I prove stress?
If you want to claim non-material damages for stress, an independent specialist could provide a detailed medical report. In addition to this, your medical records may also serve to support your claim.
Thank you for reading our guide looking at the steps you could take if a data breach at Hastings Borough Council were to occur.
Guide by Wood
Checked by Stocks