Data Breach At Stevenage Borough Council Compensation Claims Guide – How Much Compensation Can I Claim?

Local authorities need to keep some personal information about us on file. The law protects your right for this information to be kept secure. If a local authority fails in its responsibility to protect the privacy of your personal data, and it causes you psychological or financial damage, you may be eligible for compensation. In this article, we discuss what you could do after a potential data breach at Stevenage Borough Council and explain how a No Win No Fee service could help you make a claim.

data breach at Stevenage council

Firstly, it’s important to note that in order to make a successful case, you should have actual evidence that there was positive wrongful conduct on the part of the council that caused the data breach. Additionally, your personal data must’ve been affected and you suffered financial or emotional damage.

We explain this in more detail in this guide, but if you feel that a local authority did or did not do something that directly led to exposing your personal information, get in touch for advice. You can:

Select A Section

  1. A Guide On Claims For A Data Breach At Stevenage Borough Council
  2. The Latest Data Security Statistics
  3. What Is A Data Breach At Stevenage Borough Council And Could You Claim?
  4. GDPR In Local Government
  5. Common Forms Of A Data Protection Breach
  6. Breach Of Data Protection By Social Services Or Housing Departments
  7. How Do You Report A Data Breach To The ICO?
  8. Can I Sue For A Data Protection Breach And What Is The Process?
  9. Estimating Quantum Of Damages In Data Breach Claims
  10. Calculating The Cost of A Data Breach At Stevenage Borough Council
  11. No Win No Fee Breach Of Data Protection Claims
  12. Find Out More About Data Breach Solicitors
  13. Get In Touch With Us About Claims For A Data Breach At Stevenage Borough Council
  14. Similar Resources
  15. Data Breach And Data Security FAQs

A Guide On Claims For A Data Breach At Stevenage Borough Council

A council data breach can have far-reaching and devastating consequences for the people it affects. If not secured properly, personal data can be vulnerable to online criminals and cyber thieves who hack into the databases of companies and organisations with the intention of stealing personal information.

If your personal data is exposed in a data breach, it could cause you financial loss or psychological harm.

Laws were introduced in 2018 to combat these risks and to require those who hold or use our personal data to do so with much more care. The General Data Protection Regulation sought to address the issue of protecting digital personal data and the handling of paper documentation that contains personal information.

In this guide, we explain under what circumstances you could make a claim following a personal data breach. We look at the two types of compensation you could claim and discuss No Win No Fee.

If you need to get free legal advice, why not get in touch? Our advisors are available 24/7. Plus, you’ll be under no obligation to proceed with the services of our solicitors.

The Latest Data Security Statistics

Local authorities can suffer cyberattacks and be at risk of hacking. Criminals know that councils retain a good deal of personal information (sometimes including bank account details). therefore it’s essential that local authorities have cybersecurity in place to make hacking as difficult as possible. The graph below shows what charities and companies are doing to address these data breach issues after a cybersecurity incident occurs:

How Can A Data Breach At Stevenage Borough Council Affect People?

A personal data breach can be a serious problem and as the victim of it, you can suffer chronic financial and emotional harm. Claiming could help you recover the money you lost because of the breach as well as compensate you for resulting mental suffering. At Legal Expert, we explain and simplify the whole process for you. Get in touch today to see how we can help.

What Is A Data Breach At Stevenage Borough Council And Could You Claim?

Personal data is defined as any information that could be used to positively identify us. Local authorities often need to collect and process more than our name and address to provide the services needed. The least we can expect is that they are taking appropriate measures to keep it safe.

A data breach could be the destruction, alteration, loss or unauthorised disclosure or access of personal data and tends to happen accidentally or deliberately, both of which can be preventable.

The Information Commissioners Office (ICO)

An independent authority called the Information Commissioner’s Office (ICO) monitors and investigates companies who fail in their responsibility to protect personal data. Additionally, the ICO has the power to issue fines to those who disregard data security procedures.

Their website offers a wealth of information about current investigations and prosecutions. The ICO seeks to help organisations improve data protection and avoid the damage a serious data breach can cause.

After the introduction of the UK GDPR, a more stringent approach needed to be taken by organisations regarding the secure use and storage of our personal information. This includes detailed staff training, robust IT software defence and adherence to the seven principles of data protection. Briefly, they are:

  1. The fair, transparent and legal collection and processing of data
  2. The amount of data collected should be limited to the purposes of collecting it
  3. Using personal data only for the reasons it was collected unless there’s a lawful basis where you have to share it without consent
  4. Storing data only for as long as is necessary and disposing of it correctly
  5. That there is accountability for proper data handling
  6. Stored data is accurate and up to date
  7. The integrity and confidentiality (security) of data is upheld

Data Breach At Stevenage Borough Council – Who Uses Our Data?

There are two main groups who use our data:

  • Data controllers determine why and how they’ll process and collect personal data.
  • Data processors process data on the instruction of the data controller.

If you can demonstrate (with evidence) that there was mishandling of your data that caused you to suffer financial loss or psychological harm, our team can discuss your options for recourse.


Consent is a key part of data use. Each time we visit a website, for example, we are prompted to choose how we would like our personal information to be used. It’s important to read these notifications as they give the consumer valuable control over exactly what details are divulged and handed over.

There are exemptions to consent and occasions where it is not necessary for the local authority to ask for it. You can speak to our team if you were the victim of a personal data breach and suffered, but are unsure about whether you consented to personal data use or if you feel that consent has been abused or exploited.

GDPR In Local Government

The UK GDPR applies to every council, company, charity or organisation in the UK that collects or processes personal data. With this in mind, an avoidable UK GDPR data breach could easily be the result of staff error or an external hack from online criminals and the council could still be liable.

However, the council would only be liable if there was positive wrongful conduct. For example, if it didn’t train staff in data protection or didn’t provide cybersecurity and that led to a data breach, they could be at fault.

The ICO has the power to investigate and hold any local authority to account if it is proved they were remiss in their handling of personal information.

What data is kept about us by local government?

Given the broad spectrum of tasks that a local government undertakes on behalf of tenants and service users, there is an enormous amount of information needed to be gathered and retained. Consider for a moment some of the details they might need to keep about you in the course of normal activity:

  • Your name and address
  • Email address and mobile number
  • Rent and tenancy details
  • Bank account details
  • Immigration and marital status
  • Planning applications
  • Social services details
  • Details about your children or dependents
  • Neighbour dispute details
  • Adoption details

Personal data protection needs to be thorough and robust to keep details such as these safe. Personal data breaches can result in stolen money or prolonged and severe psychological harm. With the correct evidence such as a psychiatric medical evaluation to substantiate it, you might be owed compensation.

Please contact our team for guidance if you have valid proof that a data breach at Stevenage Borough Council resulted in you suffering financial or emotional harm.

Common Forms Of A Data Protection Breach

Given the penalties that local authorities can receive if their failings cause a data breach, it’s important to understand why a breach might still occur. Causes of personal data breaches can include:

  • Conversations between staff involving personal details that unauthorised parties can hear.
  • Loss of laptops and smartphones that contain personal information and aren’t secured
  • Unsecured filing cabinets or documents containing personal information left accessible to unauthorised persons
  • Incorrect disposal of personal data (for example, put in normal waste where it’s easily accessible)
  • Ex-employees who are still able to access personal data although they aren’t authorised to and don’t have a lawful basis to
  • Weak or incomplete cyber defence systems
  • Inclusion of personal information in social media posts without permission or a lawful reason
  • Poor or non-existent cyber security procedures
  • Discussions with extended families involving personal information they’re not authorised to know, nor do they have a lawful basis to know
  • Children’s personal information is accidentally exposed to those who are unauthorised to access it and don’t have a lawful basis to access it
  • Emails sent (with attachments containing personal information) to unauthorised recipients who access the information despite not having a lawful reason to
  • Failure to properly encrypt personal information where it should be encrypted for data protection purposes
  • Photocopied or scanned passport details that are left in an unsecured location

Other Identifiable Data

There are other personal details that could positively identify a person that are more sensitive than others. It’s known as special category data and includes:

  • Sexuality
  • Philosophical or religious beliefs
  • Trade union memberships
  • Racial or ethnic origin
  • Genetic or biometric data
  • Mental or physical health details
  • Political opinions
  • Data about a person’s sex life

Subject access requests and other safeguards are in place to ensure your data is only ever passed on in a clear and legal way.

Positive Wrongful Conduct

If you commence a claim for a data breach, there is a requirement to prove that the local authority’s positive wrongful conduct allowed or created a personal data breach. You could commence a claim for damages if you can prove that the council did or did not actively do something to ensure the integrity of your personal information.

Breach Of Data Protection By Social Services Or Housing Departments

A data breach that involves children can be distressing. The social services function of a council is responsible for the secure retention of highly sensitive details regarding children’s services. This group could be uniquely vulnerable to online predators or those who mean them harm.

Council housing is where the council acts as a landlord for those who live in their properties. In order for the council to provide you with an appropriate service, you will likely need to share personal information with the council as a tenant. This information could include:

  • Passport data
  • Name and address
  • Banking information

Data is much more than simple details about who we are. The UK GDPR recognises the seriousness of a breach in data privacy and offers protection for consumers, tenants and service users.

This guide on what could happen after a potential data breach at Stevenage Borough Council aims to give information to help you. However, if there’s anything else you need answers to, why not contact us?

How Do You Report A Data Breach To The ICO?

Under certain circumstances, companies have a duty to report a data breach to the ICO within 72 hours and to inform the data subjects involved as soon as is practicable possible. (Data subjects are those whose personal data is processed or collected).

However, they only need to do this if the data breach risks the rights and freedoms of the people whose data is involved. If it doesn’t, the company can keep their own records of it and don’t have to notify the ICO or data subjects.

It may be the case that the local authority is unaware of the breach. You may notice the negative impact before they do.

The ICO offers a template for a complaint letter that you can use to raise a concern with an organisation. If you fail to receive a satisfactory response from the local authority, then in a period of no longer than three months since the last meaningful response from the authority, you can contact the ICO. Waiting longer than three months can affect how the ICO deals with your complaint.

It’s important to note that the ICO does not pay you compensation. You do not even have to involve them in your claim, but it might lend your case more weight to do so. In addition, the local authority may acknowledge the breach and offer you compensation directly for their error if they admit responsibility. It’s important to note that if you accept this offer, you cannot continue with a claim against that council. Our advisors can offer guidance on the best course to follow.

Can I Sue For A Data Protection Breach And What Is The Process?

What are the signs of a personal data breach? A noticeable increase in nuisance cold calls or spam email, sudden funds missing from your account can be indications. However the data breach has come to your attention, there is help.

If you have evidence of a valid claim, there is a process that you could follow:

  • Raise a complaint with the organisation or local authority.
  • If you don’t get a satisfactory response, wait for no longer than three months to contact the ICO. After this, the ICO may decline to become involved.
  • Complain directly to the ICO.
  • Collect evidence of financial damage: bills, statements and receipts that show a monetary loss as a result of your data breach, for example.
  • Reach out to legal professionals to see if you can claim. If you have a valid case, you could seek the help of a solicitor who could arrange a medical assessment. This would be a psychiatric assessment in order to prove you suffered mentally as a consequence of the data breach.
  • Allow the solicitor to settle your claim with the other party.

Estimating Quantum Of Damages In Data Breach Claims

Cybercrime can feel like being the victim of burglary or other invasive crimes. Certainly, the consequences can create the same sort of stress and aggravation. How can a claim for a data breach actually help you?

A No Win No Fee solicitor would approach the calculation of your claim from two different angles. The first is referred to as material damages and uses proof of monetary loss to calculate compensation. Any bills and receipts that you can provide which show how you had to pay money out to deal with the consequences of the data breach can be used.

With data breach cases, there can be long-lasting and prolonged expenses. Bank charges, late fees, credit damage and other incurred costs can continue to mount up months or even years after the initial fraud has been exposed. You can only make the data breach claim once, so it’s vital to include everything.

Non-Material Damages

Non-material damages take into account the impact on your mental health and the psychological toll that the data breach has taken on you. This could include:

  • Loss of sleep
  • Panic attacks
  • Nightmares and phobia responses
  • Depression
  • Stress

To prove that mental harm was caused or worsened by a data breach, you would attend a medical assessment as part of the claims process. An independent medical professional would assess your injuries and create a report. This report could be used to support your claim.

What’s more, a good No Win No Fee lawyer can use the evidence of these negative consequences and calculate an amount that is fair as compensation for you. Talk with us to see what you could be eligible for in your data breach claim.

Calculating The Cost of A Data Breach At Stevenage Borough Council

The Vidal-Hall and Others v Google Inc [2015] case broke the connection between needing to prove financial loss in order to justify also claiming for emotional harm in data breach cases. The Court held that you could claim for psychiatric damage if you hadn’t also suffered financial loss because of a data breach.

Plus, the compensation for the psychological harm could be valued as it is in personal injury claims.

To help them value your injuries, your solicitor (if you choose to use the services of one) can refer to a publication called the Judicial College Guidelines. This has recommended award bracket amounts for physical and mental injuries.

Usually used in personal injury cases, these figures offer a guide figure for compensation for pain, suffering and damage to the quality of your life. You can see some figures in the compensation table below.

Injury Severity Recommended compensation Notes
Post-Traumatic Stress Disorder (PTSD) Severe £56,180 to £94,470 Drastic impacts in every area of your life that seriously compromises your ability to function as before.
Post-Traumatic Stress Disorder (PTSD) Less severe Up to £7,680 A complete recovery is anticipated within 1 – 2 years with perhaps only some minor residual issues.
Psychiatric Damage Severe £51,460 to £108,620 The person has significant problems coping with daily life and the prognosis is poor.
Psychiatric Damage Moderately severe £17,900 to £51,460 The prognosis will be better than above.
Psychiatric Damage Less severe Up to £5,500 Sleep issues and day to day tasks may feel challenging but overall, a good prognosis for recovery is indicated.

It’s important to note that these amounts are discretionary. Every claim for compensation varies depending on individual circumstances, but these figures at least offer a guide. To get an accurate estimate of what you could claim, why not reach out to us?

No Win No Fee Breach Of Data Protection Claims

No Win No Fee may be a term you more closely associate with whiplash car accidents or trips and slips in the workplace. But you could make a data breach claim using the support of a solicitor on a No Win No Fee basis.

A lawyer working under a No Win No Fee agreement would not charge you their solicitor fees if the cases didn’t win. Plus, there are no upfront solicitor fees required or any solicitor fees as the case develops.

No Win No Fee lawyers take a small, lawfully capped percentage in cases that only have a positive outcome. It won’t cost you a penny in solicitor fees if the case fails.

You simply need to provide the solicitor with as much evidence you can that positive wrongful conduct on the part of the local authority led to you suffering direct harm. They can support you with this.

Find Out More About Data Breach Solicitors

Do you have evidence of a justifiable claim for a data breach at Stevenage Borough Council? If you have proof that staff at the local authority failed in their legal responsibility to handle your data properly, we could help.

Contact our team for a brief, no-obligation assessment of eligibility. We can discuss the many advantages of working with No Win No Fee data breach solicitors, who can work for you from anywhere in the country. You no longer have to be reliant on the local law firm in the high street near you.

Our advisors can offer support options and direct you to reviews that can transform the way you approach your claim. Let us connect you with No Win No Fee solicitors with expertise in this area today.

Get In Touch With Us About Claims For A Data Breach At Stevenage Borough Council

To summarise, thank you for reading this guide. We hope it has offered clarity on your data breach compensation claims options. A personal data breach can be a serious issue and can impact you in profound ways. For help with dealing with this, please get in touch with our team. For no-obligation advice on what you can do next:

Similar Resources

At Legal Expert, we offer advice and guidance on a whole cross-section of data breach issues. We can help. Click on any of the links below for more information:

Other Useful Compensation Guides

Data Breach And Data Security FAQs

What is the current time limit for data breach claims?

There is a 6-year time limit for making a data breach claim against a private company. However, it is 1 year if it involves a public body, a council being one example. Note that it isn’t always obvious what your timeframe may be as other factors could influence this. Therefore, we recommend getting in touch as soon as possible to be sure which time limit affects you.

How could a data breach affect you?

In addition to serious financial damage, you could suffer psychological harm.

Lastly, who could claim for a data breach at Stevenage Borough Council?

Anyone who can demonstrate with proof that the actions of a company with a legal responsibility to protect your data caused a data breach. You would also need to evidence that you suffered financial loss or mental harm as a result. A solicitor can help you with this.

Written by Waters

Edited by Victorine

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts