Data Breach At Stockton-on-Tees Borough Council Compensation Claims Guide – How Much Compensation Can I Claim?

This article considers what you could do after a potential personal data breach at Stockton-on-Tees Borough Council.

Councils that collect or process personal data have a legal responsibility to look after it. Did they fail with yours? Perhaps paperwork that contained your personal was lost or stolen due to their failings? Or did they neglect to install adequate cybersecurity defences which allowed an outside hack to occur?

As the data subject, your personal information may have found itself leaked onto the internet in a way that can result in financial and emotional turmoil. (A data subject is someone whose personal information is collected or processed by another party such as a council).

data breach at the Stockton-on-Tees Borough Council

It’s possible to claim compensation in cases of a data breach. In this guide, we explain data protection laws and offer guidance on how you could assemble the correct evidence to support a claim.

Do you have bills or receipts for out-of-pocket expenses created by the data breach? Have you suffered psychological anguish or stress to the degree where it has made you ill? Your medical records and costs could be owed back to you if you can prove the failings of the council caused the data breach. Start now by:

Select A Section

  1. A Guide On Claiming For A Data Breach At Stockton-on-Tees Borough Council
  2. UK Government Data Breach Statistics
  3. What Is A Data Breach At Stockton-on-Tees Borough Council?
  4. Causes Of A Council Data Breach
  5. Data Protection And Social Services
  6. What Is The Procedure For Reporting Data Breaches At The ICO?
  7. How To Sue The Council After Suffering A Breach Of Data Protection
  8. Assessment Of Compensation And Damages Claimable
  9. GDPR Data Breach At Stockton-on-Tees Borough Council Compensation Calculator
  10. No Win No Fee Claims Against The Council
  11. Do I Need Good Solicitors Near Me To Claim For A Data Breach At Stockton-on-Tees Borough Council?
  12. Get Claims Advice From Legal Expert
  13. Find Similar Guides
  14. Customer FAQs

A Guide On Claiming For A Data Breach At Stockton-on-Tees Borough Council

Before we delve into this guide, it’s important to note two terms used in data protection:

  1. Data controllers decide how and why your personal information will be collected or processed. They can be organisations or local authorities, for example. 
  2. Data processors are organisations or agencies, for, example, that process your data on the data controllers behalf. They only act on the data controller’s instructions.

Data protection laws apply to both of the above.

This guide aims to provide you with the information needed to make a claim for data breach compensation. We start by explaining what personal data is and the ways in which it could be misused or mishandled by a local authority in possession of it.

The UK General Data Protection Regulation (GDPR) addresses the issues of personal data security on and offline. Data protection law seeks to give greater protection to data subjects.

We look at the common causes of data breaches and how human error and outside criminal hacking attempts can make our data vulnerable. Online gangs trade in personal information and as a victim of such a data breach, you may suffer anything from an increase in nuisance phone calls to identity theft. With proof that the council positively did or did not handle your data security properly, you could be owed compensation back for this.

In the guide, we also explain how a lawyer could help you to build a case. No Win No Fee agreements might enable you to access legal representation with no upfront solicitor costs. A solicitor can use your evidence to calculate a suitable settlement figure that the council may have to refund you. You may be ready to start a data breach claim right now, in which case our friendly advisors are on-hand to help.

UK Government Data Breach Statistics

The EU GDPR was enacted into UK law via the Data Protection Act 2018. The Data Protection Act sits alongside the UK GDPR as data protection law.

Data protection law aims to give much greater control over the way personal data is used by data controllers such as organisations, businesses and the Government. Enforced by an agency called the Information Commissioner’s Office (ICO), any data that relates to an identifiable individual should be treated with a much higher degree of security and scrutiny.

Opportunistic and criminal abuses of privacy online were leading to serious consequences for the data subjects concerned and these amended laws go a long way to restoring confidentiality and privacy rights to the general public. The chart below gives an idea of the extent of the problem. It shows the percentage of charities and businesses that were impacted in any of the following ways, among those that have identified breaches or attacks in the 12 months prior to the survey.

Data breaches

What Are Potential Data Breach At Stockton-on-Tees Borough Council Consequences?

A data breach can ruin your finances and your mental health. The impact of online theft or fraud can drag on for months or even years, leaving you suffering the consequences. If you can demonstrate how a local authority allowed a breach to occur, you could make a compensation claim and see all these out-of-pocket costs recovered.

What Is A Data Breach At Stockton-on-Tees Borough Council?

It’s important to note what a personal data breach at a council might involve. The ICO defines personal data as any information that can be used to identify an individual. In addition, it defines a personal data breach as any security incident leading to the:

  • Loss of personal data
  • Alteration of personal data
  • Destruction of personal data
  • Unauthorised access of personal data
  • Unauthorised disclosure of personal data

Local authorities need to collect and retain an enormous amount of personal information. This can go well beyond the simple details of name, address and contact information.

For example, local authorities request bank details to collect rent. They have social service departments that retain sensitive information about minors or vulnerable people. Their staff may be required to provide background checks in order to work there. All of this data should be gathered, stored and circulated under the strict understanding of data protection law.

Data Breach At Stockton-on-Tees Borough Council Compensation Claims Guide: UK GDPR And The ICO

The ICO has defined 7 principles for correct data usage under the UK GDPR. Failure to apply these principles may mean a data breach could occur and in extreme cases, the company involved could be investigated by the ICO and penalised. Serious breaches can incur multi-million-pound fines. Therefore, companies and local authorities should:

  1. Collect data in a fair, transparent and legal way
  2. Apply a purpose for collecting the data and be clear with data subjects about it
  3. Collect and process the minimal amount of data to fulfil the purposes
  4. Retain data only for the required amounts of time (and dispose of properly)
  5. Have accountability for proper data handling
  6. Keep personal data accurate and up to date
  7. Ensure the integrity and confidentiality (security) of the personal data

Avoiding a potential data breach risk can be greatly reduced if these basic principles are adhered to.

If you decide to make a claim for compensation against a local authority, it’s important that you have evidence to prove that ‘positive wrongful conduct’ on the part of the council caused the breach that harmed you. This means you must be able to demonstrate how an act or omission on their part permitted the breach.

You’d also need to prove you suffered financial loss or psychological harm because of the personal data breach.

You can start a case like this independently and the ICO offer a document to help you raise a concern with an organisation to get that process started. However, the aid of a data breach solicitor could be beneficial.

Causes Of A Council Data Breach

A data breach could be the consequence of either accident or deliberate actions. For example, it could be caused by staff error or an outside hack from cybercriminals. These risks can be an inevitable part of daily business, but all local authorities should be doing all they can to help prevent them.

Staff training, a good working understanding of the UK GDPR and robust IT defences are all ways to keep data safe. Problems can still occur and some common examples are as follows:

  • An employee can leave computer screens holding personal information open or visible in areas accessible to unauthorised persons
  • Filing cabinets can be used to hold paper documents containing personal information. However, they should be secured so that people without a lawful basis to access the data aren’t able to do so.
  • Conversations between staff or the public could reveal personal information
  • In-house software security can be insufficient or unrenewed
  • Emails are sent to recipients who shouldn’t receive the personal information that is unredacted
  • Ex-employees still have access to personal information and access it without a lawful reason
  • Scans of tenancy documents containing personal information are left exposed because they weren’t destroyed appropriately


Consent is a key part of data collection and processing. Requests for it must be clear, but they do not have to be repeated.

There are also exemptions from UK GDPR such as criminal or national security investigations. If you require clarity on consent and how you think it might have been mishandled causing a data breach and your suffering, speak to our advisors.

Data Protection And Social Services

The social services departments of all local authorities need to retain details of a highly sensitive nature. Adoption records, criminal proceedings for child abuse cases, minors at risk and the personal circumstances of vulnerable individuals are all kept on file. Exposure of this data could cause truly disastrous consequences for the data subjects involved. As a victim, you may need money to attend to any of the following resultant issues:

  • Moving that child to a safer place
  • Changing schools or providing emergency childcare arrangements
  • Finding new doctors or therapeutic venues
  • Moving address

These sudden and radical adjustments required can be expensive. Data breaches can effectively violate your privacy and safety in the same way that a physical robbery might. In areas of custodial battles or protecting vulnerable people from the attentions of predators, you may need to take these measures quickly.

If you make a compensation claim, and you can prove your financial losses were a consequence of the data breach that was caused by a council’s failings, you could recover these costs.

This guide on what to do after a potential data breach at Stockton-on-Tees Borough Council aims to help you. However, why not reach out if you need anything more?

What Is The Procedure For Reporting Data Breaches At The ICO?

When a serious data breach occurs, the local authority or company concerned has a legal obligation to inform the ICO within 72 hours and to tell the data subjects implicated as soon as is reasonably possible. However, they don’t need to do this if the personal data breach doesn’t risk the rights and freedoms of data subjects. They would just need to keep their own records.

It may be that you are aware of the data breach before they are. Missing funds from your bank account or other forms of strange activity may alert you that something is wrong. You can contact the ICO about the breach, but it’s also important to note that:

  • There is a time limit of 6 years to start a data breach claim against a privately-owned company, or 1 year if it involves a council or another public body. Note that you need to check what your timeframe is to avoid missing out by waiting too long. We’re here to help you to claim as soon as you wish.
  • Firstly, you should complain about the breach to the data controller/data processor involved.
  • If you get an unsatisfactory response, you should send your complaint to the ICO no longer than 3 months after their last meaningful correspondence. After this, the ICO may not consider your complaint as serious.
  • You do not have to contact the ICO at all, but it could strengthen your case to do so.
  • They may decline to investigate your case.
  • The ICO does not pay compensation to you. In order to claim compensation at this point, you may need to claim against the local authority.

This last point is key. In order to seek compensation for your pain, suffering and financial damages you need to assemble the appropriate evidence. A No Win No Fee lawyer can help you do this or you can do so independently. We explain the benefits of using legal representation in greater detail below.

How To Sue The Council After Suffering A Breach Of Data Protection

If you wish to make a compensation claim, you must be able to demonstrate that the local authority directly resulted in causing or allowing a data breach in which your personal information was affected. You’d also need to prove that you suffered mental harm or financial loss because of the data breach.

The local authority may notify you of the data breach if they’re required to. However, they might not. They might not agree that your mental suffering or financial loss was their fault. With this in mind, it’s crucial that you have all the evidence that can prove both financial and psychological harm. If necessary, you can use a subject access request to collect certain evidence.

After you have complained directly to the local authority, you should receive a response. If they fail to give a satisfactory response, you could elevate the complaint to the ICO. You’d need to do so within 3 months of the authority’s final meaningful contact on the matter. If you wait longer than this, it can affect the ICO’s decisions on how to handle it.

The ICO can’t offer you compensation. Therefore, at this point, you might consider making a claim.

As discussed, you can start a case independently but it could help to use the services of a No Win No Fee data breach specialist. Get in touch using the contact details at the top of the page to discuss the best option for you.

Assessment Of Compensation And Damages Claimable

There are two types of damages you could seek in a personal data breach claim.

Material damages: This relates to all the provable financial costs that were the result of the data breach. This could involve the impact on your finances or credit score, for example. Anything that you can prove was a financial loss caused by the data breach can be included. For instance, you might use bills or bank statements to evidence these losses. Speak with our advisors if you incurred a cost and you’re not sure if it can be included.

Non-material damages: This is compensation for the health consequences of the data breach. Therefore your medical records or a psychiatric assessment can uphold claims of mental harm caused by the data breach.

A publication called the Judicial College Guidelines is what legal professionals use to help them value injuries. It offers suggested award bracket amounts for injuries. For example, it takes into account:

  • How everyday life is affected
  • How sleep is affected
  • The impact on social life
  • The impact on work

It’s possible to suffer from any of these because of the fear and uncertainty generated by a data breach that exposes your personal information. You can access your medical records for supporting evidence.

Additionally, as part of the claims process, you would attend a medical assessment. The purpose of this is to:

  1. Evidence that the data breach caused or exacerbated your mental health condition.
  2. Prove the severity of your condition.

An independent medical professional would create a report. If you use the services of a solicitor to claim, they could use the report to help them value your injuries.

Chat with our advisors to see what you could use as evidence for your claim.

GDPR Data Breach At Stockton-on-Tees Borough Council Compensation Calculator

A landmark case called Vidal-Hall and others v Google Inc [2015] changed the position of the law with regards to data breach cases.

In the past, it was necessary to prove financial harm in order to substantiate a claim for emotional harm. Now, after this landmark case, you can claim for the psychological harm that a data breach causes even if you don’t suffer financially because of it. 

Additionally, the Court of Appeal held that the mental harm data breaches cause can be valued as it would be in personal injury claims. For example, it’s possible to use the Judicial College Guidelines to estimate potential damages for psychological harm.

These guidelines are used by legal experts to value injuries. The compensation table below offers recommended figures from the Guidelines to illustrate.

Injury Recommended Award Severity
Psychiatric Damage £51,460 to £108,620 Severe
Psychiatric Damage £17,900 to £51,460 Moderately severe
Psychiatric Damage £5,500 to £17,900 Moderate
Psychiatric Damage Up to £5,500 Less severe
Post-Traumatic Stress Disorder £56,180 to £94,470 Severe
Post-Traumatic Stress Disorder £21,730 to £56,180 Moderately severe
Post-Traumatic Stress Disorder £7,680 to £21,730 Moderate
Post-Traumatic Stress Disorder Up to £7,680 Less severe

These award amounts are guide figures and not absolute. Projected compensation amounts are never guarantees and each case will vary depending on its circumstances. The key point here is that you can claim damages to your mental health without necessarily having had to suffer monetary loss as well. Or you can claim for both.

If you can’t see your injuries in the compensation table above, or you’d like a valuation tailored to you, why not call our advisors for a free, accurate estimate?

No Win No Fee Claims Against The Council

Anyone can start and manage their own claim for compensation. You do not need a lawyer to do this. But when you’re considering a case against a local authority for a data breach, it’s important to think carefully about the time demands and complexity of doing it alone.

Legal representation in the form of a No Win No Fee data breach specialist could help maximise the settlement amount you might receive. Their expertise and insights could help you with your claim.

What are the merits of a No Win No Fee agreement?

Claims under a No Win No Fee agreement don’t need to start with solicitor fees. As the case progresses, there are still no solicitor fees. This offers an immediate advantage to many people by freeing them from the perceived financial constraints of hiring a solicitor.

Furthermore, if your case is unsuccessful, there are no fees to pay the solicitors at all. A successful outcome requires you to pay a small percentage of the compensation at the end. However, this fee is capped by law for your benefit.

Speak to our advisors for more help on how a No Win No Fee agreement could help you.

Do I Need Good Solicitors Near Me To Claim For A Data Breach At Stockton-on-Tees Borough Council?

At Legal Expert, we can help refine your search for the right No Win No Fee lawyer. By helping to direct you to appropriate reviews and discussing your options with our advisors in person, we could connect you with data breach solicitors who can work for you wherever you are in the country. This means you’re not restricted to the services of local solicitors who might not be suited to your case.

Why not get in touch to see how we could help? Legal experts working remotely could handle your case better.

After a brief assessment of your eligibility in complete confidence, with absolutely no obligation to proceed, you could start a successful claim for a data breach today.

Get Claims Advice From Legal Expert

Thank you for reading this guide on your options regarding a potential data breach at Stockton-on-Tees Borough Council. We hope that we have clarified the best approach for you and are happy to answer any questions or queries you may have regarding this or any other type of data breach compensation claim.

Find Similar Guides

In conclusion, below are some links to further reading on the subject of a personal data breach. Please don’t hesitate to get in touch if we can help in any way to explain or clarify your position.

Other Useful Compensation Guides

Customer FAQs

Lastly, below are some common questions around this topic.

How long will my claim take and what can I do to protect myself?

There are no exact time frames to how long data breach compensation claims take because they can vary. More complicated claims that are disputed can take longer.

What happens if an employer breaches GDPR?

In the process of mishandling personal information, your employer may breach the UK GDPR and expose you to risk. With proof of positive wrongdoing and consequential financial loss or psychological damage, you could start a claim against them.

Who is responsible for enforcing GDPR?

The ICO enforces data protection law for all data controllers, such as companies, organisations and local authorities that collect or process personal data. Therefore, the ICO is able to enforce the UK GDPR.

What are the consequences of failing to notify a breach?

Data controllers or processors that fail to notify the ICO of a personal data breach that risks the rights and freedoms of data subjects could incur a penalty. This can be heavy.

Thank you for reading our guide on what could happen after a potential data breach at Stockton-on-Tees Borough Council.

Written by Waters

Edited by Victorine

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts