Data Breach By Exeter Council Compensation Claims Guide – How Much Compensation Can I Claim?
Advice On Claiming For Data Protection Breaches By Local Councils
In this guide, we consider what you could do following a potential data breach by Exeter Council. We will explain how a council data protection breach can happen. Moreover, we will explain what a valid claim looks like and how to claim compensation for a breach of your personal data privacy.
If a personal data breach has affected you mentally or financially, trust Legal Expert to help you claim compensation. We can connect you with an experienced data breach lawyer to handle your compensation claim.
And what’s more, our solicitors can handle your claim on a No Win No Fee basis, so you won’t have to pay a legal fee before work begins on your claim.
Select A Section
- A Guide To Claims For A Data Breach By Exeter Council
- Data Security Breach Statistics
- What Is A Data Breach By Exeter Council?
- Is Exeter Council Subject To GDPR Rules?
- How Your City Council Could Breach Data Privacy Rules
- Councils Breaching Rent Statement Data Protection
- Raising Concerns And ICO Complaints
- Steps To Take After A Breach Of Your Data Privacy
- Examples Of Damages Awarded For Breaches Of Data Protection
- Calculating Payouts For A Data Breach By Exeter Council
- No Win No Fee Claims For A Data Breach By Exeter City Council
- How To Find A Personal Data Breach Lawyer
- Contact An Expert
- Articles On Related Claims
- Data Protection Claim FAQs
Exeter City Council is the governing body for the city of Exeter in Devon. The council’s responsibilities include city planning, tourism and economic development. To operate, councils may collect personal data from employees and members of the public. Subsequently, councils should collect data that complies with the UK General Data Protection Regulation (GDPR).
What is the EU General Data Protection Regulation (GDPR)? The GDPR is EU law, which protects the data privacy and security of those in the EU. What’s more, the Data Protection Act 2018 enacts the GDPR into the laws of the UK. And the Data Protection Act 2018 works alongside the UK GDPR.
Councils could do the following when they collect personal data to comply with the UK GDPR:
- Firstly, it should safeguard the personal data it holds or collects.
- Secondly, it could have processes to protect the personal data it collects. For example, the council could train employees to handle data correctly. And it could have appropriate network security systems to protect the data.
Furthermore, if a personal data breach takes place, it could be due to the council’s data protection failings. If so, and the victim suffers financially or mentally because of the breach, they could seek compensation. Both parties can settle the data breach claim out of court.
How Long Do I Have To Make A Data Breach Claim?
There is a time limit in which to claim. This time limit is generally 6 years for data breach claims if the defendant is a private company. However, the victim of a data breach will only have 1 year if the defendant is a council or another public body. And note that timeframes can vary due to other factors, such as the nature of the claim. So, it’s imperative to begin your claim while you can do so before it’s too late. To see if you can begin your compensation claim, contact Legal Expert today. We could connect you with a skilled data breach solicitor.
The Cyber Security Breaches Survey 2021 gives us valuable insight into how prevalent data breaches are in businesses and organisations.
Here are some key findings from the survey:
- Four in ten businesses said that they had experienced a data breach in the 12 months before March 2021.
- What’s more, 65% of medium businesses and 64% of large businesses said they had experienced a data breach during this time.
- Similarly, 26% of charities said they had experienced a data breach in the months prior to March 2021.
- And in the same vein, 51% of high-income charities said they had experienced a data breach during this time.
These findings suggest that medium-to-large organisations experience a larger amount of data breaches.
Councils are responsible for protecting the personal data they process and collect. A data breach is when a security incident occurs, which compromises the protection of personal data. It can involve the unlawful loss, destruction, alteration, access or disclosure of personal information, whether accidental or deliberate.
Data breaches can violate the data subject’s privacy and personal security.
A data subject is someone whose personal information is collected and processed by a data controller. A data controller decides how and why they need to use personal information. Sometimes, data processors can work on processing data on behalf of the data controller.
A breach of data protection privacy can happen if the following occur:
- The council could make an error, which leads to data becoming lost or stolen.
- Or it could accidentally encrypt, alter or delete personal data.
- It could give unauthorised individuals unlawful access to personal data.
- Similarly, human error could lead to a data exposure incident.
Why do data breaches happen?
An information security incident at a council can happen if a council employee makes an error. For example, if a council worker uploads a file containing personal data to the council’s website, unauthorised members of the public could be able to access the file.
A personal data breach can also occur if the council is targeted by a cyberattack. Cybercriminals may use malware, a virus or hacking to access the council’s databases.
If the council’s failings lead to data breaches, it could mean that they’re liable for claims for financial loss or psychiatric damage that a breach causes.
Councils and local authorities that process the personal data of those in the UK are subject to the rules of the UK GDPR. There are 7 key principles of the UK GDPR. Let’s look at what councils should do to follow the key principles:
- Lawfulness, fairness and transparency. It can only collect data if the data subject has consented to them to do so. What’s more, the council should operate within the law when they collect, process and store personal data.
- Purpose limitation. The council should state their purpose for collecting data to the data subject. Consequently, the council cannot use the data for another purpose. (However, they can if there’s a lawful basis.)
- Data minimisation. The council should not collect personal data that it does not need.
- Accuracy. The personal data should be kept accurate and up to date.
- Storage limitation. Furthermore, the council should delete data that it no longer needs.
- Integrity and confidentiality (security). The council should have a security system in place to protect personal data.
- Accountability. When asked, the council should be able to show proof that they comply with the rules of the UK GDPR.
Here are some more examples of how councils can breach personal data privacy:
- A password data breach includes a password being exposed, lost or destroyed without a lawful basis. This could happen if the council is targeted in a cyberattack, but has poor cybersecurity.
- If files are shared which include personal information, a data protection breach can happen. For example, if a council employee uploads confidential files to an unsecured cloud system, unauthorised persons could access the files.
- A social services data breach can take place. For example, if a social services department discloses adoption records to unauthorised persons without a lawful basis, it would be a data breach. This breach of personal data could be disruptive to the child and their adoptive family.
- The council could send a letter to a public housing tenant but use the wrong address, even though they have been advised of the correct one. Therefore, the recipient could have access to the personal data contained within.
- The council could come under a cyberattack. Criminals may use malware, viruses or hacking to obtain unlawful access to the council’s database because of its poor security system. The criminals could use the data for fraud, identity theft or blackmail.
- Or a council email data breach could take place. This could happen if the council accidentally shares files that include personal information in a mass email to unauthorised persons without a lawful basis.
A public housing tenant is someone who rents social housing from their local council or a housing association. Councils should protect the personal information they have about tenants.
Unfortunately, a public housing tenant can have their personal data privacy breached. For example, a data breach over rent statements can happen if scans of tenancy audit documents containing personal data are shared with a third party.
Similarly, if a council sends tenancy documents containing personal data to the wrong postal address, despite having the correct address on file, an unauthorised recipient could access it. Therefore, the council may have shared personal information without consent or a lawful reason.
The following personal information could be involved if a rental homes data breach takes place:
- The date the person was born
- Telephone number
- Email address
- Information about protected characteristics, such as disability status, religion or race
- Tenancy information and scans of tenancy audit documents.
Contact Legal Expert if you have evidence of a valid tenancy document data breach claim. Our skilled lawyers can handle your claim and help you claim the compensation you deserve.
The Information Commissioner’s Office (ICO) is the public body that upholds the data protection rights of the public in the United Kingdom. The ICO enforces data protection laws, such as the UK General Data Protection Regulation and the Data Protection Act 2018.
If the ICO receives a report of a data breach, it can investigate the organisation. What’s more, the Information Commissioner’s Office has the authority to fine organisations that commit data breaches.
Should you report an Exeter City Council data breach to the Information Commissioner’s Office? If a council’s failings lead to a data breach, it should report the data breach to the ICO within 72 hours. That’s if the data breach is notifiable. If it’s not, they should just keep records of it.
Therefore, if you believe that a council has breached your personal data privacy, please raise your concerns to the council to see if they can solve the problem for you.
However, if you haven’t had satisfactory responses from the council, you could report the matter to the ICO. You should do so within 3 months of the council’s final significant correspondence. If you take longer, the ICO’s decisions could be impacted.
The ICo can’t help you seek compensation, but our solicitors could. Why not get in touch?
If you are the victim of a data breach, you could take certain steps. Firstly, you could get in touch with the council about your concerns. The council may be able to resolve the situation with you.
You may also wish to take legal action against the council over the data breach. You could do this if you’ve suffered financial loss or psychiatric damage due to a council’s data protection failings.
Legal Expert could connect you with a skilled data breach solicitor to manage your claim. Our solicitors have experience practising data breach law. So your claim will be in good hands.
To see if you can begin your data breach claim against a council, call our advisors today. Alternatively, contact us writing via our website.
Data breach compensation packages can include two different types of compensation:
- Material damages: These compensate the claimant for any money or assets lost because of the data breach. For example, if the victim of a data breach subsequently lost money because of fraud.
- Non-material damages: These compensate the claimant for any emotional distress that they suffered. Likewise, non-material damages can include compensation for any psychiatric injuries suffered by the claimant.
You can prove material damages through bank statements or credit scores, for example.
You could prove non-material damages by attending a medical assessment as part of the claims process. You’d meet with a medical professional who’d assess your condition. The purpose of this assessment is to:
- Prove that the data breach worsened or caused your condition.
- Judge the severity of the condition.
The professional produces a report after the assessment. If you use the services of a solicitor, they can use the report to aid them when valuing your injuries.
If you have been affected by a data breach caused by a council’s failings, you may be owed compensation. But it depends on whether you experienced financial loss and/or mental harm as a consequence.
The compensation table below estimates how much money you could receive in non-material damages. But please be aware that we have not included material damages compensation payouts in this table.
|Type Of Harm Caused||Category||Estimated Payout||About The Harm Suffered|
|Post-Traumatic Stress Disorder (PTSD)||Severe||£56,180 to £94,470||Claimants will have been left with permanent effects which prevent them from functioning at a pre-trauma level. All aspects of this persons life could be affected.|
|Post-Traumatic Stress Disorder (PTSD)||Moderately Severe||£21,730 to £56,180||This category is differentiated from the above by the claimant having a better prognosis for the future, provided that they have professional care.|
|Post-Traumatic Stress Disorder (PTSD)||Moderate||£7,680 to £21,730||The person should have largely made a recovery and any remaining symptoms are not grossly disabling.|
|Post-Traumatic Stress Disorder (PTSD)||Less Severe||Up to £7,680||A virtual full recovery should have been made in under 24 months. Beyond this only some minor symptoms could remain.|
|Psychiatric Damage (Generally)||Severe||£51,460 to £108,620||The person will have marked problems/issues with any of the following: maintaining relationships;
coping with work, life and education;
|Psychiatric Damage (Generally)||Moderately Severe||£17,900 to £51,460||The person still has marked issues with regards to the factors outlined above. They are expected to make a better recovery than those in the severe category.|
|Psychiatric Damage (Generally)||Moderate||£5,500 to £17,900||This person could already have made a marked improvement.|
The compensation amounts included in this table are based on compensation guidelines that the Judicial College has produced. Legal professionals use these guidelines to help them when valuing psychiatric injuries.
If you make a successful council data breach claim, the amount of money you receive may vary, depending on your personal circumstances.
We recommend calling our advisors today. A claims advisor could accurately estimate how much data breach compensation you could be owed.
If a breach of data protection led to your data being exposed, you could suffer mentally or financially. If this all occurred due to a council’s failings in protecting your personal data, you could claim compensation.
Our solicitors may be able to fund your claim as a No Win No Fee case. A No Win No Fee claim starts with you, the claimant, signing a Conditional Fee Agreement (CFA). (This is otherwise known as a No Win No Fee agreement.)
Your CFA will state that you do not have to pay a solicitor’s fee before work begins on your claim. You may find this option more affordable than paying for your solicitor’s work in advance.
Instead, your solicitor will charge you a success fee if you win your claim. In the instance that your solicitor does not win your claim, you will not have to pay a success fee.
Therefore, this lowers the financial risk of funding a solicitor. What’s more, if you do win, the success fee will be deducted from your compensation payout. And the majority of the compensation will go straight to you.
To learn more about making a No Win No Fee claim, read our No Win No Fee guide today.
There is no need to look locally to find a lawyer to handle your data breach claim. our solicitors can work on your case from anywhere in the country.
This means that you can find a lawyer based on their expertise, rather than their location.
To see how satisfied our previous clients have been with our solicitors, read our lawyer reviews now.
To begin your No Win No Fee data breach claim, you’ll need to be able to provide evidence. If you have a valid claim, why not get in contact with Legal Expert today? If we can see that you have solid grounds, we will appoint a data breach solicitor to start working on your claim.
- Call us today for your free legal consultation on 0800 073 8804
- Or please contact us in writing, via our website
- Alternatively, chat with a claims advisor. Simply use the Live Support widget on the bottom right-hand corner of your screen.
If you have found this Exeter City Council data breach guide helpful, you may want to read more on the subject. Feel free to read the data breach guides below.
A government guide to avoiding internet scams and phishing
Data protection rights, a guide from the Ministry of Defence
We will now answer some questions about your rights after a data breach.
How long do you have to make a data breach claim?
In the United Kingdom, the data breach claims time limit is six years. However, if your human rights were violated by the data breach, you will have one year in which to begin your claim.
How long do data breach claims take?
If your data breach claim is straightforward, the claim could only take a few months to settle. However, more complex claims can take longer. You can learn more about the data breach claims process here.
Who could make a data breach claim?
If an organisation or local authority has breached your personal data privacy through their own failings, you may be eligible to make a claim. You could claim compensation if the data breach caused you psychological injury or emotional distress. Or you could claim compensation if you lost money because of a data breach.
Am I eligible to seek compensation?
If an organisation breached your personal data privacy, you may be owed data breach compensation. To see if you are eligible to seek compensation, call Legal Expert today for your free legal consultation. If we can see that you are owed compensation, we could connect you with an expert data breach solicitor to handle your claim.
Thank you very much for reading our guide exploring what a data breach by Exeter Council could look like.
Written by Chelache
Edited by Victorine