Data Breach By Rochdale Council – Compensation Claims Guide
How To Claim For A Breach Of Data Protection By A Local Authority
Data breaches can affect people in various ways, causing harm to both your psychological well-being and your finances. So if you have been left wondering what steps you could take following a data breach by Rochdale Council, our guide could help.
Each type of data breach could have severe consequences for those involved. For instance, an organisation could unlawfully disclose your personal information. This could lead to ongoing identity fraud and have a permanent impact on your life.
Do you have evidence that proves an organisation was responsible for your data being breached because of their failings? If so and you’re now facing either the financial or psychological consequences, you may be able to claim.
Here at Legal Expert, our advisors are available to provide you with advice 24 hours a day. Furthermore, if they determine that your claim is valid, they can put you in touch with one of our No Win No Fee solicitors to help you get the compensation you deserve.
For more information, contact our team on 0800 073 8804. Alternatively, continue reading our guide that’s been created to provide you with the information you need to make a data breach claim.
Select A Section
- Our Guide To Claims For A Data Breach By Rochdale Council
- 2021 Trends In Cyber Security
- What Is A Data Breach By Rochdale Council?
- Who Has To Follow The GDPR?
- Types Of Breaches In Data Protection By Councils
- Council Breaches Of Tenants Data Privacy
- ICO Reports For Data Breaches Of The GDPR
- How Council Data Breach Claims Work
- What Compensation Could You Claim?
- Calculate Compensation For A Data Breach By Rochdale Council
- Can You Claim For A Data Breach By Rochdale Council On A No Win No Fee Basis?
- How To Choose The Right Solicitor
- Talk To A Data Protection Breach Solicitor
- Additional Resources
It can be difficult to know where to start with a data breach claim. However, our guide aims to inform you of the claims process.
Before we start, you should be aware of the time limits that are in place for making a claim. You have 1 year if the claim is against the council or 6 years if the claim is against a private company. Hence why you should begin your claim ASAP, because the time limit varies depending on who the defendant is and the circumstances of the breach.
Additionally, you will need evidence to support any claim for either financial or mental harm. This will help to prove the harm you suffered was caused by the breach of data. We will cover the different evidence you will need in further detail throughout this guide.
Furthermore, we will look at how compensation amounts may vary from case to case. It can depend on what you’re claiming and the severity of the harm you’ve suffered.
Although you don’t need a solicitor to make a claim, it may be beneficial to have one representing you. In this article, we’ll look at how you can access a solicitor whilst avoiding upfront costs and other costs that you may incur while your claim is ongoing.
Don’t forget that if you have any questions whilst reading this guide, you can call our team of advisors on the number above for more information at any point.
The 2021 Cyber Security Breaches Survey, recorded that 96% of businesses and 88% of charities have experienced some sort of digital exposure.
For instance, this could be an online bank account. In addition, network-connected devices such as alarms or televisions were a new form of exposure reported for the first time this year.
The graph below shows the different types of digital exposure recorded for businesses and charities. In addition, it highlights the percentage of businesses and charities that have this type of digital presence.
The survey revealed that 59% of businesses and 50% of charities have suffered at least three of the things listed in the graph.
Additionally, the figures show that holding an online bank account was the most common for businesses, whereas a social media page or account was the most common for charities. It highlights how the nature of an organisation’s digital exposure can vary.
The General Data Protection Regulation (GDPR), states that a data breach could involve an organisation altering, disclosing, losing or accessing without authorisation to do so. This can either happen intentionally or accidentally.
For instance, they issued London Borough of Barnet a civil monetary penalty of £70,000 after someone stole case papers containing personal data from a staff member’s house.
However, it’s important to note that ICO fines don’t relate to compensation claims. In order to claim compensation for a data breach, you will need to hold a valid claim.
For instance, the recent High Court judgment in Warren v DSG Retail Ltd  states that it needs to be proven that an organisation was responsible for doing something wrong that later led to or caused a data breach.
An example of this might be the council failing to ensure their network or computer security was up to date. This could make them more susceptible to hacks. If they later experienced a hack that led to people’s data being compromised, it demonstrates their failings led to a breach.
Additionally, another example might be the council failing to encrypt devices. If the devices are later stolen, it demonstrates that the failings of the council gave easier access to people’s data.
The GDPR is a piece of European legislation that any organisation handling data relating to EU citizens needs to follow. Even if they are operating from a country outside the EU.
Several principles lie at the heart of the GDPR. Organisations are expected to uphold each of these principles within their data protection policies. In addition to this, a lawful basis is needed for organisations to process your data.
The lawful bases mean that an organisation has a necessary purpose for processing your data. For instance:
- The person has given the organisation clear consent to process their data for a specific purpose
- The organisation and individual have a contract that means it’s necessary to process the individual’s data
- By law, the organisation has to process data
- There are vital interests that mean it is necessary for the person’s data to be processed e.g. to protect their life
- Processing is necessary so an organisation can perform a public task
- It’s necessary to process for the organisation’s legitimate interests
Unlike the principles in the GDPR, organisations need only at least one lawful basis to process your data.
For instance, when a council is processing your council tax details, they have a legal obligation to pass this to HMRC. This means they don’t need your consent.
However, whether a lawful basis applies will depend on whether it’s necessary to process. This means that the lawful basis will only apply if an organisation can’t achieve their purpose without processing data.
If you have any questions about how and why an organisation might be able to process your data, you can call our team.
Each council in the UK has a different set of services that they offer depending on whether they’re a county, borough or city council.
Rochdale Borough Council provides services such as:
- Helping you to find suitable housing
- Dealing with council tax, tax support and housing benefits
- Providing social services for children and childcare such as fostering and child protection
In order to operate these services, they will need specific types of personal information. They may hold data that could be used to easily identify you such as your name, a picture of you or your email address.
In addition, they may hold data that can’t be used to identify you directly. However, someone could trace it back to you by using other information. For instance, a passport number, registration number or phone number.
Failing to put provisions in place to protect this data could result in a breach of data protection. There are many ways this could happen within the council, such as:
- Sending details of a foster care case in an email to the wrong recipient
- Failing to dispose of documents containing sensitive data correctly e.g. throwing them in the bin without shredding them first or not wiping hard drives before disposing of them
- Misplacing files containing financial information
- Failing to update someone’s personal details such as making a note of any information that may make someone ineligible for foster caring
These are only a few examples but can cause long term consequences for all those involved.
When providing housing, council tax and benefits, the council may require personal information such as:
- Passport or another form of identification
- Bank account details
- Information on your monthly/annual income
- National insurance number
- Name, telephone number and email address
A data breach of these pieces of information could occur if the council:
- Left documents relating to someone’s council tax on the desk of someone who wasn’t authorised to see them
- Emailed someone details of their housing application and accidentally copying in someone who shouldn’t have been included
- Failed to update the passwords on housing service databases and an ex-employee accessed them for their own personal use
- Uploaded passport scans to a network server that didn’t have any cybersecurity
The most important thing to remember is that if you can prove the council did something wrong that caused or led to a data breach, then you may hold a valid claim if it led to you suffering damage to your mental health or finances.
However, for more information, get in touch with our team on the number above and they can assess your case in more detail.
Before making a claim following a Rochdale Borough Council data breach, you could report your concerns to the ICO.
The ICO is an independent body in the UK responsible for ensuring organisations are complying with the GDPR and the Data Protection Act 2018, amongst other things.
If the council is aware of a data breach, they should inform the ICO within 72 hours. In addition, they should inform you without unreasonable delay.
However, if you don’t hear from the council or they don’t give you an adequate response, you could contact the ICO. You should do this within three months of your last constructive communication with the council.
Furthermore, this should only be done if you have done everything you can to resolve the issue without the ICO’s involvement. Also, it’s important that you make the ICO aware in a timely manner as failing to do so could result in making any investigations more complex.
What can the ICO do to help?
The ICO has the power to issue an enforcement action to any organisation found guilty of breaching the GDPR. Penalties given could be in the form of a fine. However, the fines will depend on how serious the breach was.
For instance, more serious data breaches could result in an organisation receiving a higher maximum penalty. Whereas, less serious offences may result in them receiving the standard maximum penalty.
When raising your concerns to the ICO, they will not be able to award compensation. Instead, you will need to make a claim to seek compensation for any damage you’ve experienced.
However, if you do make a complaint, the correspondence could be used as evidence to prove that the organisation did something wrong.
If you want to seek data breach compensation, you will need to hold a valid claim. For instance, you will need to prove that the organisation’s failings caused a data breach that led to you suffering either financial or mental harm.
In order to prove this, you will need evidence. This could be in the form of direct written correspondence you’ve had with the council. In addition, if the ICO has decided to investigate your complaint, any reports detailing their findings could also be used as evidence.
So although you don’t need to contact the council or ICO before making a claim, it is recommended as doing so could help you obtain evidence to support your claim.
If you decide to contact the council, it’s important that you include all the information relating to your concerns from the start. This will allow the council to have a better understanding of the situation and take more informed action to resolve the issue.
Additionally, you should ensure you send it to the correct department or the organisation’s data protection officer so as to avoid delaying the council from taking any action.
However, if you have any problems, you can seek legal advice at any point. Contact our team on the number above for more information.
There are two types of harm you may have suffered following a data breach by Rochdale Council: financial and psychological.
Financial losses may be claimed under material damage. Compensation for data breach claims also takes into account that finances could continue to be impacted in the future.
For instance, compromised data could be sold onto third parties and used continuously in the future to commit fraud. For that reason, you could claim for any past or future losses incurred as a direct result of the breach.
In addition, you could claim for any mental harm under non-material damage. Mental harm could be anything from stress to a severe impact on your ability to cope with daily activities.
Other types of mental harm might include:
- Disruption to your sleep
- Difficulty maintaining relationships or friendships
- Emotional distress
What evidence will I need to claim compensation?
For any psychological harm, medical evidence in the form of an independent medical report may be required to help prove your current psychological state caused by the data breach.
Other medical evidence might include records from doctors appointments detailing any assessment, treatment or diagnosis you’ve received.
Additionally, for any financial losses, you will need to show evidence such as statements from your credit card company or your bank. A credit score report is another form of evidence that could be used to prove any monetary damage.
For more information on the evidence, you’ll need to support your claim, contact our team on the number above.
However, as a result of this case, you can now put forward a claim for either mental or financial harm; it doesn’t have to include both. With that in mind, any mental harm may be calculated with the help of a document called the Judicial College Guidelines.
The figures provided by this document give an estimate of what you may be able to claim for varying severities of psychological harm. The table below has been created using these figures.
Harm Severity Further comments Award
Psychiatric Damage Moderately severe There will be a significant impact on someone's relationships, life, work or education. £17,900 to £51,460
Psychiatric Damage Moderate Consideration will be given to the same factors as someone with moderately severe psychiatric damage but there will be an improvement on the symptoms £5,500 to £17,900
Psychiatric Damage Less severe The award given will depend on how long someone suffered an impact on different aspects of their life Up to £5,500
Post traumatic stress disorder Moderate There may be some impact on a person's sleep or mood but they will have recovered for the most part £7,680 to £21,730
Post traumatic stress disorder Less severe There may only be minor symptoms that continue to impact the person but they will have made a full recovery within a couple of years £3,710 to £7,680
However, it’s important to be aware that actual compensation settlements may differ as other factors, such as monetary damage, may also be considered.
If you require more information on how a claim may be valued, contact our team. They’ll be happy to provide further help and advice.
Are you unsure whether to seek legal representation due to the costs normally associated with it? Yet you still want to reap the benefits of having a solicitor representing you? If so, you could choose to enter into a No Win No Fee agreement meaning that if your solicitor fails to win your case you won’t be asked to pay solicitor fees.
If they do succeed and win your case, you’ll be asked to pay a small success fee, capped by law. However, you and your solicitor may agree on the fee before your claim moves forward.
The most important thing to be aware of with this type of agreement is that you can avoid upfront costs and any costs that you may incur while your claim is ongoing.
So, if seeking legal representation is an option you’d like to explore, get in touch with our team and they can advise on further details.
Deciding on a solicitor you can trust to keep you informed at each stage of your claim can be difficult.
However, it doesn’t need to be and here at Legal Expert, our advisors could connect you with one of our knowledgeable solicitors.
All of our solicitors are available to represent you on a No Win No Fee basis. In addition, they have experience handling claims similar to your own and can provide expert advice each step of the way.
If you’d like to learn more about the services we provide, you can see our review page. Alternatively, call us on the number above and you can speak to an advisor who can provide further details.
Additionally, they can assess whether you have a valid claim. If they feel your claim could succeed, they can connect you with a solicitor to get started with your claim.
We are aware that data breach claims may seem overwhelming so we hope our guide has helped provide you with the information you need. However, if you have any questions, our team is available 24/7 to provide you with free legal advice.
Although our advisors could connect you to a solicitor, you’re under no obligation to take this service if you’re not quite ready to start your claim.
Instead, they can offer advice on the next steps you may need to take and provide further clarification on anything you’re still unsure of.
So, why not get in touch using the following details and our advisors can assess your situation and help you move forward:
- Telephone — 0800 073 8804
- Arrange a call-back using the form on our home page
- Get instant legal advice using the live chat feature at the bottom of this page
For more information on data protection and how it applies to organisations in the UK, see the government website.
Visit the ICO website to find out more about the action they’ve taken.
See the government website for further details on how you can make a data breach complaint to an organisation.
Did a mortgage company fail to comply with the GDPR and breach your data? If so, our guide could help you understand what you could do next.
Did an unauthorised person access your medical records? If so, see our guide about claiming compensation.
Our guide on university data breaches could help if you’ve been affected by something similar.
We have provided answers to some frequently asked questions regarding data protection and the GDPR. However, if you require further details, please don’t hesitate to get in touch with our team on the number above.
Who has to follow the GDPR?
Any organisation handling EU citizens data should comply with the GDPR as per the Data Protection Act 2018.
What are data protection officers?
A data protection officer is someone who may oversee the implementation of procedures for data protection in an organisation.
What fines can be issued for GDPR breaches?
The ICO can issue fines that vary in amount. It may depend on how the breach has affected people.
Thank you for reading our guide on the steps you could take following a data breach by Rochdale Council. We hope you found it informative and useful.
Guide by Mitchell
Edited by Billing