Data Breach By St Helens Borough Council – Compensation Claims Guide
Welcome to our guide on what you could do following a potential data breach by St Helens Borough Council.
Most councils successfully secure and protect personal data. However, this guide explains how to make a compensation claim if the breach was caused by the council’s failings and has caused you psychological or financial harm.
St Helens Borough Council Breached My Data Privacy, Can I Claim?
There are several ways in which you could suffer harm due to a council data protection breach, from becoming the victim of identity theft to suffering emotional damage. Within this guide, we explain what could cause a data breach, and how much compensation you could claim for such a breach. We also explain what data rights you have, and how the council should do all they can to protect your data from being breached.
If you would like to speak to us about making a claim for a council data breach or want to ask us any questions about your case, we’d be happy to help. We could assess your claim to see if you could be eligible for compensation.
We could also connect you with a solicitor from our panel to help you make a claim. You can call our team at any time on 0800 073 8804.
Select A Section
- A Guide On Claims For Data Breaches By St Helens Borough Council
- Cybersecurity Facts And Stats
- What Is A Data Breach By St Helens Borough Council?
- What GDPR Policy Should A Council Have In Place?
- How Data Leaks And Breaches Could Be Caused
- Data Breaches Of Tenants’ Private Information
- Should The Council Report That They Had A Data Breach?
- Can I Claim Compensation From The Council When My Data Is Breached?
- What Compensation Am I Eligible To Claim?
- How Much Compensation For A Data Breach By St Helens Borough Council Am I Owed?
- No Win No Fee Breach Of Data Protection Solicitors
- Check Your Eligibility To Claim For A Data Breach By St Helens Borough Council
- Get In Touch
- Other Data Protection Breach Claims
- Common Questions
Personal data breaches could cause financial harm to a victim, as well as affecting them emotionally. In this guide, we explain how victims of a council data breach could make a claim for compensation.
In the sections below, we explain how the council should protect the personal data it stores and processes. We also explore how a breach could occur. You will also find details of how much compensation could be appropriate for the psychological harm a data breach causes you and the legal precedent that could allow you to claim for this type of damage without having suffered financially too.
If you’re wondering how long you could have to make a data breach claim, the limitation period is 1 year if it’s against such public bodies as city councils. Meanwhile, if the claim is against a private company, this changes to 6 years. However, we would advise claimants to take action relatively swiftly in order to make evidence gathering easier. And this is partly because various factors affect the timeframe, so you may not have as long as you think.
To find out more, why not call our advisors? We could connect you with a solicitor that works on a No Win No Fee basis. Therefore, you would not have to pay any legal fees until such time as your compensation comes through.
The Cyber Security Breaches Survey 2021 reveals that 4 in 10 businesses (around 39%) and over a quarter of charities have suffered data security incidents (which could include attacks or cybersecurity breaches) in the 12 months preceding the survey.
When it comes to how common a data breach by a council could be, we could look at the ICO figures. According to the trends recorded by the ICO for Q1 2021/22 relating to local government (which could include a borough council) data breaches, there were 236 data security incidents recorded by the ICO between 01/04/2021 – 30/06/2021. These included data being posted to the incorrect recipient, ransomware and malware attacks and failures to redact. You can see a full picture of the causes below.
Councils could process large amounts of your personal information, whether you are a tenant, someone who is under the care of social services, or even if you work for them. As a data controller, they have a legal duty to protect such data.
(A data controller decides how and why personal data is collected and processed. A data subject is a person whose data is collected.)
However, data controllers don’t always sufficiently protect personal data. Sometimes things go wrong.
If you could prove that a council had done something wrong when it comes to the protection of your personal data, you could be eligible to claim compensation for the harm you suffer as a result. This could include both financial and emotional harm.
A data breach occurs when a lapse in security results in the unlawful or unauthorised loss, access, disclosure, destruction or alteration of personal information.
It is essential, however, to be able to evidence that there was wrongdoing on the part of the defendant. Perhaps they failed to update cybersecurity software to prevent an attack, for example. Or, they may have sent your data to someone else’s address in error due to poor staff training in data security. Perhaps they failed to remove an ex-employee’s access privileges and they gained access to your data.
The ICO sets out some information relating to when you could take your case to court and claim compensation for a data breach. However, the ICO cannot assess individual cases to see if you could claim. Plus, your case could be settled out of court.
Should you be at all unsure as to whether you could have a valid claim, we would be happy to assess your case for you. Not only could we answer any questions you might have, but we could also connect you with a No Win No Fee solicitor to help with your claim.
The GDPR is an important and far-reaching EU law that came into force in May 2018. The UK enshrined its application of the General Data Protection Regulation into the Data Protection Act 2018. It gives data controllers a legal duty to protect the personal data it collects, stores and processes.
To do this, a council may have in place a data protection policy that ensures data protection. GDPR has certain principles that a local council should put at the heart of its data protection policy, including:
- The council should maintain data transparency, lawfulness and fairness.
- They should only collect information for identifiable, specified explicit and legitimate reasons.
- Personal data should be limited to what is necessary for the identified purpose, relevant and adequate.
- The council should ensure data is accurate and up-to-date.
- They should only keep information for as long as necessary for the specified purpose.
- Personal data should be processed in a way that protects data privacy (security).
- Councils should have accountability when it comes to protecting personal information.
Should a data breach occur due to a lack of adherence to these principles, it could cause a data breach, which could cause you damage financially and emotionally. If this happens, GDPR allows a data subject to claim compensation for such damages. We would be happy to help you with this.
There are many different ways in which a data breach could occur. Some may include financial information, and some could contain information that is extremely sensitive.
Sensitive personal data includes:
- Genetic data
- Political opinions
- health-related data
- Biometric data
- Racial or ethnic origin
- Sexual orientation
- Religious beliefs
When councils process or hold personal data, they could fail to protect it properly. Some examples could include:
- A member of staff posting personal details to an unauthorised recipient at the wrong address, even though they have your new address on file.
- Social services information on you being given to the wider family when it shouldn’t be. (This could cause significant damage to familial relationships).
- An ex-member of staff being able to gain access to databases containing personal data for their own use.
- A failure to redact (remove) personal information when sending information to landowners who aren’t authorised to see it or don’t have a lawful basis to.
- The council disclosing your adoption records to another family member without authorisation. Or, disclosing them to yourself as a child in a way that is unauthorised or unlawful.
- Documents such as passport details or tenancy audit documents being left insecure in an area that’s accessible to unauthorised persons.
- A failure of the local authority to properly protect data on their systems from cyberattacks, such as hacking or a virus.
Whether the data protection breach involved the unlawful processing of personal data or there were other failings on the council’s part that caused it, we could help. If you’ve been affected financially or psychologically, please contact our team to see if you could have a claim for compensation.
A council could gather lots of personal information about tenants while they are applying for tenancy, or during the period in which they rent property from the council. This could include:
- Tenancy applications
- Rental agreements
- Audit documents for local authority housing tenants
- Passport data
- Rent statements
As personal data, it should be protected and made secure. Examples of how the data breach could occur include the below:
- A council sends your tenancy documents to the wrong address and an unauthorised recipient accesses it and the personal information it contains.
- Your rent statement is e-mailed to a third party unlawfully or without your authorisation.
This guide on what you could do following a potential data breach by St Helens Borough Council aims to give you the advice to help. However, if you have unanswered questions, get in touch.
If the data breach affects any rights or freedoms of data subjects, the council must report the data breach to the ICO. They must make a report to the ICO within 72 hours, explaining what records the breach involves, the likely impact and what remedial action they’re taking.
They should also inform affected data subjects. However, if the council data protection breach doesn’t risk rights or freedoms, they should keep records but do not have to inform the ICO.
If you suffer financial loss or mental harm due to a data breach caused by a council’s failings, you could be eligible for compensation. Initially, you should approach the organisation to try and resolve the issue.
You could contact the council’s data protection officers (or relevant party) with details of the breach and the harm you’ve suffered. If they do not respond to your satisfaction or don’t respond at all, you would be able to escalate the breach report to the ICO, who could investigate.
You’d have to do this within 3 months of the last meaningful response from the council about the matter. Taking longer could affect the ICO’s decisions.
You don’t have to report a data breach to the ICO to achieve a compensation payout, however. You could find a data breach lawyer to help you make a claim for data breach compensation. We could help you with this.
Claiming compensation for a data breach could include awards for both material and non-material harm.
This is the financial expense you’ve suffered due to a data breach. It could include the cost of financial theft, identity theft and fraud committed in your name.
This could include psychological harm caused by the data breach such as distress, anxiety and depression, as outlined in the next section.
If you’re not sure whether you could claim for the harm you’ve suffered due to a data breach or you’re wondering what expenses you could include in a data protection breach claim, we’d be happy to explain further over the phone.
As we have mentioned, you could receive compensation for the financial harm you suffer due to a data breach. This would involve proving that you suffered some kind of financial impact. This could mean you’d need to provide bank statements, bills and credit scores, for example.
When it comes to non-material harm, you would need to provide evidence too. During the case of Vidal-Hall and others v Google Inc , the Court of Appeal held that psychological/psychiatric compensation awards similar to those in personal injury claims could be considered.
They also held that you could claim for psychological harm caused by the data breach (such as stress, distress and anxiety) even if there was no financial loss.
How do you prove non-material harm after a data breach by St Helens Borough Council?
The evidence you’d need to prove such claims could include a medical report from an independent medical expert. You’d need to attend an appointment with them as part of your claim. The amount you could receive for injuries would depend on the severity of your condition demonstrated in the medical report.
A solicitor could use the report to value your claim. They could also use it to establish that the data breach worsened or caused your condition.
To give you some idea of the levels of compensation that could be appropriate for such injuries, we look to the Judicial College Guidelines. These guidelines are used by solicitors to help them value injuries.
The compensation table below shows some guideline compensation brackets for such injuries.
|Injury type||How Severe the Injury Is?||Compensation Bracket - Approx|
|General cases of psychiatric damage||Severe (a)||£51,460 to £108,620|
|PTSD||Less Severe (d)||Up to £7,680|
|General cases of psychiatric damage||Moderately Severe (b)||£17,900 to £51,460|
|PTSD||Moderate (c)||£7,680 to £21,730|
|General cases of psychiatric damage||Moderate (c)||£5,500 to £17,900|
|PTSD||Moderately Severe (b)||£21,720 to £56,180|
|General cases of psychiatric damage||Less severe (d)||Up to £5,500|
|PTSD||Severe (a)||£56,180 to £94,470|
|Reputational damage||Please call for further information||Please call for further information|
If you can’t see your injury in the table above or would like an accurate, free estimate, why not contact us?
We should note that it’s not necessary to use the services of a solicitor in order to make a claim. However, we believe it’s beneficial to use one.
One issue claimants may be worried about when claiming for a data breach is how to pay for legal assistance. They may worry about having to pay a retainer to begin their claim with their solicitor. However, if you choose to work with our lawyers on your claim, you wouldn’t need to pay even a penny in legal fees until your compensation comes through.
That’s because our solicitors offer their services on a No Win No Fee basis. This means you don’t pay any upfront solicitor fees nor any ongoing solicitor fees during the claim.
No Win No Fee agreements are otherwise known as Conditional Fee Agreements. Your lawyer would need you to sign this agreement, which promises to pay them a small, legally capped percentage of your payout. Once your compensation comes through, the lawyer would deduct the ‘success fee’ mentioned, and the rest would be for your benefit.
And, if the claim doesn’t win, you don’t have to pay the solicitor’s fees at all.
If you’d like to learn more about how to make a No Win No Fee claim, why not get in touch?
If you’re considering making a claim for a data breach caused by a council’s failings in data security, but aren’t quite sure whether you’re eligible, we could help. If you can prove the data breach caused you to suffer financial loss or psychological harm, why not reach out?
Our expert advisors have experience assisting claimants with data breach claims and would be glad to speak to you.
Our free, no-obligation case assessment could give you the answers you need about your eligibility. If we believe you could be eligible to claim, we could connect you with a data breach lawyer on a No Win No Fee basis.
If you’re now ready to start a claim because you have evidence of a justifiable claim, or you have further questions, please don’t hesitate to get in touch. We could answer any questions you might have about your eligibility to claim.
In addition, we could connect you with a solicitor under No Win No Fee terms who could help you start your claim. To get in touch, simply:
- Call 0800 073 8804 to talk to our expert advisors.
- E-mail email@example.com with your query.
- Use our handy Live Chat feature for quick answers.
- Complete the contact form and we’ll call you.
The Data Protection Act 2018 – Here, you can see the legislation that protects your personal data.
GDPR – You can see the EU GDPR here in full.
Local Government Data Protection Policy – To read the data protection policy adopted by local governments in the UK, simply click on this link.
Data Breach Claims – You can take a look at our general guide here.
GP Data Breach Compensation Claims – Find details of what action you could take for a GP data breach here.
Employer Personal Data Breach Claims – You can learn whether you could claim for a data breach against an employer here.
What Are My Main Rights Under The Data Protection Act?
Under the Data Protection Act 2018, which is the UK’s application of the General Data Protection Regulation, you have certain rights. Your personal data rights include the right of access, rights to erasure, your right to restrict data processing, and the right to object to the processing of your data.
You also have a right to have the council amend your data so that it is correct, certain rights when it comes to your data portability, the right to be informed about your data, the right to withdraw consent to the processing of personal data and even the right to complain about someone using your personal data.
Can I Ask The Council To Erase My Data?
One of your personal data rights is the right to erasure. What this means is that you could request that the council erase your data. They should do so in certain circumstances, including:
- If they no longer need your data for the reasons they collected or used it.
- You’d consented to them using your personal data but don’t want them to have it anymore.
- You object to them using your personal data and your interests outweigh the council’s.
- The council has used or collected your personal data unlawfully.
- The council is legally obliged to erase your data.
- They collected your personal data for an online service when you were a child.
- You’re objecting to the usage of your personal data for direct marketing.
Can I Make A Subject Access Request?
You could make a subject access request to any organisation that processes, collects or stores your personal data. You could do this verbally but it could be wiser to put it in writing. When making the request, you should be clear and provide up-to-date contact details for a response. It would also be wise to put the date on the request.
Where Do I Learn More About Data Protection?
If you would like to learn more about data protection, you could read any of our guides. Alternatively, you could check the ICO website for guidance on your data rights.
Thank you for reading our guide on what could happen after a data breach by St Helens Borough Council. We hope you now have all the answers you need. Call us if you want to know more about claiming compensation and have evidence of a valid claim. Our advisors give free legal advice and you’ll be under no obligation to proceed with our services.
Written by Jeffries
Edited by Victorine