Data Breaches At Sandwell Council – Compensation Claims Guide
Welcome to our guide, looking at what steps you could take should data breaches at Sandwell Council potentially occur and how a local authority data breach could impact the people affected. We aim to help you understand what could justify a data breach claim and how to go about beginning one. We cover the laws related to data security and privacy in the UK and how they apply to your local authority.
Claims Following A Metropolitan Borough Council Data Breach
In this guide, we will look at the role played by the General Data Protection Regulation (GDPR), which was enacted into UK law with the Data Protection Act 2018. Now that the UK has left the EU, we refer to the UK GDPR.
We have made our team of claims experts available 24 hours a day, 7 days a week on 0800 073 8804. Give them a call to get the answers that you need and also to learn about how we can organise a solicitor to process a claim for you.
Select A Section:
- A Guide On Claims For Data Breaches At Sandwell Council
- What Could Be Data Breaches At Sandwell Council?
- Does The GDPR Impact Local Government?
- What Is The Most Common Cause Of Data Breaches?
- Landlord And Tenant Data Protection Issues
- How Do You Report A Data Breach, And Who Do You Report It To?
- Explaining How The Claims Process Works
- How Are Data Breach Claims Valued?
- What Kind Of Compensation Could I Get For Data Breaches At Sandwell Council?
- What Does No Win No Fee Actually Mean For Claimants?
- Choose The Right Data Protection Solicitor For Your Case
- How Do I Get In Touch With Your Team?
- Related Articles List
- Examples Of FAQs
There are a number of reasons that a council or local authority might have for collecting your personal data. For example, if you’re under the care of social services or are a tenant of council housing, the local authority may need to store your information to provide you with these services.
“Data breach” is a term used to describe a security issue that leads to the unauthorised or unlawful loss, destruction, alteration, disclosure of or access to your personal data. A data breach can occur by accident, for example, if an employee leaves open a filing cabinet containing files that hold personal information so that it could be accessed by unauthorised personnel. It could also be the result of a malicious attack such as a cyberattack.
In order to make a claim following a data breach, you need to show that the data controller – those who process personal data failed to secure your personal information which leads to the leak. You may have not only suffered financially but also emotionally too. If the council did all they could to prevent a breach from happening, but one occurred anyway, you will not be able to claim.
This guide will look at what can form the basis of a valid data breach claim. We will also examine the damages that could be available to you in a successful compensation claim. We’ll also examine the evidence that you can provide to support your claim.
If you want to know anything more about the steps you could take if you were affected by a council data breach, speak to our team today. Otherwise, read on for more information.
Claiming Within The Time Limit
Something to keep in mind is that there is a strict time limit to starting a claim for harm caused by a data breach. You have:
- Up to 6 years to claim if the case involves a private company;
- Up to 1 year to claim if the case involves a public body e.g. a city council.
There are some external factors that might have an effect on the time limit that applies to your claim. And so we strongly advise that you get in touch at the earliest opportunity to avoid losing out on compensation. You can contact our claim advisors to learn just which time limit you have to start your claim within.
We have created this chart below using data that was provided by the Information Commissioner’s Office (ICO). The ICO is the Governing body responsible for enforcing all laws related to data security and privacy in the UK. In the case of this graph, we used data that is provided by the ICO to find out the most common causes of data breaches in local Government during the Q1 2020/21 period.
This graph shows that the highest number of data breaches resulted from non-cyber incidents that were not otherwise included in the graph.
As we have already mentioned, a data breach occurs when your personal data is lost, destroyed, altered, disclosed or accessed in an unlawful or unauthorised manner. Personal data is any information that could be used to identify you, either alone or when combined with other data.
The person to who the data relates is called the “data subject”. The organisation that controls how the data is processed is known as the “data controller”. In some instances, a “data processor” could be tasked with processing data on behalf of the data controller.
A data breach could cause you harm, emotionally and financially. For instance, a credit card breach could result in someone else taking out loans in your name. This could affect your credit score. Alternatively, the HR department in your workplace may accidentally send out details of your performance review, which could cause you anxiety or depression.
If a Sandwell Council data breach ever occurred would you know what steps you could take? This guide shall look at what your rights could be if a data breach occurs through the failure of a data controller in protecting your data.
UK-GDPR applies to every organisation or company in the UK that stores or processes personal and sensitive data related to the public. Therefore it is vital that all data controllers put in place procedures and policies for protecting a data subject’s personal data.
This means that councils must abide by the seven key principles that should inform how organisations process data. In addition to this, they must have a lawful basis for processing your data.
The six lawful bases for processing data are:
- Consent– the data subject has given clear consent for their data to be processed for a specific purpose.
- Contract– where the organisation must process the data to fulfil a contract between the data subject and the data controller.
- Legal obligation– this lawful basis can be used when the data controller must process the data to comply with the law.
- Vital interests- where the organisation must process the data in order for someone’s life to be protected.
- Public task- where processing the data is necessary to perform a task in the public interest.
- Legitimate interest- where the legitimate interests of the data controller or a third party necessitate the processing of the data.
It is important to note that the legitimate interest lawful basis cannot be used by a public authority who is processing data to perform their official tasks.
If you can prove that your data was processed without a lawful basis because of positive wrongful conduct or a failing on the part of the council, then call today and have your case assessed for free.
How might a Sandwell Metropolitan Borough Council data breach potentially occur? Some examples of possible data breaches include:
- An email containing your personal data is sent to a recipient that has no authority to see it.
- Information about your child relating to school or nursery placement is mistakenly published on the council website.
- A social services data breach means that social worker notes about your personal circumstances are left on an unencrypted USB drive, which is left in a library computer.
It is important to note that not all data breaches involve information that is stored digitally. It can cover physically stored data, too. For instance, if a local council stored your personal data in a filing cabinet that employees did not lock, this could allow an unauthorised person to access it. This would also be classed as a data breach.
If you are a council tenant, the council will need to store your personal data in order to provide you with this service. For example, they may hold your:
- Tenancy audit information
- Documents that you have used to prove your identity (for example, a scan of your passport)
- Tenancy agreements
- Rent statements
Any of this information, if exposed, could cause you harm. For instance, if your passport scans were breached, then this could lead someone to commit identity theft. Furthermore, a scammer could use the information found on rent statements to make a phishing scam seem more realistic, leading to you losing out on money.
So, if you would like to know more about what could form the basis of a data breach claim against the council, get in touch with our team today. One of our advisors will be happy to offer you free legal advice.
If a council data breach occurs that affects the rights and freedoms of the data subject, they must report this to the ICO within 72 hours. The council should tell you about it without undue delay.
If you are concerned about the way a council has processed or used your data, then you can make a complaint to them directly. The ICO has a template that you can use to express your concerns.
If you do not receive an acceptable response from the council, you can make a complaint to the ICO. One thing to keep in mind, though, is that you should make the complaint within three months of your last meaningful contact with the organisation. If you wait any longer, the ICO might decline to investigate.
As mentioned, you can make a complaint to the ICO if you believe that failings on the part of an organisation resulted in a breach that caused you harm. However, the ICO are not able to award you compensation.
They can, however, investigate the breach, and their findings might support your claim further down the line. There’s no guarantee of this even if they decide in your favour, however, as the court could come to a different decision than the ICO.
You don’t have to report the problem to the ICO, and whether the ICO takes any action or not about your complaint does not affect your eligibility to pursue a claim. You also don’t need to have a solicitor act on your behalf, but you may find that this makes the process of claiming smoother than it would otherwise be.
If you would like to know more about the claims process, you can call and speak to our team of advisors. They can tell you how best to proceed.
The case Vidal-Hall and others v Google Inc  involved a landmark ruling in data protection claims. It held that people could claim compensation for mental harm following a data breach, regardless of whether they suffered any financial losses or not. Therefore, if you can prove that your mental health has been negatively impacted by a council data breach, you may be able to claim compensation for this.
The part of your compensation awarded to you to cover your financial harm is called material damage. This will compensate you for any money you have lost as a result of the breach. It will also take into consideration any long-term impact on your finances, such as an effect on your credit score.
Non-material damages will cover any emotional harm caused by the data breach. For example, you might suffer from stress or anxiety because your personal data was accessed by someone without authorisation to do so.
You can call and speak to one of our advisors to find out the types of damages you may be able to claim. Once our advisors know a little more about your situation, they should be able to give you a rough idea of the damages that might be applicable.
Below, we have provided a table that shows potential ranges of compensation based on different levels of emotional harm. We took the data for this table from the guidelines that are produced by the Judicial College in England. These guidelines are used by legal professionals when evaluating injuries.
|Psychological Problem||How Bad?||Potential compensation||More Info|
|Psychiatric harm||Moderately severe||£17,900 - £51,460||Psychological injuries associated with traumatic events would be included under this category. The victim's quality of life and ability to function will be impacted by the injuries. Moreover, the victim may continue to experience symptoms even after treatment.|
|Psychiatric harm||Severe||£51,460 - £108,620||All severe psychological injuries caused by repeated trauma would be covered under this category of compensation. As a result of a mental injury, people will have a much worse quality of life and a lesser ability to function. Even after extensive treatment, symptoms may persist.|
|Psychiatric harm||Moderate||£5,500 - £17,900||This category includes moderate psychological injuries caused by traumatizing events. A person may suffer from symptoms that impair their quality of life and ability to function. Recovery is possible, although it may take some time and treatment.|
|Psychiatric harm||Less severe||Up to £5,500||The category of less severe psychological compensation would encompass compensation for moderate trauma. It is likely that despite ongoing symptoms for some time, the victim will fully recover and will enjoy a better quality of life.|
In the case, Gulati and others v MGN Ltd, the High Court of Justice held that compensation awarded for emotional damage in a data breach case could be valued in the same way as in personal injury cases. This means that they can be valued using the help of the Judicial College Guidelines.
If you would like to get a more accurate estimate of the level of damages that you could receive for the harm you can prove you have suffered, call us today. One of our advisors could connect you with a lawyer to work on your claim.
A No Win No Fee type of agreement is an agreement that means you only need to pay your solicitor in the event that your claim is successful. Another name for this kind of agreement is a Conditional Fee Agreement (CFA). Under such an agreement, you would not need to pay your solicitor any fee until your claim has been resolved. And in the case of a claim that was unsuccessful, your solicitor will not expect to collect any fee at all.
If your claim is successful and the lawyer has been sent a compensation settlement for you, they will deduct a small success fee to cover their costs. There is a limit set by the Ministry of Justice on how much this success fee can be.
For a more detailed explanation of how a No Win No Fee works, you can reach out to our claims team. One of our claim advisors can answer any questions you might have.
If breaches have occurred that have caused you some kind of mental harm or financial loss, you may be in a position to try to claim compensation. You could get your claim started today by following these steps.
- Call our claims team on the number in the section below. An expert advisor will evaluate your claim and answer any questions that you might have.
- If they feel your claim has a good chance of success, they could then connect you with a solicitor to begin working on your claim for you.
- One of our expert data breach specialists will start processing your claim, usually under a CFA. This means you won’t pay any lawyer fees until your claim has been won.
Would you like to know the steps to take should data breaches at Sandwell Council potentially occur? Or perhaps you’ve been the victim of a data breach where an organisation has exposed your personal data? Could this breach have been prevented by the organisation that held your data? If so, get in touch with our team today. You can:
- Call us on 0800 073 8804
- Fill out a contact request form
- Use the live chat to the bottom right of this screen
All of these guides we have already published on this site could contain useful information for you the read through.
Additionally, these external links will take you to websites that contain information that is relevant to making a claim for a data breach.
Below, we cover some of the key questions that people ask about making a claim for a data breach against a council.
How do you check if your data is breached?
Look for suspicious financial activity related to your bank accounts and credit or debit cards. An organisation should inform you of a data breach that threatens your rights and freedoms without undue delay.
How do you report a GDPR data breach?
You can report a breach of UK-GDPR, to the ICO. You can do this by using the information that is provided on the ICO website.
Thank you for reading our guide on your rights if data breaches at Sandwell Council were to occur.
Guide by Wheeler
Edited by Stocks.