Derbyshire County Council Data Breach Compensation Claims Guide
Can you prove that you have been caused financial or psychological harm as the result of a Derbyshire County Council data breach? If so, our guide could help you figure out the next steps that you can take.
Data breach incidents can have severe repercussions for all involved. A 2021 survey conducted by the Department for Digital, Culture, Media and Sport showed that cyber attacks have become more frequent and have become more sophisticated.
My Private Data Was Shared By The Local Council, Can I Claim?
The General Data Protection Regulations (GDPR) is in place to ensure organisations, including the council, have procedures in place to protect personal data. Personal data is any information that could be used to identify you, either in isolation or when combined with other information.
But what happens if your data has been compromised as a result of the council failing to comply with the GDPR and you were caused financial or psychological harm as a result? This is what our guide will cover.
For more information, you can contact our team by calling on 0800 073 8804. Alternatively, please continue reading for more details about what might constitute a data protection breach by your local council.
Select A Section
- A Guide About Claims For Derbyshire County Council Data Breaches
- Cyber Security Statistics
- What Is A Claim Against Derbyshire County Council For A Data Breach?
- Do Data Protection Rules Apply To County Councils?
- Types Of County Council Data Breaches
- Education and Social Care Data Protection
- Reporting A County Council To The Information Commissioner
- How Does The Data Breach Claims Process Work?
- What Types Of Damages May Be Awarded?
- Calculate Payouts For Derbyshire County Council Data Breaches
- No Win No Fee Claims For A Derbyshire County Council Data Breach
- Who Could Help With My Claim?
- Talk To An Expert
- Extra Resources
- Data Breach FAQs
In this article, we’ll guide you through the different stages of making a data breach claim. In addition, we’ll provide you with information about how a solicitor might benefit you, and how a No Win No Fee agreement could help you in funding legal representation.
Additionally, our guide will look at data breach claim examples. These may help you determine whether the council has failed to meet the obligation they have to protect your data.
Furthermore, we will provide information on the different damages you could claim in compensation. We will also look at the evidence you’ll require to support your claim.
We hope that you will find this guide useful and informative; however, we understand that you may still have questions after reading. If you do, our advisors are available to take your queries. So for further help and advice, contact our team on the number above. Otherwise, read on for more information.
According to the Cyber Security Breaches Survey 2021, 39% of businesses and 26% of charities reported a cybersecurity breach or attack in the last 12 months. The survey also found that businesses and charities consider cybersecurity an important issue; over three-quarters of businesses and 68% of charities say that it is a high priority to their senior management.
The graph below shows how important businesses and charities perceive cybersecurity to be. The figures are provided by the Department for Digital, Culture, Media and Sport.
A Freedom of Information request revealed that there were more than 700 data breaches reported by UK councils to the ICO in 2020. The breaches, which caused councils to go offline for a period of time, had an effect on the services provided to a number of vulnerable people who needed them.
Additionally, it puts people’s data at risk of being used unlawfully. For that reason, it’s important that the people responsible for protecting our data follow the regulations that are in place.
When looking at who is responsible for the data that we give to third parties, the data controller determines how and why they’ll use your data. However, they may enlist a data processor to handle and store the data.
Anyone in these positions is required to follow the GDPR. For instance, password protecting IT equipment and installing appropriate security software to protect data can protect digital information. Physical data can be protected by being locked away in a filing cabinet.
Failing to protect data could result in data breaches such as:
- Lost or stolen physical paperwork
- Lost or stolen hard drives, USB drives, computers or phones
- Malicious software designed to steal or copy personal data
If you can prove your data has been compromised in a similar situation, and you have been caused demonstrable harm as a result, a local council data breach claim could be made against Derbyshire County Council.
There are various data protection rules that apply to county councils, including the GDPR and the Data Protection Act 2018 (DPA).
The GDPR was created and implemented in 2018 to manage how organisations handle EU citizens data. The DPA then enshrined this into UK law.
Its main purpose was to ensure people were given the option to control how their information is used. Additionally, it was to prevent personal data from being used without the consent of the data subject in a way that would not be reasonably expected.
The seven main principles in the GDPR that organisations are obligated to uphold are:
- Accuracy. Having accurate and correct details for the personal data they hold
- Storage limitation. Only storing personal data for the necessary amount of time
- Lawfulness, fairness and transparency. Ensuring that data is processed lawfully, fairly and transparently in relation to data subjects.
- Accountability. Taking responsibility for how they’re using data and making sure they comply with other principles
- Purpose limitation. Only use your data for the intended purpose
- Data minimisation. Only storing the relevant data that they need
- Integrity and confidentiality. Ensuring they keep your data protected and secure by putting protocols and measures in place
The council is made up of many different departments and could hold various types of personal and financial data for someone. For instance, the council could hold:
- Birth, death and marriage certificates
- Information about your business if you’re a business owner
- Information on your financial state
- Employment status
This data may either be identifiable or unidentifiable:
- Identifiable data is data that could allow someone to easily identify someone else directly, such as their name or email address
- Unidentifiable data is data that someone could trace back or use to identify someone such as a car registration number, passport number or national insurance number
There are various ways in which data held by the council could be exposed. For instance, they could fail to encrypt personal information on devices.
Other examples of a local council data breach might include:
- Paperwork being sent to childrens’ birth parents with adoptive parents names and address which could cause disruption to their lives e.g. relocation, stress, the anxiety of conflict with birth parents, which could be unsettling for the children
- Unsolicited emails sent in a campaign for elections
- Posting letters or sending emails containing personal information to the wrong people
- A file containing employee records being left on a desk and being visible to colleagues
The Derbyshire County Council is responsible for overseeing the education and social care departments. With regards to schools, they may provide additional community education. This might include:
- Early childhood education as an addition to nursery or pre-school
- Enrichment programmes offered in schools
In order to be involved in these programmes, organisations may need children’s details such as name, address and parent names. They may also require medical information that organisations may need for health and safety purposes, such as details of allergies, disabilities or other medical conditions. Failing to protect this data or using it without a lawful basis could result in severe psychiatric harm for the children and parents involved.
Additionally, the county council may be responsible for child protection. An example of a breach in this department could see details of cases released without the families consent. This could put the family at risk.
Furthermore, the county council may offer services to people with mental health issues and disabilities. This means they could hold medical records for people that could be leaked. This could cause severe psychological stress or anxiety in someone who did not consent to this information being shared.
You may have been notified by the council that there was a data breach, or you may just have a concern that they have breached data protection. In either case, you can contact them for details of the breach or suspected breach, and ask them to confirm what action they’ll be taking to resolve the issue.
Once three months have passed since your last meaningful communication with the organisation, you can then raise your concern with the Information Commissioner Office (ICO). However, it’s important to be aware that it may be more difficult for the ICO to investigate your claim if a long period of time has passed since the breach.
For that reason, you should ensure you make your complaint to the ICO in a timely manner. This might include ensuring you have contacted the correct department of the council you think is responsible for the breach.
What are the consequences of breaching data protection?
It’s important to note that the ICO can’t award compensation. However, they are able to issue fines and warnings to any organisation that failed to comply with the GDPR.
If a data breach by an organisation has been reported, the ICO may carry out an investigation. After the investigation, if the ICO feels an organisation has failed to comply with the GDPR, it may issue an enforcement action.
This could consist of the organisation being made to take steps to bring data protection policies and procedures up to scratch so they are complying. Additionally, they may get a fine.
The fines and warnings could vary depending on the severity of the data breach. For instance, lower fines may be given for data breaches that have caused a less severe impact on the data subjects’ lives.
As mentioned previously, you don’t need to raise your concerns with the organisation or the ICO in order to make a claim. However, it is the recommended process as it can be a good way to build evidence to support your claim.
Alternatively, you can get in touch with our team and they can connect you with a solicitor who will be able to take you through the next steps.
How long do I have to make my claim?
Generally, the time limit to making a data breach claim against a private company is 6 years. However, if the defendant happens to be a public body (such as a council), this shortens to 1 year. And it’s not always obvious how much time you have to claim. So, we advise that you speak to us about your potential claim as soon as you can.
There are two types of damages you could potentially claim in compensation following a local authority data breach. Firstly, if you’ve suffered any financial losses, you could claim for them under material damages. They cover you for any financial loss, including future damage to your finances.
For instance, if you’ve been a victim of identity theft, this is something that could continue to affect you. This will be taken into consideration when valuing your claim.
Additionally, you may have suffered from the psychological effects following the data breach. For instance:
- Loss of sleep
- Stress or anxiety
- Uncertainty of the future from a financial perspective
For more information about the effect that a data breach could have on you, get in touch with our team on the number above.
What evidence will I need to make a data breach claim?
When making your claim, you will require evidence to support it. Generally, you’ll need to prove that the council was to blame for the data breach. The following pieces of evidence may help to do this
- Correspondence with the council such as emails or letters detailing the breach.
- If you have raised a complaint with the ICO, they may conduct an investigation so you could use the findings from this as evidence. However, the decision of the ICO is not final, and the court may come to a different conclusion than that reached by the ICO.
Additionally, you’ll need evidence for the different types of compensation you’re claiming. For instance, for material damages, you could provide bank statements or credit card statements to show the financial harm you have experienced. Also, your credit score rating may provide evidence of the impact the breach may have on your finances in the future.
If you’re claiming for any psychological damages, you could provide medical records that detail the psychological state you were left in as a result of the breach. In addition to this, you could provide evidence of any treatment you’ve required to cope with the psychological harm caused by the breach.
Additionally, you may be invited to attend an independent medical assessment which can provide an additional medical report to determine the state of your psychological suffering.
Although you might be wondering how much your claim may be worth, it’s difficult to give an exact amount. Every claim value will vary depending on how severely the data breach has impacted you.
Additionally, not every claim will have both material and non-material damages. Some will just have one or the other. Furthermore, if you are claiming both, they will be considered individually and will combine to make up your total compensation award.
The way compensation is awarded in data breach claims has changed since the Court of Appeal decision in Vidal-Hall and others vs Google Inc in 2015. The Court of Appeal held that psychological injuries should be considered independently, without the claimant needing to have suffered financial losses as well. Before this, a claimant would need to have suffered financially as well as mentally in order to claim for psychiatric damage.
For that reason, we can look at potential compensation awards for mental harm and have included a table using figures from the Judicial College Guidelines (JCG). These are guideline compensation brackets for a range of different injuries of different severities.
|Injury and Severity||Description of injury||Compensation Amount|
|Severe Psychiatric damage||The award given will depend on the severity of the impact on a person's relationships and their ability to cope with life, education and work||£51,460 to £108,620|
|Moderate Psychiatric damage||The award will be given to instances where there may have been an effect on work, life, education and relationships but an improvement has been made and symptoms of the damage not be permanent||£5,500 to £17,900|
|Less severe Psychiatric damage||The award given will depend on how long a person suffered an impact on their life, work, education and relationships||£1,440 to £5,500|
|Severe Post-Traumatic Stress Disorder||A person may have seen a permanent impact on every aspect of their life||£56,180 to £94,470|
|Moderate Post-Traumatic Stress Disorder||A person may have mostly recovered with some ongoing issues that don't cause a severe impact||£7,680 to £21,730|
|Less Severe Post-Traumatic Stress Disorder||A peson may have fully recovered from all symptoms within two years||£3,710 to £7,680|
However, if you have any further questions, get in touch with our team on the number above. Otherwise, read on for more information on No Win No Fee agreements.
A No Win No Fee agreement is a contract between you and your solicitor that sets out the conditions that they need to meet before being paid. It means that you avoid the financial risk that is often associated with legal representation.
It essentially means that if the solicitor is unsuccessful with your claim, you won’t be required to pay solicitor fees. You also won’t be asked to pay anything in order for them to start working on your claim.
If they do win your claim, you’ll pay a legally capped success fee. You and your solicitor will agree upon this beforehand, so the percentage deducted will never come as a surprise.
If this is something you’re interested in learning more about, get in touch with our advisors on the number above. If they feel your claim has a good chance of success, they can connect you with our No Win No Fee solicitors to take you through the next steps of your claim.
For more information, contact our team on the number above.
We’ve explored how a No Win No Fee agreement may be beneficial to you; however, you may not know how to start looking for a solicitor you can trust to handle your claim. If so, we can help.
Here at Legal Expert, our solicitors operate on a No Win No Fee basis. In addition, they are experienced in data breach law and in handling claims similar to your own.
They can communicate with you throughout the claims process and take you through each step to ensure it goes smoothly.
For more information on how we could help, take a look at our reviews page.
We’ve tried to cover as much information as possible in this guide; however, it’s understandable if you still have questions. Our advisors are here to help. They’re available to answer your queries regarding your data breach claim.
They are available 24/7 and can provide free legal advice. So no matter your enquiry, get in touch on the details below:
- Telephone 0800 073 8804
- Chat with us using the live chat box below
- Fill out our call-back request form so we can chat at a time convenient for you
If you’ve been struggling with your mental health after a data breach, visit the NHS website for information on the mental health services available.
Did you know you have the right to have your data deleted? If an organisation fails to comply, they could be at risk of breaching data protection. Find out more on the ICO website.
See the government guide on the GDPR for further information on how it may apply and the rights you have regarding your data.
If you’ve suffered a data breach due to your employer, you could claim compensation. See our guide for more information.
Our guide on university data breach claims could provide you with the information you need to get the compensation you deserve.
If you’re unsure about the process of reporting a data breach incident, our guide could help.
In this section, we have answered some of the most commonly asked questions on what to do if you’ve suffered a data breach.
How could you be impacted by a data breach?
If you’ve experienced a data breach, this may have impacted you both financially and psychologically. If your credit card details or banking information was exposed, this could lead to identity theft where criminals open bank accounts or take out loans in your name.
What are the causes of data breaches?
There are various ways a data breach could happen. For instance, a company could process data without a lawful basis to do so. A data breach may also come about as the result of a cyber attack.
How do I know if my data was stolen?
Organisations must notify you without undue delay if a breach has occurred. If you are concerned that a data breach has occurred and you have not been notified, you can get in touch with the organisation directly.
What information laws do I need to know about?
There are a couple of pieces of legislation that govern how organisations can use your personal data. For instance, the GDPR and the Data Protection Act 2018 both set out limitations in the way that an organisation can process your data and for what purposes.
Thank you for taking the time to read our guide on Derbyshire county council data breach claims. We hope you found it helpful.
Written by Mitchell
Edited by Stocks