Durham County Council Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Durham County Council Data Breach
How To Deal With A Data Breach By Your Local Council
Durham County Council is the local authority that governs the area of County Durham, a historic county in North East England. Local councils collect personal data from the public and employees to operate. Importantly, local authorities should safeguard the personal data that they collect. Therefore, what happens if a Durham County Council data breach takes place?
This guide aims to help you understand the difference between a valid data breach claim and one that isn’t. We also explain how to make a claim.
If you wish to claim council data breach compensation, trust Legal Expert to help you. We could connect you with a No Win No Fee data breach solicitor to handle your claim. So, call our claims helpline today if you have evidence of a valid data breach compensation claim.
A claims advisor will be happy to answer any questions you may have. Plus, their advice is free and you’ll be under no obligation to proceed with the services of our lawyers.
Select A Section
- A Guide To Durham County Council Data Breach Claims
- Incidence Of Cyber Security Attacks
- What Is A Durham County Council Data Breach Claim?
- Are County Councils Exempt From The GDPR?
- Types Of Data Breaches By Local Councils
- Rent Payment And Tenancy Statement Data Breaches
- Taking Your Breach To The ICO
- How To Claim For A Breach Of Data Protection By The Council
- What Are Material And Non-Material Damages?
- Durham County Council Data Breach Compensation Calculator
- No Win No Fee Durham County Council Data Breach Compensation Claims
- Finding A Lawyer Specialising In Data Breach Claims
- Useful Data Protection Information
- Council Data Protection FAQs
County councils and other organisations in the UK should follow the rules of the General Data Protection Regulation if they process personal information. The GDPR is a piece of EU data protection legislation. The Data Protection Act 2018 enacts the GDPR into the laws of the United Kingdom.
Local authorities should do the following when they collect or process data:
- Firstly, the council is responsible for safeguarding the personal data they collect.
- Secondly, they should take data protection seriously. For example, council staff could receive data management training. Likewise, the council could put strong cybersecurity systems in place to protect the data.
- Furthermore, if their failings cause a data breach, they could be liable for any mental harm or financial loss caused.
There are other rules that councils have to follow in regards to data protection. We’ll look at these later in this article.
If a local council’s failings have caused a data breach involving your personal information, you may be eligible to claim compensation if you suffered mental harm or financial loss as a result.
Your payout could include compensation for the emotional distress the data breach has caused you. In addition, it could include reimbursement for any financial losses incurred.
Begin Your Claim Today
Our solicitors offer No Win No Fee agreements. And, if you have evidence of a valid claim, our advisors could connect you with them. All you have to do is get in touch.
There is a data breach claims time limit. There is a six-year time limit to begin your claim if it is against a private organisation. However, if the data breach concerns a public authority like a city council, you have one year to begin your claim. And because other elements could influence the timeframe, you might find that you’re too late without even knowing it. So, speak to us at the earliest opportunity to ensure that you begin your claim and don’t miss your compensation.
Personal data breaches can happen at organisations because of human error on the part of employees. However, a data breach can also occur if the organisation is the target of a cyber attack.
The government’s Cyber Security Breaches Survey 2021 offers some invaluable insight into the prevalence of data breaches. The survey stated that 4 in 10 businesses had experienced a data breach in the previous 12 months. However, 64% of large businesses and 65% of medium-sized businesses said they had experienced data breaches last year. This indicates that the number of data breaches reported was higher for medium to large-sized businesses.
Similarly, the survey states that a quarter of charities have experienced a data breach in the last 12 months. Just as medium to large businesses reported more data breaches, likewise so did larger charities. For instance, 51% of high-income charities have experienced a data breach in the last year.
When an organisation collects personal data, they are responsible for protecting it. A data breach is when personal data is lost, destroyed, accessed, altered or disclosed without a lawful reason or authorisation. A data breach can happen because of human error. Or it can be deliberate (for example, a cyber attack can cause a data breach).
A personal data breach can involve the following:
- Third parties gain unlawful access to the data.
- A malicious actor steals the personal data.
- Data is lost, encrypted, altered or destroyed without permission or a lawful reason.
- Personal data is leaked or exposed to unauthorised persons without a lawful reason.
Victims of a personal data breach could experience emotional distress as a result. For example, if a vulnerable person has their address made public, it may affect their personal security. The prospect of this could cause anxiety or stress. Moreover, criminals can use certain personal data for identity theft or fraud. Consequently, some victims of data breaches can experience financial losses.
If you suffered mental damage or financial loss because of a data breach caused by security failings, you may be eligible to claim compensation. To discuss this, why not get in touch today?
Local authorities are not exempt from following the rules of the General Data Protection Regulation. Therefore, when they collect personal data, they should follow these rules:
- First, the council can only collect the data if the data subject permits them. (A data subject is someone whose personal data is processed.) Often organisations allow subjects to “opt-in”.
- And what’s more, the council should explain the reason for collecting the data. After that, the council cannot use personal data for a different reason. (That is unless there is a lawful exception to getting consent.)
- The council should keep its personal data up to date. And it should delete personal data that it no longer needs.
- Finally, the council should operate within the law when it collects, processes and stores personal data.
There are other rules the council needs to follow in order to comply with data protection too.
There are many reasons why a personal data breach may occur. Below are some examples of how a council may breach personal data privacy.
- An employee sends an email containing someone else’s personal information to the incorrect recipient who doesn’t have a lawful reason or authority to view it.
- The council is the target of a cyber attack. As a result of poor IT security, criminals gain unlawful access to staff personal data and residents’ data.
- A receptionist leaves a file on a public-facing desk. The file contains personal data, which unauthorised persons can access.
- Social services data breaches can take place if social services disclose personal data about a client, for example, to a person who doesn’t have a lawful basis to access that information.
- The council sends an employee letter containing personal information to the wrong address. Consequently, the council shares staff personal data with an unauthorised third party.
- An online service that allows residents to perform tasks such as applying for a taxi permit or paying council tax is attacked. Due to insufficient security, the residents’ personal data is hacked.
Social housing is affordable housing that local authorities or housing associations provide. What happens if a public housing (social housing) data breach takes place? Public housing tenants may have the following data exposed or breached:
- Telephone numbers and mobile phone numbers
- Date of birth
- Tenancy documents such as tenancy agreements with their name and address on
- Scans of tenancy audit documents
- Financial information that is used to pay rent online
What is the Information Commissioner’s Office? The ICO are a public body in the UK that enforce data protection laws. This includes the General Data Protection Regulation.
If a Durham County Council data breach takes place, what should happen? The process would be similar for any authority that collects or processes personal information.
When personal data breaches occur, and they risk the freedoms and rights of data subjects, the organisation should report the data breach to the ICO within 72 hours. After that, the data protection officer (or relevant staff) should investigate the data breach and try to resolve the matter internally. The ICO may investigate the data breach. As a result, the ICO could issue a fine.
If a council breaches your personal data privacy, should you report the data breach to the ICO? We recommend that you raise your concerns to the council first. Their data protection officer may be able to resolve the matter internally.
However, what should you do if they give you an unsatisfactory response? If it’s within three months of the last meaningful communication with the council about the issue, you could contact the ICO. Waiting longer than three months could impact their decisions on it.
However, though they may investigate the matter, the ICO can’t offer you compensation for any financial loss or mental harm you endure because of a data breach. But we could. Talk to our advisors if you have a valid claim.
Now let’s look at how the data breach claim process works. If you can prove you suffered financially or psychologically because of a data breach caused by security failings, you could begin a personal data breach claim.
What Can We Offer You?
- Our knowledgeable data breach lawyers have solid experience handling data breach claims.
- Moreover, our data breach solicitors can assess your claim to ensure you receive the right amount of compensation.
- And you can read our online reviews, to see how satisfied our previous clients were with the service they received.
To see if you can begin your claim for council data breach compensation, contact Legal Expert today.
If you had a successful claim, your compensation payout would include up to two heads of claim. These are material damages and non-material damages.
Non-material damages are compensation for the emotional distress the data breach has caused. You could claim compensation for any psychological injuries you have suffered due to your data breach. For example, you could claim compensation if the data breach causes you anxiety.
Furthermore, material damages compensate for any financial losses you have suffered due to a local council data breach. For example, if criminals gained access to your bank account details and stole money from you, you could claim these funds back.
You would need proof to claim for both types of damages. For material damages, this could involve bank statements and credit scores for example. For non-material damages, it would involve an independent medical assessment.
The medical professional assessing would produce a report. The purpose of this report is to prove that your injuries were caused by the data breach and to identify how severe they are. The report can be used to help value these injuries.
How much is your council data breach compensation claim worth? You can use the compensation table below to estimate how much your claim could be worth.
Importantly, the claim amounts are based on guidelines published by the Judicial College. These guidelines and the medical report are used by solicitors to help them when valuing mental or physical harm.
|Injuries Sustained By The Claimant||Compensation||Comments On The Psychological Injury|
|Less Severe - Psychiatric Damage Generally||Up to £5,500||Compensation awarded will take account how long the disability has lasted and what the impact of this has been.|
|Moderate - Psychiatric Damage Generally||£5,500 to £17,900||The claimant has experienced a significant improvement in how they can cope with everyday life as well as education and work. Compensation could also be influenced by the success of treatment.|
|Moderately Severe - Psychiatric Damage Generally||£17,900 to £51,460||Claimants could have significant issues with factors previously highlighted. Their outlook for recovery should be better.|
|Severe - Psychiatric Damage Generally||£51,460 to £108,620||This is the highest and most severe category of injury. The victim could suffer effects in the personal / social life or in their ability to work or go through education. The will have a poor outlook for recovery.|
|Less Severe - Post-Traumatic Stress Disorder||Up to £7,680||Victims should make a full recovery in under 2 years. There could be some minor symptoms which last longer.|
|Moderate - Post-Traumatic Stress Disorder||£7,680 to £21,730||The claimant should largely have recovered.|
|Moderately Severe - Post-Traumatic Stress Disorder||£21,730 to £56,180||These cases are less severe than those below. The person should have a better outlook for the future. A degree of recovery should have already along with professional treatment.|
|Severe - Post-Traumatic Stress Disorder||£56,180 to £94,470||Claimants could have sustained a serious form of PTSD. This could also prevent the claimant from working or could severely reduce their ability do this at the same degree as before the trauma.|
The compensation table above does not include how much compensation you could be owed in material damages because that varies greatly for each person.
Please note, the final amount of compensation you receive may vary. This depends on your personal circumstances. You can call our claims helpline for a free, personalised data breach compensation quote.
Not everyone can afford to pay a data breach solicitor upfront. That’s why our solicitors give you the option to sign a Conditional Fee Agreement (the formal term for a No Win No Fee agreement). After that, they can handle your claim as a No Win No Fee case.
What Does This Mean?
A No Win No Fee claim is when the solicitor does not charge the client an upfront solicitor’s fee. Instead, the client pays a success fee if their solicitor wins their claim. Your solicitor would deduct the success fee from the compensation package. The fee is at a legally capped rate to benefit you.
No Win No Fee claims are an accessible option for those who wish to use the services of a solicitor. Your solicitor would not ask you to pay for their work while the claim is ongoing. You would only pay the solicitors fees once compensation comes through.
Therefore, if you feel reluctant to pay a solicitor’s fee unless there’s a successful conclusion to a claim, No Win No Fee may be the best option for you. Speak to Legal Expert today to see if your claim can be made on a No Win No Fee basis.
If you wish to claim council data breach compensation, contact Legal Expert today. A trained advisor will be happy to talk to you. If we can see that you are owed compensation, we could connect you with a data breach lawyer to start working on your claim.
Use the details below to speak to us about making a claim:
- Call 0800 073 8804 to speak with a claims advisor.
- Please chat with us directly using the Live Support widget on the bottom right-hand corner of your screen.
- Or please fill out the claims form on our website.
Have you been harmed by a council data breach? Then you may be eligible to claim compensation. Please feel free to read these guides to learn more about making a data breach claim.
Solicitors Data Breach Compensation Claims – explaining how to make a compensation claim for a breach of your personal data.
Local Authority And Council Data Breach Claim – explaining how to claim compensation for a local authority data breach.
NHS Data Breach Compensation Claims – a guide to claiming compensation for a breach of your personal data privacy by the NHS.
Your Data Matters – an ICO guide to how organisations should handle your personal data
A government guide to avoiding scams and suspicious emails
We will now answer some frequently asked questions.
What are my rights under the GDPR?
When organisations collect personal data from people, these data subjects have rights. The GDPR upholds the rights of data subjects. For example, you would have the right to access your own data and the right to be informed about how it’ll be used. This government guide lists your full rights under the GDPR.
What procedures should a local council have in place?
A local council could have a data protection policy and perhaps appoint a data protection officer. The council could also train staff to manage personal data and have an adequate computer security system to prevent data breaches.
When could my data be shared?
Organisations can only share personal data if there is a ‘lawful exception’. Firstly, an organisation can share personal data without permission if they are legally able to do so. For example, an organisation can share personal information without permission in a medical emergency to help save a life.
How do data controllers protect your information?
A data controller is an organisation that decides how and why personal information is processed. They’re obliged to protect the personal data they hold or process. The data controller should do so by following the rules of the GDPR.
Thank you for reading our online guide exploring what to do after a Durham County Council data breach.
Written by Chelache
Edited by Victorine