East Suffolk Council Data Breach Claims
In this article, we are going to review what you could do after an East Suffolk Council data breach.
The GDPR (General Data Protection Regulation) was enacted into UK law via the Data Protection Act 2018. The data Protection Act sits alongside the UK GDPR. The data protection laws are designed to offer more control over how personal data is used by organisations.
Data protection law is enforced by the Information Commissioner’s Office (ICO). While they can fine companies for data breaches or force them to change the way they work, they can’t compensate innocent victims. Therefore, we will explain how to take action for potential compensation.
It is important to note, claims for compensation are only possible if a data breach results in suffering. For example, you could claim if the breach makes you ill with stress and anxiety or other psychological harm. You could also be eligible to seek damages for financial losses. We’ll explain more about this as we continue.
What’s more, the data breach would need to be the result of the council’s positive wrongful conduct. Not every data breach is caused by an organisation’s failings.
We are able to help you if you have evidence of a justifiable claim. Firstly, we offer free legal advice during a no-obligation case review. Then, if your case is accepted, we could connect you with one of our data breach solicitors. Should they decide to represent you, you’ll benefit from their No Win No Fee service.
If you’d like to discuss your claim with Legal Expert, please call today on 0800 073 8804. Alternatively, continue reading to learn more about the claims process.
Select A Section
- A Guide On When You Could Claim For An East Suffolk Council Data Breach
- Are Data Breaches Increasingly Common?
- What Claims Could Be Made For East Suffolk Council Data Breaches?
- How UK GDPR Impacts Local Councils
- Types Of Personal Data Breaches By Councils
- Housing, Tenancy And Social Service Data Protection
- Where To Report A Council Data Breach
- The Claims Process
- How You Could Be Compensated
- How Do Calculators For East Suffolk Council Data Breaches Work?
- No Win No Fee Damages Claims For An East Suffolk Council Data Breach
- How To Find The Right Person To Handle Your Case
- Talk To A Claims Expert
- Where To Find Out More
- Frequently Asked Questions About Protecting Your Data
A Guide On When You Could Claim For An East Suffolk Council Data Breach
When you interact with businesses these days, you’ll be asked to confirm how you’d like your personal data to be used. Personal data or personal information is any information that can help identify you. For example, names and addresses would be personal information.
That might involve tick boxes on application forms or pop-up boxes on websites. They are there because the UK GDPR expects organisations to tell you (the data subject) about how your personal information will be used. In many situations, they also need you to confirm you are happy for them to do so.
As well as storing your personal data, it may also be shared to make some processes more efficient. That’s one reason why the UK GDPR exists. Organisations, including councils, should follow these rules to help reduce the risk of data breaches occurring.
If the rules are broken, and you are financially or psychologically harmed as a result, you might decide to take action. If you do, you’ll need to claim within the relevant time limits. This can be as little as 1 year for council data breach claims but can vary so please connect to live chat to check how long you have.
We’d suggest that starting your claim early is a good idea. If you do, everything would be fresh in your mind and easy to recall. Also, you’ll allow your solicitor (if you use the services of one) the time to collect important evidence to support your case.
Are Data Breaches Increasingly Common?
There is little doubt that data breaches happen fairly regularly, but how often do they affect local authorities? To help answer that question, we’ve listed the 3 reasons for data breaches in local government based on data security trends provided by the ICO.
Cyber-related data breaches
- Ransomware attacks: 5 incidents.
- Phishing: 4.
- Malware-related incidents: 2.
Non-cyber data breaches
- The wrong recipient receiving personal information by email: 40 incidents.
- Personal information being sent unredacted: 35.
- Paperwork being left in insecure locations being lost or stolen: 13.
This information relates to 1st April 2021 to 30th June 2021.
What Claims Could Be Made For East Suffolk Council Data Breaches?
Before looking at your eligibility to claim, it is important to understand what personal data breaches are. The ICO defines them as security problems that cause personal data to be disclosed, lost, changed, destroyed or accessed in ways that you’ve not permitted or are unlawful.
Even if a data breach does occur, though, you’re not automatically going to be compensated. To make a successful data breach compensation claim, you’ll need to show that:
- A data breach happened and your data was involved; and
- The incident caused you to suffer. This could involve psychological illnesses such as Post-Traumatic Stress Disorder (PTSD) or financial losses.
Another consideration is whether the council did anything wrong. For example, if a data breach occurred because the council’s online system was attacked by cybercriminals, you could be eligible to claim if the incident was possible due to out of date security software. However, if there was no way for the council to prevent the hack, there would be less chance of claiming.
How The UK GDPR Impacts Local Councils
Councils require a lot of personal information to help them function. In addition, they decide how and why personal data will be collected and processed. As such, they are data controllers in the eyes of the UK GDPR.
That means they must check there is a lawful basis to process personal information before carrying out any new tasks. If the same object is achievable without using your data, the lawful basis won’t exist.
Additionally, the council must be able to demonstrate that it complies with some important principles in relation to processing personal information. They must:
- Use legal, transparent and fair processes.
- Only gather the personal data that is required and nothing more.
- Ensure the security of any personal data.
- Not retain personal information for any longer than it is needed.
- Ensure the accuracy of personal data. It should also be up to date.
- Make sure personal information is processed for specific, legitimate and explicit reasons.
Types Of Personal Data Breaches By Councils
There are so many different ways a data breach could take place that we can’t list each one here. However, the list below should give some idea of what actions (or inactions) could lead to a data breach claim. Remember, claims might be possible for deliberate, illegal or accidental actions that cause you to suffer financially or psychologically.
- Where computers or devices and containing unsecured personal information are stolen or lost.
- If a council officer is overheard discussing your case (including details that would identify you) by unauthorised individuals because they failed to move to a private location.
- When documentation containing personal information about you is emailed or posted to the wrong person, despite the council having the correct details.
- If your personal data is viewed by unauthorised parties because a council worker’s PC is viewable from a public waiting area.
- Where personal information is accessed unlawfully because it was not securely destroyed.
Importantly, if the council contacts you to explain that your personal data has been involved in a UK GDPR data breach, retain the letter that you receive. It could be used as evidence during any future claim.
Housing, Tenancy And Social Service Data Protection
Each department at the council could potentially hold different types of information about its clients. We can’t show you every piece here, but some examples include:
- Social care records. There is the potential for these to contain extremely sensitive personal data about vulnerable children or adults.
- Tenancy agreements. The housing department could hold these and they might contain your contact information plus details about your property.
- Scanned ID documents. In some cases, council departments could hold copies of your passport, drivers licence and other documents used to verify your identity.
You can probably imagine what might happen if these documents ended up in the wrong hands or are exposed. In some cases, you might be made ill because of anxiety, stress or embarrassment. In other cases, you might suffer financially if a criminal decides to use your personal information.
That’s why the GDPR expects documents and files containing personal information to be kept securely. Where data is compromised because of a council’s security failings, you could go on to claim for any mental harm or financial loss caused.
Where To Report A Council Data Breach
You might think that the ICO should be contacted the minute you find out about a data breach involving your data. Before you do though, you’ll need to complain to the council formally.
If you do not agree with the council’s findings, you should escalate your complaint. Details of where to escalate may be listed within the council’s reply. When you can take your complaint no further and you haven’t had a satisfactory response, you could contact the ICO.
You would have 3 months from the council’s last meaningful response to contact the ICO. If you take longer than this, it could impact the council’s decisions.
Bear in mind though that the ICO cannot issue compensation to you. While their report might help to prove what happened, you’ll need to take legal action yourself to claim for any suffering. For that reason, we would suggest contacting us in the first instance. If your case is accepted, a solicitor will review the case with you before deciding whether to involve the ICO. It is quite possible that, once evidence has been provided, the council could resolve the claim amicably without the need for an external investigation.
This guide on what you could do after an East Suffolk Council data breach aims to help you. However, if you have any questions, why not reach out?
The Claims Process
In summary, if you believe you have a valid council data breach claim, we believe you should:
- Complain to the council to find out whether they admit to the breach and how they can help you.
- Collect evidence like financial records or medical records that show how you have suffered.
- Call our advisors to have your claim reviewed for free.
When you call, you won’t be under any obligation to make a claim. In all cases, we’ll provide free legal advice and be honest about your chances of being paid compensation. To find out more about your options, please call today.
How You Could Be Compensated
When claiming for a council data breach, you could seek compensation under two heads of claim:
- Material damages. This is used to cover any monetary losses, costs or expenses linked to the incident.
- Non-material damages. Used to compensate you for any pain or suffering caused by psychological or psychiatric injuries due to the data breach.
For example, a material damages claim could cover any money stolen from you by criminals. This might happen if your personal details (from the data breach) are used in identity theft.
For non-material damages, you might claim for any psychological injuries that have been diagnosed by a medical professional and attributed to the data breach.
Importantly, only one claim is possible for each data breach incident. Therefore, you must ensure that any future suffering is considered too. To help with this, you would visit a local medical specialist. During your appointment, they will assess your injuries and write a report detailing your prognosis. If they identify that you will carry on suffering for any length of time, this could be included within your claim.
The report they create is also intended to show that your psychological injuries were caused or worsened by the data breach. If there’s no link between your mental injuries and the data breach, you may find it hard to receive non-material damages.
Our belief is that you’ll have the best chance of making a full claim if you’re supported by a solicitor. If you work with our solicitors, they will try to ensure everything is included by gaining a full understanding of how you have suffered. If you’d like to know more about what help we can provide, please call today.
How Do Calculators For East Suffolk Council Data Breaches Work?
In this part of our guide, we’re going to concentrate on potential compensation figures. Although claim values do vary, we have supplied some compensation ranges for different injuries that could result from data breaches in the table below. If you call to have your case assessed, we would be able to provide a more personalised estimate for free.
|Type of Claim||Settlement Bracket||Notes|
|Psychiatric Damage Generally||£51,460 to £108,620||Diagnosed as severe|
|£17,900 to £51,460||Diagnosed as moderately severe|
|£5,500 to £17,900||Diagnosed as moderate|
|Up to £5,500||Diagnosed as less severe|
|PTSD Injuries||£56,180 to £94,470||Diagnosed as severe|
|£21,730 to £56,180||Diagnosed as moderately severe|
|£7,680 to £21,730||Diagnosed as moderate|
|Up to £7,680||Diagnosed as less severe|
In the case, Vidal-Hall and others v Google Inc , the Court of Appeal held that when settling data breach claims, compensation should be considered if the claimant has suffered psychological injuries, regardless of whether or not they also suffered financial loss. Before this case, you had to suffer financial loss in order to also claim psychological damage. Now you could claim for both or either, providing they’re a consequence of the data breach.
No Win No Fee Damages Claims For An East Suffolk Council Data Breach
You might think making a council data breach claim could mean you lose money on solicitor’s fees. However, we can reassure you that our solicitors don’t charge fees for their work unless you receive compensation. That’s the beauty of a No Win No Fee service.
A solicitor would review your case. If they are happy to continue, they’ll send a Conditional Fee Agreement (CFA) to you. (A Conditional Fee Agreement is a formal term for No Win No Fee agreement.) This will show what your solicitor should achieve before they can charge you for their work.
Within the CFA, you’ll notice a success fee listed. Rather than you having to send funds to pay your solicitor, they’ll deduct the success fee (a percentage of the compensation) from any settlement you receive. To protect you, success fees are capped by law.
How To Find The Right Person To Handle Your Case
By calling our advisors, you could be connected to one of our specialist data breach solicitors if your claim is strong enough. Our solicitors have solid experience and are registered with the Solicitors Regulation Authority in England and Wales.
To save time and make our service efficient, we don’t need you to visit our solicitors’ offices. Instead, they can conduct claims over the phone, online and by email. Don’t worry, though, you’ll receive regular updates from your solicitor throughout the claims process. To make everything a little less stressful, our solicitors offer a No Win No Fee service for every claim they handle.
To find out more about our services please get in touch. Alternatively, please feel free to read some of our reviews.
Talk To A Claims Expert
If you have found this guide on claiming for a council data breach helpful, and you have evidence of a justifiable claim, why not get in touch to discuss your case? To contact us you can:
- Call our advice line on 0800 073 8804 for free claims advice.
- Ask an online advisor to explain your options using our live chat.
- Send us an email to email@example.com outlining your claim.
- Request a call from a specialist by completing our claim online form.
When you call, your case will be reviewed for free by a specialist advisor. If they believe it has the grounds to continue, they could connect you with our No Win No Fee data breach lawyers.
Where To Find Out More
As we are nearing the end of this guide, we have added some further resources and similar guides that you might find useful.
Subject Access Requests – This guide explains what information should be provided by organisations when you ask for copies of your data.
No Panic – A UK charity that helps those who suffer from anxiety-related disorders.
Local Government And Social Care Ombudsman – A service that can be used to escalate complaints that are not resolved by local councils.
Lost Medical Records – Information on when you could claim if your medical records are lost.
How To Report Data Breaches – This guide reviews when data breaches should be reported to the ICO.
Post-Traumatic Stress Disorder – Advice on claiming for suffering associated with PTSD.
Other Guides You May Find Helpful
- Brentwood Borough Council
- Solicitors Lost My Medical Records – Can I Claim?
- Sickness At Work Data Breach Compensation Claims
- The Police Sent My Personal Data To Someone Else, Can I Claim?
- Foster Care Data Breach Claims
Frequently Asked Questions About Protecting Your Data
To finish our guide on what you might do after a potential data breach at East Suffolk Council, we have supplied answers to some frequently asked questions.
Does a criminal action need to have happened?
Not all data breaches result from criminal activity. In fact, some aren’t even caused by deliberate actions. Any data breach could result in a compensation claim if it has caused you to suffer financial loss or psychological harm and it was a consequence of a council’s positive wrongful conduct in relation to protecting your personal information. That includes breaches that are accidental.
Do I need to report the breach to the authorities?
If you wish a data breach to be investigated, you can inform the ICO about it. Before you do, you should report it to the organisation involved as per their complaints procedure. An ICO report is not always needed to make a successful data breach claim but it could help clarify what happened.
Will the council notify me of a breach?
When a council identifies a data breach has occurred, they are obliged to tell those who might be put at risk by it. This should be done without undue delay. You may be told in writing or by email.
What evidence do I need?
To make a successful data breach claim, you will need evidence to show how you have suffered. This could include medical records for psychological injuries or bank statements to show monetary losses. Additionally, if you have received a letter confirming the data breach occurred, this could be used as evidence as well.
Thank you for reading our guide on what to potentially do following an East Suffolk Council data breach.
Written by Hambridge
Edited by Victorine