Guildford Borough Council Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Guildford Borough Council Data Breach – Compensation Claims Guide

When Could You Claim For A Data Breach At Guildford Borough Council?

We are going to explain what harm could be caused by a Guildford Borough Council data breach in this guide. We’ll also consider when you could be compensated for that harm.

As you probably know, the General Data Protection Regulation (GDPR) is now in force. It passed into law when the Data Protection Act 2018 was enacted. Together, these laws, and others, are governed by the Information Commissioner’s Office (ICO) and are designed to give you (the data subject) better control over how your personal data is used. They also mean that data controllers (such as borough councils) must try to protect personal information and keep it secure.

Guildford Borough Council data breach claims guide

Guildford Borough Council data breach claims guide

If a data breach at Guildford Borough Council were to occur, you could suffer from stress, anxiety, embarrassment and even Post-Traumatic Stress Disorder (PTSD). Furthermore, data breaches can cause financial problems too. It is these things that you could seek damages for and Legal Expert could help you do so.

Our team of specialist solicitors have been representing clients for around 30 years. They provide a No Win No Fee service for all accepted claims which makes everything a little less stressful.

To find out if you have a valid claim, why not call for a no-obligation consultation and free legal advice. Our helpline number is 0800 073 8804.

You can also write to us about your claim online, or chat now using the live chat service, bottom right.

If you’d like more information claiming before contacting us, please continue reading.

Select A Section

A Guide About Claims For Guildford Borough Council Data Breaches

As you use websites, apps and other types of technology, you are likely to be sharing information about yourself. However, the ease of sharing does make things much quicker these days. For example, many councils would need you to visit their offices to view rental properties in the past. Now you can simply bid for your choice online.

Now, as you can imagine, councils require personal data about their clients. Without it, providing services would be much more difficult and probably a lot slower. However, since the GDPR was introduced, they need to take precautions to try and stop data breaches from happening. We’ll show you how the GDPR applies to data breaches as we continue. Importantly, if data protection laws are broken by councils, they are not immune from ICO action.  Also, you could claim compensation if they’ve caused you to suffer damage to your mental health or finances.

Throughout this guide, we’ll look at when we could support you with a claim following a Guildford Borough Council data breach. We’ll explain when you’d be eligible to take action and what level of compensation could be awarded.

You should bear in mind that a 6-year time limit applies for data breach claims against private companies. However, where the claim relates to a public body data breach, such as a council, there is a 1-year limitation period. And you may not be aware that your time is running out if it hasn’t already. So, to check how long you have to start a claim, please get in touch with our team.

Frequency Of Breaches In Data Protection

The government has recently released a report based on cyber security data breaches. It is slightly misleading as it covers a lot of the coronavirus pandemic so data breaches fell naturally.

However, the result of the study found that in the year ending March 2021:

  • 26% of charities had been affected by data breaches as had 39% of businesses.
  • 27% of businesses and 23% of charities experience cyber security or data breaches weekly.
  • Phishing attacks make up the majority of cases (83% for businesses and 79% for charities)
  • 1 in 5 organisations surveyed lost money as a result of the breaches

As you can see the threat is real. Organisations are all too aware of this and should be taking steps to secure our data.

What Is A Guildford Council Data Breach?

When personal information is accessed illegally, destroyed, lost, changed or disclosed to unauthorised parties, a data breach will have happened. However, that is not enough grounds for you to begin a compensation claim.

As well as the breach occurring, you will need to explain how you have suffered as a result. The types of harm that you might be allowed to claim for include financial losses (including expenses) as well as any psychological injuries.

Something else to bear in mind is that if a local authority has done nothing wrong but is attacked by hackers, you might not necessarily be able to claim regardless of whether you’d suffered because of any subsequent breach. However, if the council had failed to update its security software, allowed out of date machines onto its network or did something else that allowed the breach to happen, you could claim.

We can help with issues relating to a Guildford Borough Council data breach. Please call today if you have evidence that you’d like us to examine.

GDPR Compliance And The ICO

If information is stored in a computer system or a paper-based filing system, it is likely to be covered by the rules of the GDPR. That means that if a council decides to process such data, there must be a lawful basis for doing so. Processing data means any action that’s taken with personal information such as storing, deleting, sharing, reading or dissemination.

Importantly, councils should try to achieve the same outcome, where possible, without using personal information. However, if they must use personal data, a lawful basis for doing so can be established by:

  • Telling the individual why data is required and then asking them to consent to its use.
  • Using personal data to fulfil a contract. For example, your personal information may be processed when dealing with your rental agreement.
  • Where a legal obligation exists to process personal information.
  • Using personal information to carry out a public task that is in the public’s interest.
  • If the local authority believes there is a risk to life, information can be shared on the basis of vital interests.
  • A council could have a legitimate interest to process personal data in a way that would be reasonably expected by the data subject.

When a lawful basis for using personal data is established, data controllers must still only process the minimum amount possible to achieve the required outcome.

Types Of Data Breaches In Local Government

In this section, we are going to look at what could cause a data breach at Guildford Borough Council. We should state that it’s not just deliberate or illegal actions that you could claim for. Accidental data breaches may also result in a claim being made. However, it will need to be proven that the council should have taken steps to prevent the breach.

Here are some examples:

  • If a social services worker discusses your case in earshot of other members of the public. For instance, if they say your name and discuss you in a public waiting area. This also applies to the likes of social media posts shared publically.
  • Where unencrypted devices like laptops containing personal data are left on public transport.
  • If an email or letter containing personal information is sent to the wrong address.
  • Where documents end up in the public domain because they were not destroyed securely (shredded).
  • If a computer screen with personal information is being used in a public area and the information is seen by others.

Where the council identifies a personal data breach, they should inform the ICO within 72-hours. If data subjects are at risk because of the breach, they should be contacted without undue delay.

Data Breaches At Social Services And Housing Departments

Let’s try to consider what types of documentation councils might hold containing personal data. While we haven’t listed everything here, some common examples include:

  • Scanned copies of documents you are required to provide during the identification process when applying for council services. This could include scanned driving licences or passports.
  • Tenancy agreements will likely contain your personal information plus data about your home address. It may also include your financial information.
  • Rent statements could include information about you, your property and payment details as well.

If you were made aware that these documents had been accessed unlawfully, it could cause you to suffer. You may be anxious or stressed. There’s also a chance that criminals could use the information illegally if they got hold of it. If that’s the case, and you suffer financially or your mental conditions are diagnosed by a doctor, you could be compensated.

Although data breach claims appear complex, our specialists know the process inside out. For free advice on how you should proceed, please call today.

Where And When Do I Report A Possible Data Protection Breach?

As we have mentioned, the ICO has the power to investigate data protection breaches. So, how do you get in contact with them?

Well, initially, you must try and deal with the organisation you blame directly. In this case, that means writing a formal complaint to Guildford Borough Council and awaiting a response. This could be directed at their data protection officer. If you do not agree with their response, you must escalate the complaint. How to do so should be listed within their reply.

If within 3 months you’ve not heard anything meaningful in response, it may be time to contact the ICO. If they investigate, their report could provide vital evidence to support your case. However, as they can’t compensate you for your suffering, an ICO investigation is not always needed.

If your claim is taken on, one of our solicitors will review what happened. They’ll also consider who was to blame and what suffering was caused by the breach. If there is already enough evidence, they may try to settle the case amicably with the council on your behalf. Where that is not likely to happen, they may advise you to involve the ICO and ask them to look at the matter.

If you’d like free legal advice on your next steps, please call our helpline today.

Steps In The Compensation Claims Process

We will now reiterate the data breach claims process briefly. If you are thinking of claiming, our suggestion is to:

  1. Complain formally to the council and escalate to the ICO where necessary.
  2. Compile any letters, emails or other evidence you might have.
  3. Call our team of specialist advisors for free advice on your situation.

If suitable, we could connect you to our data breach solicitors. If they agree to work for you, you’ll be represented on a No Win No Fee basis. Why not get in touch today to learn more about your position?

How The Effects Of A Data Breach May Be Valued

If you make a Guildford Borough Council data breach claim, you won’t just ask for a certain amount of compensation. Instead, you must justify any claim in full and supply supporting evidence. Two main elements make up data breach claims:

  • Material damage – the compensation that covers the financial side of your claim.
  • Non-material damage – compensation that aims to cover any psychiatric injuries.

For example, victims of identity theft may need to claim back any money stolen by criminals. Similarly, where the GDPR breach has caused you to suffer emotionally, you might need to ask for non-material damage to be paid as well. The claim won’t necessarily end there though.

It is important to consider any future suffering that you might endure because you can only make one claim. Therefore, as part of the claims process, you’ll need a medical assessment. Your solicitor will book this locally with an independent specialist. They’ll consider your diagnosed injuries and also provide a prognosis of whether you’ll continue to suffer. If their report says that you will, then that suffering should be factored into your claim.

It is our opinion that your best chance of winning data breach compensation is by having a specialist lawyer on your side. If you work with us, your solicitor will try to find out exactly how you’ve suffered before filing your claim. Want to know more about how we could help? If so, please call today.

Guildford Borough Council Data Breach – Compensation Payout Calculator

It’s now time to move on and show what compensation could be paid following a Guildford Borough Council data breach. As mentioned above, any financial losses (material damages) will be calculated separately.

Previously, compensation for psychological damage was only possible if you suffered financial harm too. That all changed in the case of Vidal-Hall v Google [2015]. In this case, it was decided that:

  • Compensation must be considered if a claimant has been psychologically injured by a data breach. That’s the case even if they have not lost any money.

In another case—Gulati and Others v MGN Ltd [2015]—the High Court advised that mental damage could be valued with reference to personal injury law.

To show what that means in terms of injuries like anxiety, stress or Post-Traumatic Stress Disorder (PTSD), we’ve added the table below. It shows compensation ranges from the Judicial College Guidelines. This is a document used by legal professionals to help determine personal injury claims amounts.

Claim Severity Level Settlement Bracket Additional Notes
Psychiatric Damage Severe £51,460 to £108,620 This range is for cases where the victim has very serious problems dealing with life and work. They’ll also struggle to deal with relationships, will remain vulnerable and have a poor medical prognosis.
Less Severe To £5,500 This range is for less severe cases and factors such as length of disability and the impact on sleep and other daily activities will be considered.
Post-Traumatic Stress Disorder Severe £56,180 to £94,470 Covers cases where the claimant suffers flashbacks, nightmares and suicidal ideation permanently. All aspects of the victim’s life will be affected and they will not be able to function at anything like previous levels. Their symptoms will mean work is impossible.
Moderately Severe £21,730 to £56,180 With professional help, the prognosis will be better than above although many of the symptoms will be the same.
Less Severe £3,710 to £7,680 Covers cases where the victim has almost fully recovered in a year or two. Only minor symptoms will remain

Please remember, we cannot guarantee these amounts even if you make a successful claim. That’s because each claim is unique and there are many variables that affect any compensation award. To learn more about what you could be entitled to, please reach out on the number at the top of this page.

Claim A No Win No Fee Payout For Your Guildford Borough Council Data Breach

We provide a No Win No Fee service for all claims that we take on. That’s because we know that nobody wants to lose money on solicitor’s fees. Before we can accept your claim, it will need to be reviewed by a solicitor to see if it has a good chance of success.

If you are both happy to continue, you’ll be sent a Conditional Fee Agreement (CFA). A CFA is the formal title of a No Win No Fee arrangement. This will explain what your solicitor has to achieve before they are paid.

Where a claim is won, a small success fee will be paid to your lawyer. This is listed in the CFA and it is a percentage of the compensation you receive. Importantly, success fees are capped by law so you can’t be overcharged.

If the claim isn’t successful, you won’t be obligated to pay any of your solicitor’s fees.

Please call today to find out if you could claim on a No Win Non Fee basis.

Find Legal Advice Or A Solicitor

If you’re wondering why you should use Legal Expert then why not take a look at our reviews to see what others have said about us? Our objective is to try and achieve the highest amount of compensation possible for you. Importantly, we only take on cases that we believe can be won so we don’t waste anybody’s time.

To make our service as efficient as possible, we’ll handle everything online, by email and over the phone. That means you don’t need to waste any time travelling for face to face meetings. As mentioned above, all claims that we take on are funded by a No Win No Fee agreement. Also, we are registered with the Solicitors Regulation Authority meaning you can rely on the quality of our work.

Talk To A Lawyer

We are ready to help if you’d like to discuss a Guildford Borough Council data breach. There are several ways you can reach us, including:

When you call, we won’t put any pressure on you and there is no obligation to proceed. You will always receive free advice about your options.

Useful Links And Resources

In this section, we have supplied some similar guides and resources that you may find useful. Please let us know if you need anything further.

Bank Data Breach Claims – Details on how to claim if a data breach by your bank has caused you problems.

Unauthorised Access To Medical Records – Advice on what to do if you’ve suffered because your medical records were shared unlawfully.

Data Breaches By Employers – Information on claiming if you’ve suffered because your employer has caused a data breach.

Be Data Aware – ICO guidance for individuals on how to keep their personal data safe.

Panic Attacks And Anxiety – Information on the causes and symptoms of anxiety and how it can be treated.

PTSD Overview – NHS information about how Post-Traumatic Stress Disorder is diagnosed and treated.

Council Data Breaches FAQs

To finish off our guide, we have added some FAQs about breaches of the GDPR and the Data Protection Act.

Can children make data protection requests?

The GDPR allows children to make a Subject Access Request (SAR) themselves. That’s providing they are able to understand what they are requesting and the content they will be sent. In many cases, children over the age of 13 are deemed old enough to submit SAR requests. Different organisations may have different approaches to this though.

Could I request another person’s personal information under the Data Protection Act 2018?

Legally, you can only request information from a company about yourself. There is no automatic right to request data about friends, family or others. One exception to this rule is where a child permits a parent to be sent information. Another is where written consent has been granted by a data subject for you to be sent their data.

Can I claim if I think the council breached the DPA?

You cannot simply claim data breach compensation just because the council was involved in a GDPR breach. Instead, you’ll need evidence that shows how the breach caused you to suffer. This might involve financial suffering or psychological injuries including anxiety, embarrassment or stress.

Thank you for reading our guide on claiming for a Guildford Borough Council data breach. If you’d like to begin the claims process, please get in touch today.

Guide by Hambridge

Edited by Billing

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts