Hartlepool Borough Council Data Breach Compensation Claims Guide – How Much Compensation Can I Claim?
Data Breaches In Local Government
Welcome to our guide exploring what could happen in the event of a potential Hartlepool Borough Council data breach. If your personal data was compromised and caused you to suffer either mental or financial harm due to the council failing to comply with data protection laws, you could make a data breach claim.
The Data Protection Act 2018 enacted the General Data Protection Regulation (GDPR) into UK law. This was done to provide data subjects with more protection and rights over how their data is handled. The UK GDPR sits alongside the Data Protection Act.
The UK GDPR incorporates seven core principles that organisations should focus on in their data protection procedures. One of these principles stipulates that organisations must have a valid reason for processing your personal data.
Failing to do so could result in action from the Information Commissioner’s Office (ICO). This is an independent body in the UK that enforces data protection laws and takes enforcement action against those who fail to comply.
As part of their powers, they can issue fines to organisations or councils that breach data protection. However, they don’t have the power to award compensation. In order to do this, you must make a data breach claim.
For more information, contact our expert team of advisors on 0800 073 8804. Otherwise, continue reading our guide to find out more about your individual rights under the GDPR.
Select A Section
- A Guide To Compensation Claims For Hartlepool Borough Council Data Breaches
- Cyber Security Attack And Data Breach Statistics
- What Is A Hartlepool Borough Council Data Breach?
- How Does GDPR Affect Local Government?
- Types Of Data Security Breaches
- Data Breaches Within Social Services And Tenancy Documents
- What Happens If I Report A Data Breach To The ICO?
- How Does The Process Of Making A Claim For A Data Breach Work?
- Quantifying Data Breach Damages
- Personal And Hartlepool Borough Council Data Breach Calculator
- No Win No Fee Solicitors For A Hartlepool Borough Council Data Breach Case
- Finding A Lawyer For A Data Leak Case
- How Could We Help You?
- Similar Data Security Breach Articles
- Frequently Asked Questions By Claimants
Local councils reported 700 data breaches to the ICO in 2020. The types of breaches were not specified; however, any type of breach could have detrimental effects on people’s lives. For instance, they could have an impact on their mental health and financial stability.
However, in order to hold a valid claim, three criteria need to be met:
- The organisation/local authority did something wrong in regards to their data protection responsibilities
- Their wrongful actions led to a data breach
- This led to a data subject suffering financial or psychological harm (or both)
If you’re unable to determine whether a council was liable, our guide will explore examples of how an organisation’s failings could cause your personal data to become compromised.
Additionally, we’ll look at the different types of evidence you will need and how they can help you to build a strong case.
We understand the process sounds complex and you may be feeling overwhelmed. For that reason, we’ll explore how a solicitor could benefit you and a way you can avoid upfront costs usually associated with legal representation.
Don’t forget, you can call our team at any point using the number above and they can answer your questions.
If an organisation or council faces a cyber attack or breach, it’s important that they take steps to prevent it from happening again. According to the Cyber Security Breaches Survey 2021, 62% of businesses that participated in the survey took action to prevent further breaches.
The graph below looks at the actions some businesses took after they experienced a data breach. As you can see, 36% of businesses took no action.
The figures are provided by the government survey.
A council data breach involves a local authority losing, destroying, accessing, altering or disclosing your personal data without authorisation. This can happen either accidentally or deliberately by someone inside or outside the organisation.
- Conservative party £10,000 for sending unsolicited marketing emails
- Hertfordshire County Council £100,000 for a fax error that led to personal data being disclosed
- Hampshire County Council £100,000 for failing to take appropriate measures to prevent the unauthorised processing of personal data
The fines that the ICO issued aren’t related to any compensation that may have been claimed in addition.
However, if a council fails to have a valid reason for processing or doesn’t follow the seven principles in the UK GDPR, you may be entitled to seek compensation if you have suffered some form of loss.
The UK GDPR applies to all parties involved in the processing of personal data. This includes, for example, councils. Councils need personal information in order to provide services, but should also ensure they protect that personal data.
This can include implementing data protection procedures that incorporate the seven core principles of the UK GDPR. Additionally, in order to process data, they need to have a lawful reason to do so.
The lawful basis an organisation uses will depend on its purpose for processing. This could include one of the following six lawful bases mentioned in the UK GDPR:
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
Additionally, they don’t have to have more than one but if it’s found they could have achieved their purpose without processing then the lawful basis won’t apply.
Local authorities and councils should adhere to this. However, if they don’t you could put forward a complaint to the ICO who may investigate your claim further.
Every data breach is unique and could result in your personal data being compromised in various ways by different departments. Each department could hold a variety of personal data relating to you.
For instance, the housing department could hold personal information such as your name, address, a picture of you or your email address.
Alternatively, other departments could hold personal data that may lead to someone identifying you with other information. For instance, your passport number or driving licence.
No matter what type of personal data they hold about you, every department that the council oversees should ensure they adhere to data protection law when using personal data. A few examples of how their failings could breach personal data privacy include:
- Posting a letter containing personal information to someone’s old address, despite having the correct one on file, where someone accesses it.
- Failing to update passwords leading to an ex-council employee being able to access databases to obtain personal information for personal use.
- Not having appropriate cyber security on the Council Tax payment website leading to a hack that causes people’s payment details to be accessed.
- Staff data such as private medical details being disclosed to other members of staff without their consent or another lawful basis.
- The local authority publically sharing identifiable information about people who made complaints about neighbours without a lawful basis.
If the data processor’s failings lead to a third party accessing someone’s identifiable data unlawfully, it could lead to identity theft which could become an ongoing issue.
This guide on what you could do after a potential Hartlepool Borough Council data breach aims to provide information to help you. However, if you have unanswered questions, why not reach out?
The council also has the responsibility of overseeing social services for children. In this instance, they could hold extremely sensitive data that they should take care to protect. Failing to do so could result in the following incidents:
- A social worker leaving unsecured files on the train containing personal information about families they’re appointed to.
- Failing to encrypt sensitive information about adoption cases leaving them vulnerable to hacking.
In addition, the housing department could:
- Fail to store physical scans of tenancy documents in a locked cabinet making them easily accessible to unauthorised persons.
- Not encrypting passport data on an unsecured system so that unauthorised persons can access it.
- Cause a rent statement data breach by sending them to the wrong people despite having the correct addresses on file.
Whether you’ve experienced a data breach over rent statements, an email data breach or social services data breach, if it was caused by the council’s failings you could contact the council directly. See below for the process of making a claim.
Following a council data breach, there are a few avenues you could take. If you want to make a complaint to the ICO, you first need to contact the council. This can allow them to confirm the breach or bring it to their attention if they weren’t already aware.
Furthermore, it can provide them with the opportunity to resolve the issue and take preventative action for the future.
Alternatively, if you are unable to resolve the issue between you and the council, you could report your complaint directly to the ICO.
However, you must report your concerns to the ICO in a timely manner. You shouldn’t wait longer than three months after the final meaningful response from the council. Failing to do so could result in the ICO having more difficulty accessing evidence in an investigation.
The process of making a data breach claim will involve obtaining evidence to support your case. Although you aren’t obligated to contact the council or the ICO to put forward a claim, it can be beneficial evidence.
For instance, the emails or letters between you and the council could provide:
- Proof of a data breach affecting you
- The actions the council did or didn’t take to rectify the situation
Additionally, if the ICO decides to investigate, any reports that come from their investigation could help support your claim.
However, if you feel you would rather avoid this process, you can seek legal advice from a solicitor to help you seek compensation. Speak to our team for further details.
The UK GDPR gives any data subject affected by a data breach, caused by an organisation’s failings, the right to seek compensation for the mental or financial damage they’ve suffered.
This could be in the form of material damage which could compensate you for losses of a financial nature that were caused by the breach. They also cover you for any ongoing financial issues that could occur in the event that your bank details or identity has been stolen, for example.
Additionally, if you’ve been the victim of any psychological damage because of the personal data breach, you could claim compensation for this under non-material damage. For instance, the data breach may have caused issues with stress, anxiety, sleep or issues with building trusting relationships.
However, you should be aware that in order to seek compensation for either damage, you must have evidence. This could include medical evidence consisting of doctors records or an independent report that highlights the extent of your condition.
Additionally, it could include receipts and bank statements to highlight any monetary losses.
Previously, you couldn’t put forward a claim for psychological damage caused by a data breach without also claiming compensation for financial damage. However, this changed after the Vidal-Hall and others v Google Inc  Court of Appeal decision.
Now, you’re able to claim solely for psychological injuries. For that reason, we have been able to create the compensation table below to give you an estimate of how much your claim for non-material damage could be worth.
|Type of Psychological Damage||Nature of the injury||Compensation Award|
|Post-Traumatic Stress Disorder (PTSD)||A moderately severe impact on all aspects of a person's life due to symptoms of hyper-arousal such as breathing and heart rate. However, there will be some recovery with professional help.||£21,730 to £56,180|
|PTSD||The person will have moderate problems similar to the above that may continue but for the most part will have recovered.||£7,680 to £21,730|
|PTSD||Some minor symptoms may continue to be a problem but the person will have mostly recovered within a couple of years.||Up to £7,680|
|Psychiatric||Severe problems with regards to work, education and general day-to-day life. The claimant would have a poor chance of improving.||£51,460 to £108,620|
|Psychiatric||Significant problems that may impact the person's friendships or family relationships and other people they come into contact with. There will be a better chance of improvement.||£17,900 to £51,460|
|Psychiatric||The person will be less severely affected by similar problems to above such as sleeping or daily activities and will see significant improvement.||Up to £5,500|
The figures are from the Judicial College Guidelines, a document that can be used to help value injuries. However, it’s important to be aware that these figures are only related to compensation for psychological damage and could vary depending on the specific nature of your case.
Additionally. the amount awarded will depend on how serious the data breach was and how it impacts you.
To find out how your claim might be valued, why not get in touch with our advisors?
Are you concerned about the costs that are usually associated with legal representation? If so, the option of a No Win No Fee agreement could help you.
This type of agreement could help you avoid any upfront costs usually required to fund solicitors. In addition, you wouldn’t have to pay any ongoing solicitor fees. Furthermore, if your case fails to succeed, you won’t be required to pay solicitor fees.
If the solicitor representing your case is successful, a fee will be deducted from your compensation package. However, this is a small, lawfully capped percentage. Additionally, you will be informed of this before your claim begins so will have the chance to agree on the fee first.
If this is something you feel you would benefit from, our advisors could help by appointing one of our solicitors to your case. Each of them works on a No Win No Fee basis and has experience
Find out whether you’re eligible by speaking to a member of our team on the number at the top of the page.
We are aware that finding a solicitor you trust can be a difficult process.
However, finding the right solicitor means you have access to someone experienced in the claims process. They can help advise you throughout the sometimes complex process.
We believe that you should understand the experience a solicitor has had prior to handling your case. This can ensure that they are the right fit for you. For that reason, our review page could help narrow down your search.
If you hold a valid claim, our advisors could connect you with our solicitors to represent your case on a No Win No Fee basis. See below for how you can connect for further help and advice.
We hope you’ve found the information you needed in our guide. However, if you have questions, our advisors can help. Additionally, there is no obligation for you to put forward your claim with one of our solicitors if you’re not ready to do so.
So no matter if you just need some further clarification or you’re ready to start your claim, why not get in touch?
- Phone us on 0800 073 8804
- Send us your enquiry by contacting us online
- Live chat gives you the opportunity to get instant advice
This government guide provides further details on the role of the Data Protection Act 2018.
See this local government website for more information on the UK GDPR.
Visit the ICO website for more information on the action they have taken.
See our guide for further information on claiming data breach compensation.
Has your personal data been lost? If so, our guide could help you understand what your rights are.
Did someone access your medical records without authorisation to do so? If so, see our guide for more help.
The following section will explore more about making a data breach claim.
What is a data breach claim?
This is the process of making a claim after you’ve experienced financial or psychological damage as a result of an organisation’s wrongdoings.
How long do you have to start your claim?
Generally, you will have 6 years or 1 year if your human rights are involved.
How long could your claim take?
This can depend on various factors such as whether further evidence is required to support your claim.
When are you eligible to claim damages?
A valid claim consists of an organisation doing something wrong which leads to a breach of your personal data privacy and causes you to suffer monetary or mental harm.
Thanks for taking the time to read our guide on the process to take following a Hartlepool Borough Council data breach.
Written by Mitchell
Edited by Victorine