Hereford City Council Data Breach – Compensation Claims Guide
My Private Data Was Shared By The Local Council, Can I Claim?
This guide explores what you could do following a data breach at Hereford City Council.
It’s hard not to have noticed that in recent years the UK General Data Protection Regulation (or UK GDPR) has been launched. Along with the Data Protection Act 2018, it is designed to allow more control of how your personal data is used. The Information Commissioner’s Office (ICO) is an independent authority that has been given powers to investigate breaches of these laws. While it can fine a company for breaking the rules, it can’t award compensation for any suffering caused. Therefore, this guide will explain how to claim for a data breach.
It’s important to state that data breaches alone don’t give you the grounds to claim compensation. However, data breaches that are caused by the company’s security failings could lead to claims. You must also have been harmed financially or mentally because of it. That could include psychological injuries like anxiety or stress. You could also claim if the data breach has caused you to lose any money. As we continue, we’ll explain when data breach compensation might be possible and how much you might be awarded.
Legal Expert can help if you’re considering claiming. We provide a telephone consultation to discuss your claim. You’re under no obligation to make a claim but we’ll give you free legal advice on your options. If your case is strong enough, we could connect you with our No Win No Fee data breach solicitors
If you would like to start the claims process, why not call us today on 0800 073 8804? Alternatively, please read on to learn more about claiming for a Hereford City Council data breach.
Select A Section
- A Guide On Claiming For Personal Information Lost In A Data Breach At Hereford City Council
- UK GDPR And Data Breach Statistics
- What Is A Data Breach At Hereford City Council?
- What Is The UK GDPR And Who Does It Apply To?
- Breaches In Personal Data Held By A Council
- Family, Community, Social And Housing Service Data Protection Breaches
- Who To Report A UK GDPR Breach To
- Steps To Take If Impacted By A Personal Data Breach
- How Payouts Are Calculated
- Data Breach At Hereford City Council: Compensation Payout Calculator
- No Win No Fee Damages Claim For A Data Breach At Hereford City Council
- Why Choose To Claim Through Our Expert Team?
- Getting In Contact With Us
- Other Guides And Services
- Answers To Your Common Questions
A Guide On Claiming For Personal Information Lost In A Data Breach At Hereford City Council
Whatever you do these days, you are likely to be asked about your data sharing preferences. That’s the case when you shop online, book a doctor’s appointment, register with a library or join the council’s housing waiting list. The reason that happens is that the UK GDPR requires organisations to tell you (the data subject) how and why your personal data is to be used. On many occasions, they’ll also need to ask your permission.
Personal data or personal information is the kind that can help identify you. For example, your name, address, and a photograph of you would be personal information.
While the speed of getting objectives done is a lot quicker because of data sharing, there is also some associated risk. That’s one reason the data protection laws were introduced. They give you some more control when it comes to how your personal information is used. In certain instances, you can say who it can be shared with, what it can be used for and when it should be deleted.
Local authorities would be a lot less functional if they couldn’t process personal data about their clients. However, because of the rules, they need to take steps to keep the data as secure as possible. Where they fail to do so, you could claim compensation if a breach occurs and you’re harmed financially or mentally because of it.
Importantly, data breach claims have varying time limits depending on their circumstances. That means you’ll need to act swiftly because you will need time to gather evidence to support your claim. It is worth checking with our advisors how long you have to claim. They can do this for free for you.
UK GDPR And Data Breach Statistics
It’s quite easy to think that personal data breaches aren’t all that common. However, since the UK GDPR has been introduced, most breaches need to be reported to the ICO. This means that, in time, there should be better data protection practices. It also means that we have access to statistics regarding the frequency of data breaches.
In the latest ICO data security report (1st April 2021 – 30th June 2021), the most common data breaches in local government were:
- Personal data sent in emails to the wrong person (40 cases).
- Personal data faxed or posted to an incorrect recipient (36).
- Not redacting personally identifiable information (35).
- Unauthorised access (non-cyber) (15)
- Leaving paperwork in insecure locations, it being stolen or losing it (13).
Other non-cyber incidents were recorded as 53 cases.
What Is A Data Breach At Hereford City Council?
Personal data breaches are security instances that result in personal data being lost, changed, disclosed, accessed or destroyed in ways that are unlawful. They can be accidental or deliberate.
Importantly, you can’t simply claim because a data breach has occurred. You must also be able to show that the breach was caused by the council’s positive wrongful conduct and it harmed you. This could mean that you lost money after your personal data was exposed. Also, you could claim if the breach resulted in you suffering psychologically: from anxiety, stress or a worsening of symptoms of Post-Traumatic Stress Disorder (PTSD), for example.
You should also bear in mind is that breaches caused by criminal actions won’t automatically entitle you to claim. You must also show that the council’s actions (or lack of action) allowed the criminal to carry out their crime. For example, if a burglar gained access to your personal information because filing cabinets were left open in an unlocked room, you could be entitled to claim if you suffer as a consequence.
What Is The UK GDPR And Who Does It Apply To?
The rules of the UK GDPR apply to bodies, such as organisations or councils, that collect or process personal information. That means local authorities should adhere to its rules. Importantly, before starting any project, they must check if there is a lawful basis for processing personal information. This won’t be possible if the same outcome can be achieved without using such data.
Also, the council should be able to show how it complies with the following principles of the UK GDPR (accountability):
- Processing personal information should be legal, obvious and fair.
- Personal data should only be processed for specified, explicit and legitimate reasons.
- All personal data should be accurate and up to date.
- Only a minimal amount of data should be processed.
- Security of personal data is required.
- Personal information should never be kept longer than necessary.
Breaches In Personal Data Held By A Council
Something that’s worth bearing in mind is that not all data breaches are caused by criminal or deliberate actions. Accidental data breaches could also lead to a compensation claim. In the list below, we’ve detailed some scenarios that could result in you taking action.
- Where devices such as laptops that have no security and contain personal data are lost or stolen.
- If you are named and your case is discussed within earshot of unauthorised parties who don’t have a lawful reason to hear it.
- When a letter or email containing identifiable personal information is sent to the wrong person who, though they don’t have a lawful reason to, accesses it.
- Where council staff work in publicly accessible areas and an unauthorised person reads personal information about you on their computer without a lawful reason to.
- If physical documentation is not destroyed securely and personal information about you makes its way into the public domain where it is accessed unlawfully.
Where the council becomes aware of a breach, you should be told about it without undue delay if it puts your rights and freedoms at risk. If you receive such a communication, please retain it as it could be used as evidence to support your case.
Family, Community, Social And Housing Service Data Protection Breaches
Many different departments within a local authority might hold personal data about you. We are not able to list them all here but have supplied some examples below:
- Tenancy agreements or rental statements held by the housing department could contain your contact details, property address and bank details.
- Social services records would hold personal information about social care clients.
- Planning departments could hold your contact details if you’ve complained about a development.
- Copies of your ID could be held by the council if you’ve applied for housing or other services.
If some of this information got into the wrong hands, it could be embarrassing or cause anxiety. Furthermore, used by criminals, it could result in you suffering financially.
This guide on what could happen after a data breach at Hereford City Council aims to help you. However, if you are aware of a data breach that’s affected you psychologically or financially, please call our advisors today.
Who To Report A UK GDPR Breach To
As we have mentioned, the ICO enforce data protection laws such as the UK GDPR. Before you contact them, though, you will need to register a complaint with the council involved first.
The response may include details of how to escalate the complaint if you don’t agree with the council’s findings. After you have raised the matter but have not received a satisfactory result, you can contact the ICO. This should be done within 3 months since you last heard anything meaningful about your complaint from the council.
If you wait any longer to raise the complaint, the ICO’s decisions on the matter might be impacted.
While the ICO can investigate data breaches, you don’t always need to involve them when claiming compensation. Sometimes, a local authority might agree to compensate you once your solicitor has supplied them with evidence. Therefore, we’d suggest contacting us in the first instance. If a solicitor agrees to work for you, they can advise on whether you should contact the ICO or not.
Steps To Take If Impacted By A Personal Data Breach
So, if you do wish to claim for a data breach, we suggest that you:
- Gather documentation and evidence that could support your claim. This might include emails or letters from the council about the incident. It could also include medical records or financial documents detailing your suffering.
- Give our advisors a call to see if you have the grounds to claim compensation.
How Payouts Are Calculated
Claiming compensation for a data breach isn’t as easy as you’d hope. There are different elements that must be considered and you also need to take into account any future suffering as well. According to the ICO, claims can be split into two parts:
- Material damages – for any money that you have lost due to the data breach.
- Non-material damages – if you’ve suffered stress, anxiety or other psychological injuries due to it.
Material damages can include any expenses, costs or monetary losses the data breach causes. For example, if a criminal steals from your bank account after committing identity theft because they were able to access enough personal information in a data breach, you could claim that money back.
Similarly, if a doctor has diagnosed that you’re suffering from depression because of the breach, that could be claimed for as well. This would fall under non-material damages.
That’s not all, though. As part of the claims process, you would attend an independent medical assessment. This is so a specialist can review how you’ve suffered and provide a prognosis for the future as well. If they believe you’ll suffer for, say, the next 2 years, this would be factored into your claim.
The independent medical professional would create a report from the assessment. One of the report’s purposes is to prove that your injuries were caused or exacerbated by the data breach. If you use the services of a solicitor, they could also use the report to value your injuries.
Our belief is that it is in your interests to have a legal specialist on your side when claiming. If our solicitors work for you, they’ll try to fully understand how you’ve been affected before submitting your claim. By doing so, they could improve your chances of receiving a fair level of compensation.
Data Breach At Hereford City Council: Compensation Payout Calculator
We are now going to consider what amount of compensation could be awarded for non-material damages. You should use the amounts listed in our compensation table for guidance only at this point. That’s because, as mentioned earlier, payment amounts will vary based on the severity of each injury. If you decide to ask for a free case review, an advisor would supply a more personalised compensation estimate.
The case Vidal-Hall and others v Google Inc  was heard at the Court of Appeal. The Court held that claimants are allowed to seek damages for any psychological injuries caused by a data breach. This is true even where no monetary loss has occurred. Before this case, you had to claim financial losses in order to seek compensation for mental harm too.
If compensation is awarded, the amount should be based on levels paid in personal injury cases. As solicitors and insurers may use the Judicial College Guidelines to determine compensation figures in personal injury claims, we have used the same figures in our compensation table below.
|Type of Injury||Severity Level||Notes||Potential Settlement Range|
|PTSD||Very severe||Very serious symptoms associated with PTSD which has a negative impact on the claimant's ability to lead a normal life or work. Relationships are affected as well.||£56,180 to £94,470
|PTSD||Moderately severe||Moderately severe PTSD symptoms. The overall impact is less serious than above.||£21,730 to £56,180|
|PTSD||Moderate||Moderate symptoms. A full recovery is expected with the right treatment.||£7,680 to £21,730|
|PTSD||Less severe||Less severe PTSD symptoms. The claimant should make a reasonably full recovery within two years.||Up to £7,680|
|Psychological damage||Very severe||Severe psychological harm. The amount of compensation will be based on whether the claimant is able to work, how their lives have been affected, and whether their relationships suffer.||£51,460 to £108,620|
|Psychological damage||Moderately severe||Moderately severe psychological harm. The prognosis is more positive than above.||£17,900 to £51,460|
|Psychological damage||Moderate||Moderate symptoms with marked improvements and a good prognosis.||£5,500 to £17,900|
|Psychological damage||Less severe||Less severe symptoms and is expected to make a full recovery over time.||Up to £5,500|
Would you like to know how much data breach compensation you could be entitled to? If so, why not speak with us today?
No Win No Fee Damages Claim For A Data Breach At Hereford City Council
It is quite common for claimants to decide not to take action because they’re worried about solicitor fees. However, that could mean missing out on the compensation you’re entitled to. That’s why our solicitors provide a No Win No Fee service for all cases we take on.
When you get in touch, your case will be reviewed for free. If a solicitor agrees to work for you, they’ll give you a Conditional Fee Agreement (the formal term for a No Win No Fee agreement). This will explain what needs to be achieved before you need to pay the solicitor anything.
Within your contract, you’ll see details of a success fee. This is a small, fixed percentage of the compensation you receive that will be deducted to cover your solicitor’s work. You only have to pay this if your case is won. Additionally, it’s capped by law.
Why Choose To Claim Through Our Expert Team?
We hope that the information we’ve provided so far has shown how we can help you make a data breach claim.
Our data breach solicitors have solid experience representing clients. Importantly, all of them are registered with the Solicitors Regulation Authority. That means you can rely on their professionalism and a quality standard of work.
To make our service efficient, our solicitors don’t ask you to visit their offices. Instead, they deal with everything remotely via the phone, by email and online: whatever’s best for you.
If you are thinking of claiming for a data breach, why not call us today? We review all cases on a no-obligation basis and give free legal advice whatever you decide to do.
If you’d like to know what others have said about our solicitors, then please take a look at some reviews.
Getting In Contact With Us
We hope that the information we’ve supplied about what you could do after a data breach at Hereford City Council has helped. If you would like to discuss your options with us, you can:
- Call one of our specialist advisors on 0800 073 8804.
- Use our live chat to discuss your claim.
- Email email@example.com to let us know that you’re interested in claiming.
- Request a call from a specialist using this online enquiry form.
Other Guides And Services
If you are going to claim, the following guides might prove useful.
Accessing Your Medical Records: Information from the NHS on how to request copies of your medical records.
Reporting Data Breaches: ICO guidance on when and how to tell them about a UK GDPR data breach.
About Anxiety: This guide from a UK charity explains what anxiety is and how it can be treated.
And here are some similar guides that may help in the future:
Bank Data Breaches: Information on the claims process if you’ve suffered following a banking data breach.
Employer Data Breaches: Details of how to claim if your employer breaks the UK GDPR’s rules.
The Blackbaud Data Breach: A look at a data breach that affected many UK charities and higher education establishments.
Answers To Your Common Questions
In this final section of our guide, we have added some frequently asked questions and answers relating to the UK GDPR.
What impact does the UK GDPR have on breaches?
Since the UK GDPR has been introduced, all data breaches need to be reported to the Information Commissioner’s Office. If they believe laws have been broken, they can issue fines.
What can you do if someone breaches GDPR?
If you believe somebody has broken the rules of the UK GDPR, you can complain to them. If the incident has caused you to suffer, it could entitle you to claim compensation. Although you could ask the ICO to investigate the matter, you would need to take your own legal action if you wish to be paid compensation.
What are my rights if my data privacy has been breached?
You have the right to seek compensation from any organisation that has broken data protection laws and exposed your personal information. You could claim for lost money (material damages) or any distress you’ve suffered (non-material damages). Importantly, the ICO may confirm the law has been broken but they cannot issue compensation to you directly.
What are the requirements of GDPR?
In brief, the 7 principles of the UK GDPR are 1) Fairness, transparency and lawfulness; 2) Limited purpose; 3) Minimal data; 4) Accuracy; 5) Storage limitation; 6) Security (confidentiality and integrity); 7) Accountability.
Thanks for visiting today and reading our guide on what you could do following a data breach at Hereford City Council.
Written by Hambridge
Edited by Victorine