Kent County Council Data Breach – Compensation Claims Guide
How To Handle A Kent County Council Data Breach
Welcome to our guide on what you could do after a Kent County Council data breach. You have probably, by now, heard of the GDPR or the General Data Protection Regulation to give it its full name. It was enacted into UK law via the Data Protection Act 2018. Sitting alongside the UK GDPR, it aims to control how organisations (data controllers) use personal information.
These laws are enforced by the Information Commissioner’s Office (ICO) who can issue financial penalties where they are broken. However, the ICO is not involved in personal data protection claims. As a result, we’ve written this guide so you know how to take action yourself.
Your claim could be based on any financial losses caused by a data breach. At the same time, you could claim for any psychiatric injuries that result too. This can include stress, for example, or those that are worsened because of the breach like Post-Traumatic Stress Disorder (PTSD). In this guide, we’ll explain how data breaches could happen. We will also look at what level of compensation might be awarded for certain injuries.
Legal Expert is lucky to have a team of experienced solicitors. They have helped clients with all sorts of claims over the years including personal injury claims and data breach compensation claims. Importantly, they aim to make the claims process easier by offering a No Win No Fee service.
If you can prove you suffered mentally or financially due to a data breach at Kent County Council, why not call today? Our advisors can be contacted on 0800 073 8804 or via live chat. Alternatively, please continue reading to learn more about claiming before getting in touch.
Select A Section
- A Guide To Compensation Claims For Kent County Council Data Breaches
- What Could A Kent County Council Data Breach Be?
- Does The UK GDPR Apply To Kent Council?
- Data Breaches In Council Services
- Privacy In Health And Social Care
- Who To Notify About Your Incident
- Steps To Take When Making Your Claim
- Types Of Damages Included In Payouts
- Valuing Payouts For Kent County Council Data Breach Incidents
- Kent County Council Data Breach: Making A No Win No Fee Claim
- Why Contact Legal Expert About Your Case?
- Get In Touch
- Read More
- Commonly Asked Questions By Claimants
Data processing and data sharing make for efficiency in the modern world. In the past, applying to join a council’s waiting list for a property would’ve involved travelling to their offices, filling in a paper document and then waiting for it to be assessed. Nowadays, you can do this anywhere using a mobile phone.
While this can be beneficial, there is some risk involved in sharing your personal information online. For that reason, the UK GDPR was introduced. It is designed to give better control over what parts of your personal data are used and for what purpose. That’s why when you do just about anything these days, you’ll need to give your permission for the organisation to use your information.
Personal information or personal data is anything that can be used to identify you either alone or in tandem with other information. For example, your name, address or a photograph of yourself would be personal information.
Local authorities couldn’t work very efficiently if they didn’t process personal information about users. But, as a result of data protection laws, they must now implement steps to try and protect that information. If they fail to do that, and it causes a data breach that involves your personal information, you might be able to claim compensation. You’d potentially be able to claim for any lost money or psychological harm caused.
If you do decide to claim, you’ll need to ensure you comply with the time limits. Generally, this is 6 years for claims against privately-owned companies. However, some claims only have a 1-year time limit; these are for claims against public bodies e.g. local councils. Note that various factors could potentially alter the length of the limitation period. So, it’s possible that your claims window is close to ending and you’re unaware. Hence why you should take action sooner rather than later. We can advise you how long you have to claim or answer any other questions if you call our advisors once you have finished reading.
In the 6th annual Cyber Security Breaches Survey, figures show that 39% of respondent businesses suffered cyber security breaches in the 12 months before the survey. In the same period, 26% of charities were also affected.
What’s interesting is that over a quarter of those businesses (27%) said they’d been attacked weekly during the reporting period. Phishing emails were the most common cause of data breaches (83%) with impersonation being the next most common reason (27%).
A personal data breach is where personal information is accessed or disclosed to an unauthorised party or lost, changed or destroyed unlawfully (such as without your permission).
In terms of claiming, a data breach on its own won’t allow you to be compensated. Instead, you’ll have to show how it has resulted in your mental or financial suffering. This might mean that you’ve suffered from depression or you’ve lost money because of the breach.
What’s more, for a council data breach claim, the council will need to have been responsible for it due to their failings. For example, if the council was using an outdated firewall solution that allowed criminals to exploit a weakness, then you could be entitled to make a claim if you suffered financially or psychologically because of it.
We are here to help if you decide that you’d like to claim compensation for a Kent County Council data breach. Please call today for more information.
Councils that process personal information are bound by the rules of the UK GDPR as data controllers. Those rules are relevant for any personal data that is collected or processed on digital systems or paper documents.
When a data controller decides to process personal information, they should first check that they have a lawful basis to do so. This won’t be granted if they could complete the same task without using such information. Additionally, they are bound by the 7 principles of the UK GDPR. In summary, these are:
- Processing information fairly, transparently and legally.
- Only processing information that is necessary and relevant.
- Using personal data for legitimate, specified and explicit reasons.
- Keeping any personal data secure.
- Ensuring personal data is always accurate and up to date.
- Not keeping personal information any longer than it is required.
- Being ready to be held accountable for the way they process data.
If data protection procedures are not followed and these principles are not used, the Information Commissioner’s Office may choose to investigate. Fines could be issued as a result. Alternatively, the ICO may decide to tell the organisation to change how it deals with personal information.
While we can’t possibly list every potential data breach that has ever happened here, we have supplied a few examples of some that have been reported recently. They include:
- A potential breach where a computer error led to rent statements being sent to the wrong recipients in Oxford. Source: https://www.oxfordmail.co.uk/news/19458894.oxford-city-council-apologises-potential-data-breach/
- Where a local authority was sued because a school had given a parents address to an abusive ex-partner. Source: https://www.portsmouth.co.uk/news/crime/mum-of-three-wins-legal-data-breach-fight-against-hampshire-county-council-after-school-in-havant-gives-ex-partner-her-address-3364413
- Where the local authority in Birmingham uploaded details of vulnerable children to its website. Source: https://www.birminghammail.co.uk/news/midlands-news/details-vulnerable-kids-uploaded-birmingham-20217314
Other scenarios could include:
- Losing personal information stored on unencrypted devices.
- Council staff discussing sensitive cases and personal information within earshot of unauthorised parties.
- Leaving computer screens unlocked where personal information is viewable to unauthorised parties.
All data controllers, including councils, need to report data breaches to the ICO within 72 hours. However, they only need to do so if the data breach risks the rights and freedoms of those involved. If your rights and freedoms might be at risk because of the breach, you must also be told about it without undue delay.
Councils also maintain social care services, which means they can be dealing with very sensitive data. As a result, extra care must be taken to protect data about vulnerable clients from being exposed.
For example, personal information may need to be redacted when sharing reports with other organisations. As per the UK GDPR’s rules, when processing such data, only the minimum amount should be used.
Here are some more instances where councils could hold personal information about users:
- Tenancy agreements will usually have the renter’s contact details as well as home address.
- Annual rental statements may contain financial information, personal details and information about any arrears.
- The council may also retain scanned copies of identification documents. This could include passports and other photographic IDs.
If you believe you’ve suffered because your data has been exposed by the council, please call our advisors to discuss claiming today.
The ICO is there to help if you have data protection concerns. However, before approaching them about a data breach at Kent County Council, you would need to:
- Raise a complaint formally with the council. Then wait for their response.
- Follow the instructions on how to escalate the complaint if you’re not happy with the outcome.
- Contact the ICO if you don’t get a satisfactory resolution. You’d need to do this within three months of the council’s last meaningful contact with you. The ICO’s decisions can be impacted if you don’t adhere to this timeframe.
It’s important to realise that ICO reports aren’t always necessary in data breach claims. If your case is taken on by a solicitor, they can review whether an investigation is required. In many cases, especially where the breach has already been confirmed, it may be possible to resolve the claim without involving the ICO at all.
Would you like to know whether our solicitors could help settle your claim? If so, please get in touch today.
So, in summary, to make a data breach claim against a council, we suggest that you:
- Gather documentation to support a claim. This may include letters from the council, medical records and financial statements.
- Contact Legal Expert for a free case review.
If you call, we’ll assess everything and give our honest opinion about your chances of being compensated.
It would be really nice if you could request a certain level of compensation following a data breach and it would be paid. However, cases are never as simple as that. All compensation payments must be justified fully and backed up with evidence. There are two heads of claim:
- Material damages: Where you ask for any costs, expenses and financial losses caused by the data breach to be paid back.
- Non-material damages: These cover psychiatric injuries resulting from the data breach. This could include anxiety or emotional distress, for example.
For material damages, you may claim if you are the victim of theft because your bank details were exposed due to a data controller’s positive wrongful conduct. In this instance, you could ask for any money that’s been stolen from you to be returned as compensation. In a similar vein, you could ask for non-material damages if your doctor has diagnosed that the data breach has caused you to suffer from anxiety.
However, the claim won’t end there in many cases. You will also need to consider whether you’ll continue to suffer in the future. You’d also need to prove that your psychiatric injuries were caused or worsened by the data breach. To help with this, your solicitor would book a medical assessment. In your appointment, an independent specialist will ask a series of questions and may refer to your medical notes. They will then document their findings and offer a prognosis in their report.
Additionally, a solicitor would use this report to help them when valuing your injuries.
Making Data Breach Claims
It is vital to make sure everything is included in your claim as you can only request compensation once. As a result, we suggest taking on legal representation with your claim so that you can relax and let your solicitor do everything for you. Our data breach solicitors will always work hard to try and secure the correct level of compensation in all cases. Please call today if you’d like further details.
If you came here to find out how much compensation could be paid for a data breach at a council, then this section may help. Although we can’t provide exact figures, the table below has some example compensation ranges from the Judicial College Guidelines (JCG). These guidelines are used by legal professionals as an aid to valuations of injuries.
We use these figures because, in Vidal-Hall and others v Google Inc , the Court of Appeal held that claimants can seek damages for psychological injuries caused by data breaches. This is the case whether money has been lost or not. It wasn’t possible to do this before.
Any settlement should be calculated for such injuries using the amounts paid in personal injury claims.
|Injury Claime||Settlement Range||Additional Notes|
|Psychiatric Injuries||£51,460 to £108,620||Severe|
|£17,900 to £51,460||Deemed moderately severe|
|£5,500 to £17,900||Moderate symptoms|
|Up to £5,500||Less serious symptoms|
|PTSD - Post-Traumatic Stress Disorder||£56,180 to £94,470||Severe|
|£21,730 to £56,180||Deemed moderately severe|
|£7,680 to £21,730||Deemed moderate|
|Up to £7,680||Less serious symptoms|
We have listed psychiatric injuries in the table. These can encompass stress, anxiety, distress and depression. Remember, even if you do win your data breach compensation claim, you might not receive the amounts listed as awards are based on the extent of your injuries. We could offer you a more personalised compensation estimate if you call for a free case review.
Many people don’t ever claim compensation because they are worried about solicitor’s fees. We realise that this is a stumbling block. That’s why our solicitors offer a No Win No Fee service for every claim they work on. This can reduce the stress associated with claiming as you won’t need to pay any solicitor fees upfront.
If your case is taken on, your solicitor will send a Conditional Fee Agreement (CFA), which is a formal term for No Win No Fee agreement. It will explain how the claims process works and what will need to be achieved before you’ll need to pay your solicitor.
Should your claim result in compensation, the CFA will explain what success fee you’ll pay. This is a small percentage of your compensation that will be deducted to cover the cost of your solicitor’s work.
If your case loses under No Win No Fee, you wouldn’t have to pay any solicitor fees at all.
Why not call our advisors? A member of our claims team will let you know if your case is suitable for our No Win No Fee service.
When it comes to claiming for a data security breach, you’ve got nothing to lose by calling Legal Expert. One simple call could be all it takes to be connected with one of our lawyers. Our solicitors have been representing clients for many years. Also, they only work on cases that have a reasonable chance of success.
To put your mind at ease, our solicitors provide a No Win No Fee service for every claim they work on. That means there are no solicitors fees payable unless you are compensated.
Our solicitors can work for you from anywhere in the country, whether through online meetings, over the phone or by email. Importantly, our solicitors will always try to make sure that you are awarded the correct level of compensation in all cases.
Interested in letting Legal Expert help? If so, please get in touch today. Alternatively, you can find out more about our solicitors by reading our reviews page.
Would you like to know how we could help you to start your claim? If so, why not get in touch with our claims team today? To do so, you can:
- Use the live chat and an online advisor will discuss your case with you.
- Call our advisors for free on 0800 073 8804.
- Email us details of your case to firstname.lastname@example.org.
- Ask us to call you back when it’s convenient by completing this claim online form.
Your call will be treated in confidence and you won’t be under any pressure to proceed to a claim.
We’ve listed some additional resources for you below which might help during a claim.
PTSD Claims: Advice on how personal injury solicitors can help you claim for Post-Traumatic Stress Disorder.
Data Breaches In Schools: This article explains how you could be compensated if a school causes you to suffer because of a data breach.
Breaches In Social Services: A guide that shows what harm a social services data breach could cause.
Identity Theft Advice: ICO guidance on what to look for in relation to identity theft.
Types Of Anxiety: This charity article looks at the 26 different types of anxiety.
Choosing A Solicitor: Information from the Solicitors Regulation Authority on how law firms should operate.
Thanks for reading this article on local authority data breach claims. In this section, we’ve answered some common data breach questions.
What is a confirmed breach?
A personal data breach, according to the UK GDPR, is where a security incident results in personal data being disclosed to an unauthorised party (or accessed by them), lost, destroyed or altered unlawfully. Importantly, not all data breaches result from illegal or even deliberate acts.
Who is responsible for reporting a data breach to the ICO?
Organisations that process personal information are called data controllers. As part of the Data Protection Act and the UK GDPR, they must report notifiable data breaches to the ICO within 72 hours. Individuals who suspect a data breach has occurred can also report them to the ICO.
How could the data breach affect me?
Data breaches can cause problems for any individual whose personal information is exposed. In some cases, the exposure of personal information can lead to anxiety, distress or embarrassment. Where criminal activities occur because of a data breach, the data subject could suffer financially as well.
What is sensitive data?
The UK GDPR defines any personal information that is sensitive as special category data. Due to its sensitivity, it requires more protection than other personal data. Examples of special category data under the UK GDPR include genetic data, information about race, political opinions, ethnicity, sexual orientation and religious beliefs.
You’ve reached the end of this article on what you could do following a Kent County Council data breach. Please use live chat if you have any further questions.
Written by Hambridge
Edited by Victorine