Leicester City Council Data Breach Compensation Claims Guide
How Do You Make A Local Authority Data Breach Claim?
Welcome to our guide on how you could make a Leicester city council data breach claim. The way our data is used and stored has changed over the last few years with the introduction of the General Data Protection Regulation (GDPR).
In addition, the Data Protection Act 2018 has forced organisations in the UK, including councils, to comply with the regulations in place to keep your data safe.
However, your local council may have made accidental or deliberate mistakes leading to a breach of the Data Protection Act 2018. For instance, they may have failed to put adequate security measures in place. This could have made them susceptible to a cyber attack which ended up with your personal data being leaked.
If it can be proven that the council failed to keep your data safe, you may have grounds to claim. However, if you’re unsure whether you hold a valid claim, our advisors can help.
They are available to assess whether your claim has a chance of success. If they feel it does, they could connect you with a No Win No Fee solicitor to take you through the next steps of the claims process.
For more information, contact us using any of the following options:
Alternatively, continue reading for more information on how to get the compensation you deserve.
Select A Section
- A Guide To Leicester City Council Data Breach Compensation Claims
- Government Data Protection Breach Statistics
- What Is A Leicester City Council Data Breach Claim?
- What Authorities Are Exempt From Following The GDPR?
- Types Of Breaches Of Data Protection By Councils
- Rent Statement And Tenancy Data Breaches
- How Do I Report A Local Authority Breach To The Information Commissioner?
- Suing A City Council For Breaches In Data Protection
- What Damages Could I Be Compensated For?
- Leicester City Council Data Breach Compensation Calculator
- No Win No Fee Leicester City Council Data Breach Compensation Claims
- Finding A Specialist Solicitor To Handle Your Case
- Claim For Leicester City Council Data Breaches
- Further Resources
- FAQs About Leicester City Council Data Breaches
We understand the process may seem complex. However, we’re here to provide you with the information you need to make the process as smooth as possible.
In this article, we’ll be looking at the recommended process you could follow to obtain evidence to help you build a strong case.
Additionally, any breach of data could cause serious damage both to your finances and in some cases your psychological well being. For that reason, we’ll be exploring the different damages you could claim compensation for and how much your claim could be worth.
As mentioned earlier, our advisors could connect you with a solicitor to represent you on a No Win No Fee basis. We understand you may be unsure how this type of agreement works. For that reason, we’ll be exploring this in more detail further down in our guide.
Furthermore, if you’re considering putting forward a data breach claim, it’s important to be aware of the time limits in place.
Generally, you have 6 years for a private company and 1 year for a public body. Note that the nature of the data breach will influence the timeframe as well. So, you may wish to act soon before you suddenly discover that it’s too late.
However, if you have any further questions on this, you can call our team and they can provide further help and advice.
According to the Cyber Security Breaches Survey 2021, phishing was the most common cyber-attack to affect businesses and charities.
An example of phishing could be receiving a fraudulent email or text from a company directing you to a fraudulent website. The website may look almost identical to that of the actual organisation’s website causing people to trust and share their financial details.
The survey also shows that in the last 12 months 83% of the businesses who took part in the survey experienced a phishing attack. In addition, 79% of the charities that took part in the survey experienced a phishing attack.
Additionally, between 2017-2021 there has been a rise from 72% to 83% in phishing. However, there has been a fall in other cybersecurity breaches. For instance, cyber attacks like viruses and other malware fell from 33% to 9%. Also, there was a fall in ransomware attacks from 17% to 7%.
It’s uncertain why there are certain cyber attacks that occur more than others. However, the survey does provide an insight into the trends of different data breaches. This may help to provide an understanding of how to prevent them.
The graph below provides an insight into the percentage of cybersecurity breaches in the last 12 months for various organisations that took part in the survey.
When we think of a data breach, we might think of it more in the digital sense. For instance, a hacker stealing your personal data and selling it online to third parties. And you’re not wrong in thinking this is what a data breach is.
However, there are physical data breaches that you could find yourself a victim of. For instance, physical copies of your medical records being stored somewhere with little or no security. This might be an unlocked cabinet that anyone could access.
Furthermore, there are two types of personal data:
- Data in which someone could use to directly identify you such as your name, address or email address.
- Data which someone could use to indirectly identify you such as car registration number or passport number.
Essentially though, a data breach involves your personal or financial data being unlawfully lost, destroyed, accessed or disclosed whether accidentally or deliberately. In order to make a claim though, you will need evidence to prove that the organisation’s or local authorities failings led to the data breach.
Now, you might be wondering how a council might have breached data protection. There are a few ways this might happen.
For instance, someone in the council may have sent an email without blind copying you and several others, giving others access to your email address without your consent.
Alternatively, the council may have failed to encrypt the personal data they have stored for you. This could have then been accessed without consent.
If you’ve experienced something similar, you may be eligible to make a data breach compensation claim. For more information, contact our team on the number above.
The GDPR is a detailed piece of legislation that governs data breach law in the EU. It came into effect in 2018 as a way to monitor how organisations use people’s data.
The main concern of the GDPR is ensuring organisations get consent for how they handle people’s data. This includes, how it’s going to be used, why it’s needed and what it’s going to be used for.
In addition, the following are expected to be adhered to:
- Accuracy: The data an organisation holds for someone must be correct
- Storage: An organisation shouldn’t keep hold of data for longer than they need to
- Transparency, lawfulness and fairness: The organisation should have a valid reason to use someone’s data
- Accountability: An organisation should take responsibility for how you use someone’s data and ensure they comply with all other principles
- Purpose: They should be clear about the purpose of using someone’s data
- Minimisation of data: They should only use it for the necessary purposes and nothing else
- Confidentiality and integrity: They should ensure there are relevant security measures in place to protect people’s data
Additionally, even if an organisation is operating outside the EU, they still need to comply if it’s going to affect EU citizens.
However, there may be certain situations in which an organisation is exempt from adhering to specific parts of the GDPR.
For instance, local authorities may be exempt from getting your consent to share your data with HMRC when processing council tax and other fees paid to them.
Despite the exceptions, no one is fully exempt from following the GDPR.
For more information on the exemptions, see the Information Commissioner Office’s (ICO) website. Alternatively, you could contact our team. They can determine whether your breach falls under one of the exemptions.
There are various types of data protection breaches that a council could do either accidentally or deliberately. Some breaches may be related to your physical data such as:
- Posting a letter containing personal information to someone the letter wasn’t intended for
- Failing to store copies of tenancy documents securely in a locked filing cabinet
Additionally, some breaches may occur with personal data that’s digitally stored. This might include the following:
- An ex-employee unlawfully accessing databases to obtain personal information for their own personal use.
- Disclosing documentation without consent e.g. adoption records or social services documentation
- Identifiable information is shared by your local authority about people who complained about their neighbours
It’s important to note that it needs to be proven that the council did something wrong that led to a data breach. For instance, the council might have failed to put adequate procedures in place to aid in prevention such as keeping their cybersecurity up to date.
What are the consequences for a data breach?
The council, just like any other type of organisation whether business or charity, is responsible for keeping your personal and financial data protected.
Failing to do so could result in a breach of data protection and result in severe consequences for all involved. For instance, the ICO may issue them with a fine.
Most recently, Papa John’s was fined £10,000 for nuisance marketing messages sent to their customers. Additionally, Ticketmaster was fined £1.25 million for failing to keep customer payment details secure.
As you can see, the fines may vary depending on the severity of the breach. For instance, there is a standard maximum penalty which is either £8.7 million or 2% of the total annual worldwide turnover in the last financial year depending on which is the highest.
In addition, the higher maximum penalty is £17.5 million or 4% of the total annual worldwide turnover in the last financial year depending on which is the highest.
The local authorities may hold a variety of personal and financial data. Both identifiable and unidentifiable data. As they may have access to some of the following, they must comply with the GDPR and Data Protection Act 2018 to ensure they keep your data protected:
- Tenancy documents
- Rent statements
- Passport data
- Council tax financial details
Examples of how a breach of this data could happen might include your local council:
- Posting a letter that contains personal information to an incorrect address after a new address was provided
- Failing to keep financial details safe by not keeping cybersecurity up to date and experiencing a hack
An organisation should let you know within 72 hours of them discovering a breach has occurred. They can either do this via a letter or email. However, if they don’t and you have concerns about how the Leicester City Council is using your data, there are steps you can take.
These concerns might include the council:
- Failing to keep your information secure
- Has inaccurate information about you
- They disclosed information about you without your consent
- Has kept information about you for longer than they needed to
- Collected your information under a pretence but has been using it for another reason
If you suspect the local council is responsible for any of the above, you should contact them as soon as is reasonably possible so they can handle your concerns in a timely manner.
However, if you don’t receive any response after three months or the response you do receive is inadequate, you could then raise a complaint with the ICO.
However, it’s important to note that it may be more difficult for the ICO to look into your concerns if there is a delay in contacting them. For that reason, you shouldn’t wait too long to do so. Additionally, they cannot pay you any compensation.
Alternatively, if you haven’t heard back from your local council, you can seek legal advice without making the ICO aware of the potential data breach.
For more information on raising your concerns, see the ICO’s advice.
We understand it may feel intimidating getting in touch with your local council. However, the most important thing to remember is that if you run into any problems, you can seek legal advice to help.
For instance, if you’re having trouble getting any response or a reasonable response, legal aid could be of benefit in guiding you through appropriate action you could take.
For more information, contact our team on the number above and they’ll be happy to provide further help.
The GDPR gives people the right to claim data breach compensation from an organisation if they were responsible for breaking the data protection law.
As part of your claim, you may be able to receive compensation for material and non-material damages.
The material damages include any monetary losses both in the past and the future. Any past financial losses could have resulted from someone committing identity theft after stealing your details.
Additionally, you may be able to claim for any psychological suffering under non-material damages. The psychological impact of a data breach could include:
- Lack of sleep
- Feeling unsettled
What evidence will I need?
You will require various types of evidence to claim. For instance, you will need to prove that the defendant was in the wrong and caused a data breach. Evidence to prove this might include:
- Correspondence between you and the organisation responsible for the breach
- Findings from an ICO investigation
- Evidence obtained as part of the claim
For any material damages, you will require:
- Bank statements
- Credit score ratings
- Credit card statements
Additionally, if you’re claiming for any non-material damages, you can provide medical documents as evidence of the mental suffering you’ve incurred.
The monetary losses will greatly depend on the specific nature of the data breach you’ve experienced. For that reason, it’s difficult to provide an average amount as to how much your claim could be worth.
Additionally, it’s important to note that you don’t need to have any financial losses to claim for emotional distress. Before this wouldn’t have been possible but the court appeal between Vidal-Hall and others v Google Inc in 2015, changed the way you can be compensated in a data breach claim.
However, as a result of the Vidal-Hall and others v Google Inc  case, awards for psychological damages may be valued in a similar way to personal injury claims, using the Judicial College Guidelines (JCG). The JCG is a document solicitors may use to value claims.
We have used figures from the JCG to create a table listing psychological injuries you may be able to claim. It’s important to note that you should only use the figures as a guide. They may vary depending on the specific nature of your claim.
|Psychiatric damage||Severe: The award given will take into consideration the person's ability to cope with life, education and work and the effct it has on their relationships||£51,460 to £108,620|
|Psychiatric damage||Moderate: The award will be given to cases where the effect on work, life, education and relationships has improved and may not be permanent||£5,500 to £17,900|
|Psychiatric damage||Less severe: Consideration will be given to the length of time someone suffered the effect on their life, work, education and relationships.||Up to £5,500|
|Post-Traumatic Stress Disorder||Severe: Where the person suffers permanent effects in all aspects of their life||£56,180 to £94,470|
|Post-Traumatic Stress Disorder||Moderate: The person will have mostly recovered and if there are any ongoing effects, they won't be severe||£7,680 to £21,730|
|Post-Traumatic Stress Disorder||Less severe: Where a full recovery from any symptoms was made within two years||\up to £7,680|
If you have any further questions on how your compensation may be calculated, contact our team on the number above. They’ll be happy to provide further help and advice.
Having a solicitor representing you under normal circumstances can come with added financial strain because there is no guarantee that the claim may win. For that reason, you may have to pay regardless. However, at Legal Expert, we have an alternative option that could help.
Our advisors could connect you with a solicitor from our panel to represent you on a No Win No Fee basis. Each of our solicitors has experience handling data breach claims and can advise you every step of the way.
If they are unsuccessful, you won’t pay solicitor fees, meaning you can claim without worrying about the fees if your claim doesn’t win.
If they are successful, you’ll pay a small success fee. However, you and your solicitor can decide on this before you start your claim. Most importantly, if your claim is successful you’ll be awarded the compensation you deserve.
Most importantly, you can avoid upfront costs and any other costs that build up over the course of your claim.
Now that you have a better understanding of Leicester City Council data breach claims, you may be wondering how to choose a solicitor to help you through the next stages of your claim. A good place to start is by contacting our team of advisors here at Legal Expert.
Our advisors can provide you with free legal advice as well as assess the validity of your claim and provide further clarification on how it’s calculated. If they feel you have a valid claim, they can connect you with a No Win No Fee solicitor from our panel who can handle the next steps.
Not only can a solicitor use their experience to handle your claim correctly, but they can also answer any questions you may have and update you on where your claim is at.
For more information, you can either contact our team or read some reviews to give you an insight into the work we’ve done for people before.
We hope you’ve found the information in our guide useful and feel more confident in making a claim for the damages you’ve suffered from the data breach claim. However, if you have any further questions, our advisors can help.
Contact us using the following details so you can get started with your claim today:
- Our phone number – 0800 073 8804
- Speak to one of our advisors using the live chat feature
- Send us an enquiry using the contact form to request a call-back
For more information on data protection, see the government website.
If you require further information on the ICO and what they do, see their website.
Visit the ICO page on consent and if there are any exemptions.
If you need any further information on making a compensation claim against your local council or authority, our guide could help.
See our guide for more information on what your rights are after a breach.
Visit our guide if you’ve been a victim of the Blackbaud data breach.
In this section, we’ve answered some questions regarding data breach claims.
What is considered a data breach?
A data breach may be considered as either the deliberate or accidental use of someone’s personal data without their consent.
What does it mean when it says your data has been compromised?
This may mean that an organisation that has your personal data stored may have suffered a breach in security and your details have been unlawfully accessed.
What happens with a data breach?
A data breach usually consists of the loss of multiple amounts of sensitive and private data, including personal and financial information.
Who is exempt from ICO?
There may be some authorities that are exempt from paying the ICO fee to process data. For instance, members of the House of Lords, elected representatives and prospective representatives are exempt as of the 1st April 2019.
Thank you for reading our guide on Leicester City Council data breach claims. We hope you found it helpful.