Middlesbrough Council Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? Amounts For A Middlesbrough Council Data Breach
Have you been affected by a council or local authority data breach? This guide shall examine potential scenarios of a Middlesbrough Council data breach to look at what steps could be taken in the event this should happen.
In this guide, we shall discuss how the incorporation of the General Data Protection Regulation GDPR into the Data Protection Act 2018 serves to offer data subjects a lot more protection when it comes to their personal data.
The Information Commissioner’s Office (ICO) is a non-departmental public body. They are commissioned with reporting directly to the UK parliament. The ICO enforce data protection rules and laws and hand out fines to those who do not comply with UK GDPR.
Despite the ICO’s power to issue fines and other enforcement actions, they can’t award compensation. This may only be done when making a data breach claim.
If you have any questions, you can contact our team on 0800 073 8804.
Alternatively, for more information about the way a data breach claim may be handled and the process you can take to claim, please continue reading.
Select A Section
- A Guide On How To Claim For A Middlesbrough Council Data Breach
- Statistics On Cyber Security Breaches
- What Is A Middlesbrough Council Data Breach?
- Do Local Councils Have To Follow GDPR Rules?
- Types Of Breaches Of Council Data
- Data Breaches Of Rental Statements And Tenancy Agreements
- Should I Report My Breach To The Information Commissioner?
- How Does The Process Of Making A Claim Work?
- What Compensation Can You Get For A Breach Of Your Data Privacy?
- Calculating Payouts For A Middlesbrough Council Data Breach
- Claiming For A Middlesbrough Council Data Breach On A No Win No Fee Basis
- Could A Specialist Solicitor Help With A Middlesborough Council Data Breach
- Talk To An Expert
- Useful Information
- FAQs About Council Data Breaches
You may be confused about what action to take when your personal data has been breached. For instance, should you contact the council directly? Should you take your complaint to the Information Commissioners Office? Or perhaps you could seek legal advice straight away? If these are the types of questions you want answers to, you’ll be able to find answers to them further down in this guide.
Additionally, you might be wondering whether you can claim compensation and what harm you could claim for. If so, we have explained the different types of damage that you could claim and the evidence you will need to support your case.
We are aware it can be overwhelming when you’re dealing with either the financial or psychological consequences of a data breach. For that reason, we will look at how a solicitor representing you on a No Win No Fee basis could benefit you.
Although we have aimed to cover the information you need, we understand if you have questions after reading. If so, you can contact our team on the number above at any point either whilst reading or after you’ve finished. Our team will be on hand to take your queries.
What are the time limits?
For general data breach claims against private companies, you have 6 years to start your legal proceedings. Alternatively, if the breach involves a public body such as a local council, you have 1 year. Note that other factors may influence how long you have, so you need to find out what your timeframe is. Otherwise, it may be too late without you even knowing it.
If you have any questions on the time limits, please get in touch with our team as soon as possible. They’ll be happy to provide further information.
The graph below shows fines that have been issued to a handful of councils between 2010 to 2021 by the ICO for various data breaches that occurred.
As you can see, the graph highlights that the fines issued vary in amount. They depend on how severe the breach was and how badly it may have impacted the people involved.
It’s important to be aware that these figures only relate to fines that the organisation has to pay to the ICO. They don’t relate to any additional money that an organisation may need to pay in a data breach compensation claim.
The figures are provided by the ICO.
The Information Commissioner’s Office (ICO) issued 10 civil monetary penalties to various types of organisations in the first quarter of 2021/2022 which totalled £873,000. One of these penalties was issued to the Conservative Party for sending emails to people who did not want to receive them.
One question you might be wondering is what defines a data breach?
According to the ICO, a breach of personal data involves a security breach that leads to either data being accidentally or intentionally lost or altered. It could also include data being disclosed or accessed without authorisation to do so.
If the council fails to update their security systems, this may make them more susceptible to having its network hacked. It is vital that any company or organisation that has a responsibility to protect our personal data ensure that they have the systems in place to do this as it is one of the 7 key principles of the GDPR.
The ICO provide useful information in all aspects of personal data breached. They look at taking a case to court. Under GDPR rules and regulations any individual has the right to seek compensation if an organisation has breached data protection rights. This includes the right to seek compensation for material and non-material damages.
For more information, you can contact our team on the number above and they can help determine whether your claim is valid.
There are seven core principles within the GDPR that must embody an organisation’s data protection procedure. Failing to do so could result in the organisation facing fines from the ICO. The principles mean an organisation should:
- Ensure the data they hold for you is accurate
- Only store your data for the necessary amount of time
- Be clear from the start about their purpose for processing your data
- Take responsibility for processing personal data
- Only store what they need
- Have a valid reason for needing to process personal data
- Have appropriate and relevant security measures in place to protect data
In addition, an organisation must have a lawful basis for processing your personal data. One of the lawful bases that most people will be aware of, is consent. This stipulates that an organisation can process your data for a specific purpose if you have given clear consent for them to do so.
However, there are other lawful bases such as:
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
When we think of a data breach, we may assume this just refers to sophisticated cybersecurity attacks or phishing scams. However, it could be as simple as leaving a document containing someone’s name and address on a desk instead of locking it away.
Breaches can involve both physical and digital data. Additionally, the council holds a wide array of personal and financial data due to the various departments they’re responsible for. For instance, some of the services of some councils include:
- Registering births, deaths and marriages
- Children, families and safeguarding
- Schools and education
- Social care and wellbeing
Each of the departments responsible for overseeing these services will be equally responsible for ensuring they adhere to the GDPR when collecting and processing people’s personal data. Examples of where they could fail to do so might include a council:
- Failing to store someone’s marriage, birth or death certificate securely
- Sending a letter containing details of a family’s involvement with social services to the wrong recipient
- Someone without authorisation disclosing adoption records to the birth parents giving them information about the adoptive parents and child’s whereabouts which could cause a significant amount of stress for all those involved
- Sending emails containing all recipients email addresses and personal information
- Failing to encrypt a hard drive that was later stolen and gave access to thousands of people’s personal data
Have you experienced something similar? Or perhaps the incident you’ve been affected by isn’t listed above? Either way, if you require any further information, please don’t hesitate to contact our team on the number above.
Councils with tenants hold a lot of information. This can include, names, addresses, DOB, health records, national insurance number, bank details and more. If this kind of information is lost or stolen it could allow identities to be forged. If information such as this is lost, stolen, disclosed or accessed without authorisation could be used to easily identify you.
There are a number of ways this information could be breached, such as:
- Sending tenancy documents to the wrong person
- Failing to dispose of passport scans safely e.g. throwing them in the normal rubbish without shredding them first
- Emailing a rent statement to someone and accidentally copying someone else
If you have questions about what could constitute a Middlesbrough Council data breach why not call our team of expert advisors today. They can answer any question you may have and provide you with any additional advice you may need.
For any private or personal data breach incidents that an organisation is aware of, that could affect an individual, they should inform you without unreasonable delay. Generally, they are expected in most cases to inform the Information Commissioners Office within 72 hours.
However, if you have concerns that your data has been compromised, you should contact the organisation responsible as soon as possible. This means they can conduct any investigations and attempt to resolve the incident in a timely manner.
If the organisation either fails to contact you, respond to your concerns or attempt to provide a resolution, then you can contact the ICO to raise your concerns with them. You should do it no longer than three months after any unproductive communication with the organisation.
If you contact them after a long period of time has passed, it may be more difficult for them to start an investigation into your complaint.
What will happen after I’ve contacted the ICO?
If the ICO decides to start an investigation into your complaint, the results could vary depending on what they find. For instance, an organisation may face action in the form of a penalty.
The penalty varies depending on the severity of the breach and how badly it’s affected people’s lives. For instance, there is a standard maximum and a higher maximum.
The higher maximum penalty will either be £17.5 million or 4% of the total annual worldwide turnover from the year before. For instance, Marriott International Inc was fined £18.4 million as they failed to keep customers’ personal data secure.
Although you don’t need to go through the process of contacting the ICO or a council before making a claim, it is beneficial to do so. The written communication you have with a council can be used as evidence to support your claim.
Additionally, if the ICO decides to investigate your complaint further, their findings can also be used.
However, if this isn’t an option that you want to consider, you can seek legal advice and start building up evidence for a claim. A solicitor may then advise you on the next steps and help you get the compensation you deserve.
For more information, see below for the evidence you’ll need to support your claim.
Compensation may comprise material and/or non-material damage, depending on the nature of the data breach you’ve experienced.
For instance, material damage refers to any financial losses. As some data breach incidents can have a long term impact on your finances, you can claim for both past and future losses.
However, you will need to provide evidence to support your claim such as financial statements showing any money that may have been lost due to identity theft. This might include statements from the bank or credit card companies.
In addition to financial losses, you may be able to claim for the mental harm you’ve suffered. Mental harm could vary in severity and the way it’s impacted your life. For instance, it may be that the breach has affected your:
- Quality of sleep
- Ability to maintain relationships
- Work or education
- Ability to carry out normal daily activities
You could use your medical records that detail the diagnosis or treatment you may have received as evidence.
Additionally, medical evidence in the form of an independent report may be needed to prove the extent of any mental suffering caused by the data breach.
Will I need any other evidence?
In order to hold a valid claim, you need to be able to prove that the organisation’s failings caused a data breach which led you to suffer financial or mental harm. Evidence that could help to support your claim might include:
- Letters or emails between you and the council outlining the nature of the breach and any attempt or failure to resolve the matter
- Any reports detailing findings from an ICO investigation
However, if you haven’t had any contact with either the council or the ICO, other evidence may be obtained during the course of the claim.
For more information on this, contact our team on the number above. They’ll be happy to provide further details on the evidence you may need to obtain following a council data breach.
In 2015, there was a Court of Appeal for the case of Vidal-Hall and others v Google Inc which saw a reform regarding the type of damage you could claim.
The decision from the Court of Appeal stated that psychological damage should be considered separately. Previous to this, you could only claim for mental harm if you were also claiming for financial losses.
The decision meant that going forward claims could be made solely for the mental harm they suffered. For that reason, compensation amounts may vary depending on what damage you’re claiming for.
However, we have created a table showing figures for different psychological injuries. The figures have been provided from the Judicial College Guidelines. A document that lists past cases injury values.
Type of mental harm Additional comments Compensation award
Moderate psychiatric damage There may have been an initial impact on a person's life, work or education and their relationships. However, there will have been some improvement. £5,500 to £17,900
Less severe psychiatric damage There may have been an impact on the person's sleep and ability to carry out daily activities. The award will depend on how long the impact lasted and the extent of it. £1,440 to £5,500
Moderately severe post-traumatic stress disorder There will be an ongoing significant impact but professional help may mean a better prognosis. £21,730 to £56,180
Moderate post-traumatic stress disorder The effects that were prevalent will have largely subsided. £7,680 to £21,730
Less severe post-traumatic stress disorder The person will have made a full recovery and only be affected by minor symptoms. £3,710 to £7,680
Additionally, the JCG may be used alongside the additional medical report. For that reason, you should be aware that actual compensation figures may differ and the figures in the table are only a guideline.
A No Win No Fee agreement could be beneficial if you’ve been impacted financially by a data breach. It provides you with the option of legal representation whilst avoiding upfront costs and any ongoing costs.
The agreement means that you won’t be asked to pay solicitor fees if your solicitor is unsuccessful with your case.
If they do succeed in winning your case, you’ll be required to pay a small success fee. However, you may be able to decide on the fee before your claim begins.
If this feels like an option you’d like to explore, see below for more information on how a Legal Expert advisor could help you.
A data breach solicitor could be beneficial in helping you make your claim. However, if you’re struggling to find a suitable option, our advisors can help.
Once they have determined whether you hold a valid claim, they can put you in contact with one of our solicitors here at Legal Expert. They can take your case on a No Win No Fee basis.
Furthermore, they will take you through each step of the process and keep you informed of where your claim is up to. Additionally, they can provide clarification if you have any questions.
However, we understand that you may like to research working with one of our solicitors yourself. If so, please take a look at our review page. Alternatively, you can speak to our team and they’ll be happy to provide further details.
You’re under no obligation to decide whether you want to connect with a solicitor straight away. Our advisors can help even if you’re still unsure of a few things or just want a bit of extra clarification.
They can discuss the details of your case at a time that best suits you. So why not get in touch on the details below and find out more information?
- Call us on 0800 073 8804
- Request a call-back for a time that suits you
- Chat with us now using the live chat feature at the bottom of the page
If you’re unsure of what your rights are regarding your data, see the ICO guide for more information.
We understand that you may have seen some technical data breach language used. However, the ICO has a helpful guide on key definitions to help.
Visit the government website for some helpful data breach statistics where they have published the Cyber Security Breaches Survey for 2021.
Did someone access your medical records without your consent when they didn’t have a lawful basis to do so? If so, our guide could help.
Our guide on university data breach claims could provide you with the information you need to make a claim for compensation.
Have you suffered mental harm as a result of a data breach? If so, our guide on claiming compensation for stress could help.
Other Useful Compensation Guides
- Luton Borough Council Data Breach
- Malaysia Airlines Data Breach
- Mansfield District Council Data Breach
- GP Data Breach Compensation Claims
- Middlesex University Data Breach
- Morrisons Data Breach Compensation Claims
- Morrisons Pharmacy Data Breach
- Newcastle-under-Lyme Borough Council Data Breach
- Newman University Data Breach
- NHS Surrey Data Breach
- North Lincolnshire Council Data Breach
- Northampton Borough Council Data Breach
- Northumbria University Data Breach
- Norwich University Data Breach
- Npower Data Breach Compensation Claims
- Nuffield Health Data Breach
- Nuneaton and Bedworth Council Data Breach
- Queen Margaret University Data Breach
- Ravensbourne University London Data Breach
- Reading Borough Council Data Breach
- NHS Data Breach Compensation Claims
See below for more information on subject access requests and how you could make one.
What is a Subject Access Request?
This is the process of someone requesting access to a copy of their personal data that an organisation holds for them.
How do I make a Subject Access Request?
A person can make a subject access request to an organisation either by asking verbally or in writing. For instance, sending a letter, email or a message on social media.
Thank you for taking the time to read our guide about potential Middlesbrough Council data breach scenarios. We hope you found it useful.
Written By Mitchell
Edited By Melissa.