Nottingham City Council Data Breach Compensation Claims Guide – How Much Compensation Can I Claim?
In this guide, we explore what you could do if a Nottingham City Council data breach occurred.
Did a local authority fail to protect your personal data properly? Did this lead to you suffering financial or emotional damages? If so, this article can help. We explain your options for seeking compensation from a council if you were harmed mentally and/or financially by a data breach caused by their security failings.
Nottingham City Council data breach claims guide
A data breach can be a physical breach or a cyber attack. Not all those who suffer a data breach will be entitled to make a compensation claim. The onus will be on the claimant to prove the data breach could have been avoided.
Our friendly and helpful team of advisors are on hand 24/7 to offer you free legal advice about claiming. They may also be able to connect you with one of our No Win No Fee solicitors if they feel you have a valid claim.
Get in touch by:
- Calling us now to discuss your case on 0800 073 8804
- Emailing or writing to us at Legal Expert.co.uk
- Using the ‘live support’ option, bottom right for instant help and advice
Select A Section
- A Guide On Claims For A Nottingham City Council Data Breach
- Public Sector Data Breach Statistics
- What Could Be A Nottingham City Council Data Breach?
- Do Local Authorities Have To Comply With The GDPR?
- Types Of Breaches In Data Protection
- Breaches Of Tenants’ Data Privacy
- ICO Information
- Can I Sue A Public Body Who Breached My Data Privacy?
- Material Vs Non-Material Damages
- Calculate Compensation For A Nottingham City Council Data Breach
- No Win No Fee Claims For A Nottingham City Council Data Breach
- Finding The Right Person To Handle Your Case
- Claim For Your Data Breach
- Related Guides
- Nottingham City Council Data Breach – FAQs
A Guide On Claims For A Nottingham City Council Data Breach
If your personal data is breached or exposed, what kind of harm could you suffer? This harm could be financial in the form of money following a credit card data breach. You could also suffer emotional harm in the form of anxiety or stress at the thought that your data has been exposed.
In the sections that follow, we will examine the regulations that dictate how organisations can use and process your personal data. We will also examine the key principles of the UK GDPR that should inform how organisations handle data.
In addition, we will look at the role of the Information Commissioner’s Office (ICO) in investigating breaches of personal data. Furthermore, we will examine the kinds of damages that can be awarded in a claim for harm caused by a data breach.
If you would like to make a claim for harm caused by an avoidable data breach, then the time limit for a claim against a private company is 6 years. But if it’s a breach involving a public body, such as a council, then you only have 1 year to start a claim. However, we recommend that you start the claims process as soon as possible, as this can make the collection of evidence more straightforward. Furthermore, because the timeframe isn’t always clear due to various factors, you may miss out by acting too late.
Public Sector Data Breach Statistics
The chart below shows the percentage of organisations where data security is seen as a high priority for directors, trustees and other senior managers. As we can see, amongst businesses this has increased steadily since 2016. Between 2018 and 2019, the rate of charities that felt that data security was a high priority saw a steep increase.
What Could Be A Nottingham City Council Data Breach?
Local authorities and councils collect a large volume of personal information for a range of reasons. This could be information related to employees, social housing tenants or those who are involved with social services.
It’s important that all of the data the local authority holds on you is safe and secure. The GDPR came into effect in 2018 and was ratified into UK law by the Data Protection Act 2018. Since leaving the EU, the UK GDPR is the legislation that informs how organisations can use and process your data.
The ICO classify a data breach as a security situation where personal data is accidentally or deliberately:
- Lost
- Duplicated
- Damaged
- Destroyed
- Stolen
- Accessed by an unauthorised party
“Personal data” is defined as any information that can be used to identify you, either in isolation or when combined with other information.
In some cases, your data may have been breached even though the local council did everything in their power to keep it secure. In these instances, you would not be able to claim, as you need to provide proof that a failing on the part of the council resulted in the data breach that caused you harm.
Do Local Authorities Have To Comply With The GDPR?
All councils and local authorities must follow the UK GDPR. There are seven key principles that dictate the way that organisations should act when storing and processing personal data. These are:
- Lawfulness, fairness and transparency. The data should only be processed in a way that is lawful, fair and transparent to the data subject.
- Purpose limitation. Data should only be collected for a specified, legitimate purpose.
- Data minimisation. Only data that is relevant and necessary for the purposes for which it is processed should be collected and stored.
- Accuracy. All the information should be accurate and kept up to date (where necessary). The data controller should take all reasonable steps to ensure that inaccurate data is updated as soon as possible.
- Storage limitation. Personal data should only be stored for as long as is necessary for the purposes for which it’s processed.
- Integrity and confidentiality. The data controller must ensure that they are only processing data in a secure manner. As well as unlawful processing, the data should be protected against accidental damage, loss or destruction of the information.
- Accountability. The data controller should be able to show that they have complied with the rest of these key principles.
It’s a legal requirement that all organisations adhere to the principles outlined in the UK GDPR.
Types Of Breaches In Data Protection
We’ve discussed the breadth of information the local authority needs to keep a record of. But let’s now look at how a breach of this personal data could happen.
Data breaches can be both online and in physical forms. Personal data could be breached in the following ways;
- Personal data being left in unlocked filing cabinets, meaning that they can be accessed by unauthorised personnel
- Files being disposed of in general waste instead of being securely shredded
- A laptop containing personal data being left unlocked and unattended on a table in a cafe
- Cybersecurity systems not being updated, meaning that a hacker is able to access personal data.
Nottingham City Council, alongside all other councils and local authorities, have a responsibility to safeguard all personal data that they hold. It may not always be apparent when a data breach has happened. As well as data controllers being vigilant it is also important if we are careful who we share our personal information with.
Breaches Of Tenants’ Data Privacy
Nottingham City Council may need to collect information for many reasons. As they collect personal information they will be known as a data controller. In order for a data controller to process a data subject’s personal information, they need to have a lawful basis for doing so.
Consent is one of these lawful bases, but it is not always needed in order for your information to be processed. However, there are a further 5 lawfully bases that do not require consent.
A local authority may need to collect personal data from tenants of council housing. For instance, they may hold:
- Tenancy agreements
- Proof of identity (for example, a scan of your passport)
- Rent statements
- Landlord references
If this information can be used to identify the data subject, either alone or in conjunction with other data, then it is classed as personal data. This means that it must be protected according to the UK GDPR. How could a potential data breach occur?
- A rent statement could be sent to the wrong address, meaning that the person who receives it has access to your personal details.
- A cybercriminal could hack into the council’s computer system because of outdated security measures. They could then access a scan of your passport, which could then be used to steal your identity.
If you would like to know more about the responsibility that organisations have to keep your data secure, speak to a member of our team today.
ICO Information
You do not have to have the ICO investigate the data breach that has affected you. But doing so can be a very effective way of finding out more about how the data breach occurred. In addition, their findings may be used to support a compensation claim that you make in the future; however, their decision is not final and the court may come to a different conclusion.
Before reporting a data breach incident to the ICO, you could raise your concerns with the local authority directly. If they don’t respond to your satisfaction, then you can get in touch with the ICO for them to investigate. In order to raise it with the ICO, you must do so within 3 months since your last meaningful communication with the organisation.
If the breach poses a risk to the rights or freedoms of the data subject, then the local authority or council must report it to the ICO themselves. They must do this within 72 hours. If there is no risk to the data subject’s rights or freedoms, the breach does not need to be reported but should still be recorded.
Can I Sue A Public Body Who Breached My Data Privacy?
Personal data is any information that can identify you. Or information that can be used in conjunction with other information to identify you. As well as this there is also information that is classed as sensitive and requires further protection. If any of this information is leaked through deliberate or accidental actions but without authorisation or a lawful basis it can be classed as a data breach. If that data breach could have been avoided through appropriate security means or training then this may mean you have the basis for a claim.
There is no legal requirement to have a solicitor act on your behalf when pursuing a data breach claim. However, the claims process can be daunting, and the support and guidance of a solicitor could help the process run more smoothly.
A solicitor may also be able to advise you on reporting the incident to the ICO. Alternatively, they may suggest that you forego reporting the incident to them at all and instead advise that you pursue a claim straight away.
Material Vs Non-Material Damages
When you make a claim for compensation following a data breach, you may be able to claim two different kinds of compensation. These are material and non-material damages.
Material damages is a term that relates to all the provable financial losses that you incurred because of the data breach. For example, if your bank details were exposed then this could cause thieves to take money from your account. Furthermore, it could cause long-term harm if your credit rating was permanently affected as a result.
It’s important that you present bills or receipts to demonstrate the loss. You need to show how the data breach was responsible for these costs.
Non-material damages
In addition to this, you can claim compensation for emotional harm caused by the data breach. For example, you may have suffered severe stress and anxiety as a result of the avoidable breach that caused you harm.
Vidal-Hall and others v Google Inc [2015] was a landmark case that changed the way that courts award compensation in data breach claims. In it, the Court of Appeal held that claimants can claim for non-material damages even if they have not experienced any material damages. Before this, it was only possible to claim for emotional harm caused by a breach if you also suffered financial harm, too.
To prove non-material damages, you may be invited to a medical appointment as part of your claim. This will be with an independent expert and will determine the extent to which you have been affected by the breach. This report will be used to help value your claim.
Calculate Compensation For A Nottingham City Council Data Breach
The chart below contains guideline compensation brackets from the Judicial College Guidelines. Included in these figures are awards for psychiatric damage and PTSD.
Please bear in mind that these amounts are not guaranteed. They are guidelines, and the amount of compensation you receive for your injuries may differ.
| Type of injury | Potential award bracket | |
|---|---|---|
| Psychiatric injury (severe) | Resulting in marked inability to function with everyday life. | Up to £108,620 |
| Psychiatric injury (moderately severe) | Showing significant problems coping with things like education, work and relationships. Some recovery may be made with professional help, but the damage will be significantly disabling. | Up to £51,460 |
| Psychiatric Injury (moderate ) | There will be marked improvements with treatment and prognosis is good. | Up to £17,900 |
| Psychiatric injury (less severe) | Residual issues that yield over time to treatment. | Up to £5,500 |
| Post-traumatic stress disorder (severe) | Inability to cope at anything approaching a pre-trauma level. | Up to £94,470 |
| Post-traumatic stress disorder (moderately severe | Symptoms which cause significant disability for the foreseeable future. | Up to £56,180 |
| Post-traumatic stress disorder (moderate) | Where recovery is largely complete and any residual effects don’t grossly disable the injured person. | Up to £21,730 |
| Post-traumatic stress disorder (less severe) | Awards in this bracket will depend on the extent to which daily activities and sleep were impacted. | Up to £7,680 |
No Win No Fee Claims For A Nottingham City Council Data Breach
A No Win No Fee agreement is a contract that outlines the conditions that your solicitor needs to meet before they’re paid. With a No Win No Fee agreement, you won’t be asked to pay anything to your solicitor in order for them to start working on your claim, or while it’s ongoing.
With no upfront fees needed, or any as the case moves forward, with a No Win No Fee arrangement you only pay a small success fee if your case wins. This is capped, ensuring that claimants receive the majority of the compensation awarded to them.
Finding The Right Person To Handle Your Case
By law, it is not a necessity to have a data breach solicitor help pursue your case. However, they will have received many years of training in how to deal with cases such as these and will have experiences of how to present data breach claims. Their capabilities and knowledge will be used to ensure that your case is filed in the correct time frame, with the supporting evidence needed.
Why not call an advisor from Legal Expert today. They will assess any case you have in a no-obligation free of charge chat. All your evidence can be reviewed and you can be advised on the merits of your case. If you are ready they can have a specialist solicitor begin your claim straight away. All our solicitors work on a No Win No Fee basis.
Claim For Your Data Breach
Thank you for reading our guide on your rights if a Nottingham City Council data breach was to occur. Why not call our advisors for free if you have any further questions.
Get in touch by:
- Calling us now to discuss your case on 0800 073 8804
- Emailing or writing to us at Legal Expert.co.uk
- Using the ‘live support’ option, bottom right for instant help and advice
Related Guides
Thank you for reading our guide on claims should a Nottingham City Council data breach occur. Below, we have included some additional guides that may be useful:
Information on social media privacy settings
Other Useful Guides
- Marriott International Hotels Data Breach Compensation Claims
- BUPA Healthcare Data Breach Compensation Claims
- Uber Data Breach Compensation Claims
- Equifax Data Breach Compensation Claims
- Three Data Breach Compensation Claims
- QuickQuid Data Breach Compensation Claims
- Superdrug Pharmacy Data Breach Compensation Claims
- Derby City Council Data Breach Compensation Claims
- University Of Derby Data Breach Compensation Claims
- Bolton Council Data Breach Claims
- Data Breach By Stoke-On-Trent City Council Compensation Claims
- Data Breaches At Sefton Council Compensation Claims
- Leicester City Council Data Breach Compensation Claims
- Can I Get Compensation for Loss of Medical Records?
- Nottingham Trent University Data Breach Compensation Claims
- Doncaster Council Data Breach Compensation Claims
- Swansea University Data Breach Compensation Claims
- University of Bolton Data Breach Compensation Claims
- University Of Leicester Data Breach Compensation Claims
- Bristol County Council Data Breach Compensation Claims
- Ticketmaster Data Breach Compensation Claims
Nottingham City Council Data Breach – Data Protection Breach FAQs
How much compensation do you get for a breach of data protection?
The amount you receive will depend on how severe the financial or emotional harm caused to you by the breach was.
Are there time limits to data breach claims?
There is a 6-year time limit to starting any data breach claim. This time limit is reduced to 1 year if the breach involved a breach of human rights.
How long could a potential claim for a data breach take?
There are no absolute time frames. The amount of time it takes to settle the claim will depend on, amongst other things, whether liability is clear.
Thank you for reading our guide on what you could do if a Nottingham City Council data breach occurred.
Guide by Waters
Checked by Stocks
