Plymouth City Council Data Breach Claims Guide – How Much Compensation Can I Claim?
If a Plymouth City Council data breach was to occur what could this mean for a data subject’s personal information? Local government bodies collect a vast amount of data from people linked to them. This includes council tenants, people who pay council tax, apply for planning permission, and council employees to name but a few. They may also share data with other council departments and third parties. Accordingly, data controllers should have in place security to protect personal data. If a council fails to keep private and personal data secure and there is a breach, the Information Commissioner’s Office (ICO) has the power to issue a fine. The ICO is the authority that enforces data protection law in the UK.
So, if a Plymouth City Council data breach was to occur could this mean an individual can make a data breach claim? Unfortunately, things are not as simple as that as we will explain in the guide below.
To have your data breach case assessed for free, please get in touch on 0800 073 8804. Alternatively, to read our guide on data breach claims, please click on the sections that follow.
Select A Section
- A Guide To Claiming For A Plymouth City Council Data Breach
- Rates Of Breaches In Data Security
- What Are Claims For Council Data Breaches?
- Is City Council Data Protected By The DPA And GDPR?
- What Information Could Data Breaches Involve?
- Tenants Rental Information Breached
- What Details Of Your Case Should Be Reported?
- Can I Sue My Local Council For A Data Breach?
- What Types Of Damages Could I Get Compensation For?
- How To Calculate Payouts For A Plymouth City Council Data Breach
- No Win No Fee Claims For A Plymouth City Council Data Breach
- How Does The Data Breach Claims Process Work?
- Speak To An Expert
- Useful Information
- Frequently Asked Questions On Breaches Of Data
A data breach can leave you feeling vulnerable, exposed, and anxious. You could become the victim of identity theft. This guide shall examine what the criteria are for a data subject to make a data breach claim against a data controller.
The Information Commissioner’s Office (ICO) can launch an investigation into a data breach if it has affected data subjects rights and freedoms. The ICO has the power to issue a fine to data controllers when they breach the law. Our guide on your rights if a Plymouth City Council data breach occurs provides information on the following:
- A victim’s right to seek data breach compensation
- How data protection laws are there to make sure data is kept secure under the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (GDPR)
- When to contact the Information Commissioner’s Office (ICO)
- The potential value of a data breach claim and the damages claimants can seek in successful cases.
Additionally, our guide explains how one of our solicitors could represent you. This would be on a No Win No Fee basis which allows claimants of any financial standing to appoint representation.
Do you think a council data breach has occurred to which you may have fallen, victim? Why not call our advisors to have your potential case assessed for free. In this informal chat, they can answer any pressing questions you may have.
The Information Commissioner’s Office (ICO) enforces data protection law. They keep records of all the fines issued to data controllers who breach the law. Examples of fines issued to councils include:
- Gloucester City Council was fined £100,000 fine by the ICO for exposing employee data
- The Royal Borough of Kensington and Chelsea was fined £120,000 for unlawfully identifying over 900 owners of vacant properties
- Islington Council was fined £70,000 by the ICO for not securing personal information.
Recent studies found that high-income charities and businesses reported the following:
- Financial losses
- Lost data
- Loss of assets
Plymouth City council received a £60,000 fine for sending a child neglect report to the wrong recipient. The Information Commissioner’s Office found the council did not make enough checks before sending the document out.
A local council holds a vast amount of data for tenants, employees, and everyone who is linked to the government authority. Accordingly, the council must protect this data. And should have robust security protocols in place to reduce the risk of a breach happening.
Some organisations collect, process, and store data. However, a data controller can outsource the processing to a third party. If the third party’s system is breached, it will depend on the circumstances whether the data controller could still be held liable or the processor if people (data subjects) are put at ‘risk’. GDPR states that if you have a valid case for a data privacy breach and your claim is successful you can be awarded for:
- Mental distress/harm
- Financial loss
A breach of personal data security could be caused by:
- An accidental or intentional leak
- Data being shared without consent
- Human error
- Information being sent to the wrong person
- Vulnerabilities in security protocols
- Physical files are not kept secure
Data controllers must follow data protection law. A local city council is a data controller. Therefore, they must protect the data they hold on their online and offline systems. The Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK-GDPR) are there to make sure your information is kept secure. The new legislation provides you with more rights and restricts the use of your data.
Data controllers are now more accountable for how they use data that directly or indirectly identifies a data subject. Therefore, a data controller is an organisation that collects, processes, and stores data (although they can outsource the processing to third parties). Therefore, a data subject is an individual whose data an organisation holds.
The sort of data that directly identifies you includes:
- Name, location/address
- Telephone number/email address
- Usernames (online)
The kind of data that indirectly you could include:
- National insurance number
- Passport number
Equally important, under data protection law there are what is known as special categories of data that are deemed sensitive. Moreover, these special categories are given greater protection under the law. Sensitive data includes:
- Sexual orientation
- Racial origins
- Ethnic origins
- Political views
- Genetic data
- Biometric data
- Religious beliefs
- Health information
- Memberships to a trade union
As councils hold a lot of personal information for those that use their services such as social housing, council tenants, council taxpayers and so on and so forth. So the information that has the potential to be breached is the following;
- Name and address
- Telephone contact details
- Passport number and details
- Medical information
Some typical causes of a data breach include:
- Hackers gain access to a system because of vulnerabilities
- Tenancy documents leaked
- Employee data shared by mistake or without consent
- Personal data used in marketing emails without permission
- Inadequate security protocols cause filing cabinets to be accessed without authorisation.
These are just a few of the potential data breaches or cyber-attacks that can take place. The list is not exhaustive by any means.
Local councils must keep data they have on their systems secure – online and offline. More especially, data controllers must follow data protection laws to ‘protect’ your personal data and privacy. When a government body fails to protect your data, personal data can become vulnerable. The Information Commissioner’s Office (ICO) can launch an investigation. Whether they issue a fine will be down to what their investigations reveal.
Data controllers also have a duty to provide support, advice, and assistance to victims of a data breach if their freedoms and rights are at risk. If the council finds the exposed data puts people at risk, they must report the event to the Information Commissioner’s Office (ICO). Regards to the information that is held on a tenancy agreement and vulnerable to a data breach include;
- Copy of passport or visa
- Contact details
- National insurance information
Find out if you have grounds to sue for compensation by calling an adviser today. We can let you know more about the process of making a data breach claim. Additionally, an adviser can answer any questions you have about a city council data breach.
If a Plymouth City Council data breach was to occur would it need reporting to the ICO? If the council find that your data has been put at “risk” they should raise concerns with the Information Commissioner’s Office (ICO) within 72 hours. Providing you don’t wait too long and contact the ICO within 3 months of your ‘last significant contact’ with a council, they can agree to investigate your case.
The Information Commissioner’s Office (ICO) also has the power to issue a heavy fine if they find a council breached the law. That said, the ICO does not award victims of data breaches any kind of compensation. To get compensation following a data breach, you must start your own proceedings. Ideally, this should be done with the assistance of a legal expert.
Any personal data that is being processed must be kept safe. Data controllers must have robust systems in place to ensure that they are not vulnerable to cyber-attacks and also train staff on data awareness. Failure to protect personal information can leave it open to be accessed or leaked by those who do not have authorisation. To hold a valid data breach claim against a data controller the onus is on you to provide a case that they failed in protecting your data. If a data controller has done all they can in terms of data security and a breach still occurs there would be no case for a data breach claim.
Call Legal Expert to have any questions you have answered. We can review your case to check if you have a valid case for a data controller to answer. If you would like to proceed with a claim, a solicitor from our team can provide you with a No Win No Fee service.
If your data breach claim is successful against a party liable for breaching your personal information then you may receive a settlement. This can be made up of material damages and non-material damages. Material damages will focus on moneys lost due to the data breach.
You must provide evidence of your material losses because they are based on ‘actual’ losses. Accordingly, you should provide the following proof:
- Bank statements
- Credit card statements
- Other relevant documentation
Non-material damages are awarded to compensate you for the distress you suffered. An independent specialist may provide a medical report. You could seek non-material damages for the following:
- Mental distress/anguish
- Depression, lack of sleep
- Feeling confused, unsettled, anxious
- Post-traumatic stress disorder
Your work performance may suffer because of the breach which could also affect family members and friends.
It depends on how much the breach affected you as to the amount of compensation you receive. You may suffer mental anguish, financial losses, or a loss of privacy. And you have the right to seek both material and non-material damages under data protection law.
A judge who presided in a case involving Vidal Hall vs Google Inc 2015 set a new precedent. Victims of data breaches can claim non-material damages for mental distress even though they may not have incurred any sort of financial loss. The level of compensation awarded for mental distress (non-material damages) will be in line with personal injury claims. Therefore, the Judicial College Guidelines (JCG) can be used to hone in on a value for distress.
Our table provides a general idea of the amounts awarded to claimants for non-material damages but it does not include material damages.
|Harm/damage suffered by claimant||Severity of harm||Potential compensation that could be awarded|
|PTSD - post-traumatic stress disorder||Severe symptoms of PTSD which negatively impacts the claimants ability to work and lead a normal life are evident. Long-term and permanent damage is suffered by the claimant||£56,180 to £94,470|
|PTSD - post-traumatic stress disorder||Moderate symptoms of PTSD are evident but to a lesser degree than above. Claimant is expected to recover over time The prognosis being much more positive than above||£7,680 to £21,730|
|Psychological damage||Severe psychological damage is evident and claimant will suffer permanent mental harm. The amount awarded will take into account whether the claimant can work, and how their lives are disrupted||£51,460 to £108,620|
|Psychological damage||Moderate mental harm is evident but the prognosis is more positive with claimants expected to make a good recovery over time||£5,500 to £17,900|
|Psychological damage||Less serious mental harm is evident and the claimant is expected to recover over time||up to £5,500|
Our solicitors provide a No Win No Fee service to claimants when we find they have reason to sue for compensation. It means you don’t have to worry about paying upfront for their services. You won’t have to pay hourly fees or ongoing payments when you sign a No Win No Fee agreement.
You pay the solicitor a ‘success fee’ when you receive a data breach settlement. If your case fails, you don’t pay the solicitor for their services.
To discuss your case with an adviser, all you have to do is phone the number at the top of the page. The adviser can let you know if you can make a No Win No Fee data breach claim.
You don’t have to contact a local firm of solicitors to make a data breach claim. These days you can speak to a solicitor over the phone, contact them by email, or take part in a video conference.
Victims of data breaches that have valid claims have the right to claim compensation under data protection laws in the UK. You have the right to receive material damages, non-material damages, or both non-material and material damages. This is to compensate you for loss of privacy, mental distress, and financial losses.
Please note it is not enough just for the data breach to have occurred to claim compensation you must be able to prove that the party you hold responsible for the breach of your personal information failed to protect it accordingly.
The first thing you can do is contact the right department of a local council to file a complaint. If the council fails to respond, or the reply is unsatisfactory, you can take the matter further. And contact the Information Commissioner’s Office (ICO) to let them know of your concerns. As well this you can seek legal advice.
If A Plymouth City Council Data Breach Occurs What Should I Do?
You can contact a data breach solicitor for advice. Here at Legal Expert, we can offer free legal advice. An adviser will review your case. Where we find you have good reason to sue for compensation, a solicitor could act on your behalf. And they would do so on a No Win No Fee basis.
Our solicitors have years of experience handling all sorts of different claims and here are our reviews. They have the legal expertise needed to handle all pre-action protocols. When needed, the solicitor will arrange an appointment with a local medical specialist for you.
If you would like to start a data breach claim, an experienced adviser is here to assist you. They can answer questions like; ”What should I do if a Plymouth City Council data breach happens?” and ” Am I eligible for data breach compensation?”. You can get in touch by:
- Calling our freephone number – 0800 073 8804
- Emailing us at email@example.com
- Using our Live Online Chat
- Filling out our online claims form
A Legal Expert guide to No Win No Fee claims:
How to claim compensation for stress caused by data breaches:
How to claim data breach compensation:
The seven key principles of the General Data Protection Regulation and Data Protection Act 2018:
How to file a formal complaint with a local council:
Am I eligible to claim for a data breach?
It depends on whether a data controller failed to keep your personal data safe.
Could I claim against other public bodies?
Data protection laws apply to all UK government bodies.
What evidence will I need to make a claim?
Proof of financial losses, bank statements, credit card statements for material damages. A medical report provided by an independent specialist for non-material damages. Correspondence with the council, Information Commissioner’s Office, and other communications relevant to the data breach.
How long do I have to start a claim?
- 6 years if the claim is against a private company;
- 1 year if the claim is against a public body, such as a council.
Keep in mind that there are various factors that may affect how long you have to claim. And this means that you might not be aware of when your limitation period ends unless you take legal action quickly. So please speak to us today for more information about filing a claim.
Written By Woods
Edited By Melissa.