Reading Borough Council Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Reading Borough Council Data Breach
This guide shall examine potential scenarios of a Reading Borough Council data breach and how an individual may be affected. Since the introduction of the EU General Data Protection Regulation that became UK law through the Data Protection Act 2018 and now has been amended to the UK GDPR, data subjects have much more control over how their personal data is processed.
Data protection laws exist to ensure that your personal data is kept secure and private. These laws require all parties which collect data from data subjects to take steps to ensure their security and fair use. Things like people’s personal addresses, contact information, banking details, medical records, and so on are among the types of data that are supposed to be protected.
If a council failed to protect your personal data, could they be liable for a data breach claim? Read on through this page and others linked to it for further information. If you are interested in taking things further, you can contact us using the contact details below to speak to a member of our team.
Select A Section
- A Guide About Claims For A Reading Borough Council Data Breach
- Data Protection Breach Statistics
- What Could Be A Reading Borough Council Data Breach?
- Are There Exemptions To The GDPR?
- Types Of Breaches Of Data Protection By Local Councils
- Council Tenant Rent Statement Data Protection Breaches
- Should My Case Be Referred To The ICO?
- How To Take Action Against A Local Borough Council
- Common Damages Your Settlement Could Include
- Calculate A Settlement For A Reading Borough Council Data Breach
- Claim For A Reading Borough Council Data Breach With A No Win No Fee Solicitor
- What Do Data Protection Breach Lawyers Do?
- Speak To A Data Breach Expert
- Useful Information
- FAQs On Data Breaches By Borough Councils
Your local council might have a number of reasons to collect your personal data. This may be for the purposes of the various services they provide and for record-keeping. However, just like any other organisation, your local council is obligated to follow the data protection rules set out under the UK GDPR. To abide by recent changes a council should;
- Inform you that your data is being collected, asking for your consent to collect the data, and telling you the purposes of collecting the data.
- Keeping the data held securely, confidential, and without allowing access to unauthorised parties.
- Only using the data for the purposes they stated to you.
- Destroying data that no longer serves the purpose it was collected and stored for.
There are 6 lawful bases that allow an organisation or data controller to process personal information. Consent is just one. So even though data controllers must comply with the above there may be a lawful basis when they do not need to.
The purpose of this page is to explain how a data breach could potentially occur and how a council might fail to meet its data protection obligations. We examine the question; if a Reading Borough Council data breach was to occur could a data subject involved be entitled to make a data breach claim?
Let’s now look at the prevalence of data breaches in the wider society. In 2020, 46% of businesses, and 26% of charities had experienced cybersecurity attacks or breaches within the previous 12 months. However, it is difficult to say for certain what the real frequency of cyber-attacks and breaches is. This is because the amount of cybersecurity monitoring and reporting of breaches is not as high as it should be.
There has been an increase over the previous years in cybersecurity awareness and training. Similarly, the slight decrease in the number of reported cyber-attacks could be attributed to the Covid-19 pandemic interrupting the ability of businesses to perform proper cyber-security measures.
What is a local council data breach compensation claim? A data breach is a security situation, in which personal data is lost, destroyed, is altered or is disclosed to or accessed by someone who should not have been privy to it. To hold any solid reason to make a claim it is not enough that your personal information has been breached. You must be able to demonstrate how the failure of the data controller led to your personal information being exposed.
What GDPR rules apply to data collection and data processing? There are 7 key principles to processing personal data
- Fair, clear and within the law.
- For the purpose intended.
- Only data that is needed.
- Kept up to date.
- Only stored for as long as necessary.
- Kept secure
- Abiding by the rules above.
However, there are 6 lawful bases that mean personal information can be processed. One of them is only related to consent;
- Legal obligation
- Vital interest
- Public task
- Legitimate interest.
An example of a situation in which the local council could share people’s personal information without consent is for the sake of a referral to social services. For example, for the data subjects best interests.
A data breach could be recognised as a situation where the security, anonymity and integrity of personal data being stored by a third party is compromised. Various different kinds of data breaches could potentially occur.
Some of the situations which could be classed as a data breach may include:
- Allowing cyber-intrusion data breaches to occur due to inadequate cyber-security policies.
- Sharing personal data with unauthorised third parties either deliberately or accidentally that do not fulfil the 6 lawful bases.
- Failing to destroy or dispose of data correctly.
- Using personal data for the wrong reasons, i.e. sending nuisance emails, junk mail, or making nuisance phone calls.
- Allowing physical documents containing personal data to be accessed, stolen, or destroyed without authorisation or accidentally.
Specific forms of personal data that could be stored by a council that could be subject to a breach include:
- Social services information
- Adoption records
- Complaints records
- Planning application records
- Tenancy documents
- Passport information
- Council employee information
One area where a local council could retain people’s personal information is in regards to council tenant information. When applying for and living in social housing some of the personal information that could be held by a council that might be subjected to a breach is;
- Passport information
- Tenancy contracts
- Rent statements
In addition to breaches being caused by cyber-attacks, there are also particular mistakes that could lead to council tenancy information being breached.
- Sending mail to the former address of the data subject due to a failure to update their personal information.
- Sending non-redacted information about council tenants to unauthorised parties.
The Information Commissioner’s Office (ICO) is the regulatory body of data protection in the UK. They are the body with the remit to investigate cases of reported data breaches. Furthermore, they have the authority to impose fines and other conditions on bodies that have breached data protection rules. If a Reading Borough Council data breach was to occur that risked individuals rights and freedoms, the data breach officer would need to report it to the ICO within 72 hours.
Before making a complaint to the ICO it is recommended that you raise your complaint with a council. This serves to at least demonstrate that you attempted to give the council the opportunity to explain and rectify the situation.
If you receive no reply, or an insufficient response, you can then take the matter to the ICO. If you do wish to make a complaint to the ICO you should do so within three months at the latest of your last contact with the council. The ICO does not usually conduct investigations into complaints that have been made after an undue delay.
As outlined in the section above, your first step when making a complaint should be to make a report to the council you hold responsible. This may result in the council offering an explanation. It could provide some kind of solution to the issue that satisfies you into not taking the matter further. If this first measure does not rectify the matter you can subsequently make a complaint to the ICO.
However, you are not bound by any requirement to make a complaint to the ICO. If you have not received a satisfactory response from the council to your complaint you could seek legal advice.
To begin a compensation claim your first step could be legal advice. You can find out more by contacting us and speaking to someone from our team. They can answer questions about whether you could make a claim. They could also advise on what the claim process could entail and can also put you in touch with a solicitor if you want to go ahead with making a claim.
A legal precedent was established in the case Vidal-Hall and others v Google Inc  – Court of Appeal. Those who suffer mental anguish but no financial losses can now make a data breach claim.
A personal data breach could cause harm to the victim’s mental health. Having your personal and private information breached, possibly being accessed by or disclosed to unauthorised parties or being misused, would be a distressing experience. Very much on par with experiencing a robbery or a burglary in person. Even if the data ultimately is not used to commit crimes, the threat of it could leave the victim suffering from mental distress. This could include; psychiatric damage, and in some cases even the symptoms of PTSD.
Some victims could experience, anxiety, panic attacks, loss of sleep, and nightmares due to the stress of being a data breach victim. These factors could be included in a compensation settlement.
Therefore, beyond the compensation for your health, you could also be entitled to make a claim for material damages compensation. This is compensation that is awarded to those who have been affected financially by a data breach. Financial losses caused by a data breach can include things like loss of earnings through taking time off work due to stress. Also, the impact that a data breach has on your credit score, and monies lost or stolen. You will need to provide proof in order to claim for the financial impacts.
We can’t provide a valid figure for the amount of compensation you could be entitled to claim at this stage. That is something you will only be able to find out once your situation has been examined. What we can show you is a breakdown of how your compensation could be calculated if you have valid case and a successful outcome. This could at least give you a very rough idea.
The compensation may be split into material damages and non-material damages. So, material damages cover financial losses. Meaning non-material damages cover mental suffering. The table below is a compensation calculator table. It shows figures taken from the Judicial College publication on compensation guidelines. A data breach is unlikely to physically harm you, but the stress it causes could easily harm your mental health through anxiety, sleeplessness, and even symptoms of PTSD. These figures are only for non-material damages.
|Severe psychiatric damage||£51,460 to £108,620|
|Moderately severe psychiatric damage||£17,900 to £51,460|
|Less severe||up to £5,500|
|Severe PTSD||£56,180 to £94,470|
|Moderately severe PTSD||£21,730 to £56,180|
|Moderate PTSD||£7,680 to £21,730|
|Less severe PTSD||Up to £7,680|
No Win No Fee solicitors are paid their fees on the condition that the case they are supporting wins. Rather than charging an upfront fee No Win No Fee solicitors are entitled to a share of the compensation payout in the event that compensation is paid out to their client. This is known as a success fee.
These conditions mean that the client will automatically be able to fund their solicitor. Importantly, they won’t be liable for paying for the solicitor if the claim is unsuccessful. These conditions may make the claiming process easier which is especially important for claimants who may have been badly affected both financially and mentally by the effects of a personal data breach.
Data protection lawyers are experts in personal data protection laws. They can help their clients win compensation by putting together cases for claiming compensation. They will work to identify and find proof of the breach of their client’s data privacy rights, as well as identifying and proving the harm done to their clients by the data breach. This will help the calculation of the amount of compensation being claimed.
A lawyer can take on most of the tasks of making a claim while keeping you informed of the claims process. This is so that you can focus on your own recovery. If the case does need to go to court, which in most cases it won’t, they can represent you. For more details about how a data protection lawyer can help you fight for your case, see the contact details below.
What pre-action considerations should you make?
Before you take legal action over a data breach you should first consider making a complaint about the breach to a council. Then consider making an ICO complaint. Then seek legal advice about making a claim.
How do I make a subject access request?
You have the right to ask an organisation whether or not they are storing your personal data and how. You can also request that you be sent a copy of what data they are holding. This request can be made in writing or over the phone, see the ICO for more details.
How do I send a notice to cease processing?
You can have the right in certain circumstances to request that an organisation stop collecting your data, or stop using your data, or to dispose of your data altogether. This request can be made either verbally or in writing.
How are judgments enforced?
A liable party is required to pay a fine when ordered to by a judgement in an ICO investigation.
Written By Yarlett.
Edited by Melissa.