Rugby Borough Council Data Breach – Compensation Claims Guide
This article is going to examine steps that could be taken should a Rugby Borough Council data breach take place. Legislation such as the Data Protection Act 2018 which enacted the EU General Data Protection Regulation (GDPR) has been brought in to try and help protect the personal information organisations (data controllers) hold about you (the data subject). There has been a recent update. Since the UK has now left the EU we refer to the UK GDPR. To help police data security, the Information Commissioner’s Office (ICO) has been given powers to investigate potential breaches. However, they have no powers when it comes to compensating victims of data breaches. Therefore, we’ll show you when you could seek damages and what action you could take.
When You Could Claim For A Breach In Data Protection By A Council?
Data breaches alone don’t provide grounds for a compensation claim. You must be able to establish that a data breach occurred because the data controller failed to protect your personal information. If you have suffered because of the breach this might mean that you’ve lost money or that you have been made ill this could be claimed for in a valid case.
Legal Expert is able to help if you are thinking of claiming. We have a team of specialist solicitors who offer a No Win No Fee service for any claim they take on. To find out if you are eligible to start a claim, why not call today? Our advice centre advisors offer a free case review on 0800 073 8804.
If a data breach at Rugby Borough Council occurred our team could provide you with free legal advice about what your options could be.
Select A Section
- A Guide On When Could You Claim For A Rugby Borough Council Data Breach
- Cyber Data Breach Statistics
- What Could Be A Rugby Borough Council Data Breach?
- Data Protection Policies For Borough Councils
- Types Of Data Breach
- Data Held By Housing Departments And Social Services
- Should The Information Commissioner Be Notified?
- Steps In The Compensation Process
- What You May Be Able To Claim Damages For
- How Do You Calculate Compensation For A Rugby Borough Council Data Breach
- Rugby Borough Council Data Breach – No Win No Fee Solicitors
- Will I Need A Lawyer Specialising In Data Protection Laws?
- Beginning Your Claim
- What To Read Next
- FAQs For Data Subjects
A Guide On When Could You Claim For A Rugby Borough Council Data Breach
There can be no doubt that personal information is used differently these days. Instead of filling in physical documentation, we’ll often use websites, apps and online forms to get things done a lot quicker than in the past. While that is a good thing, generally, there is a certain level of risk with passing personal information around so freely. That’s one of the key reasons the UK GDPR exists. It’s in place to give you better control over your data’s use.
One way you’ll see this in action is when you sign up for a new service online. There will often be a pop-up box, tick box or an agreement to sign to confirm you’re happy for the operator to use your information.
All of these new requirements apply to local government bodies. Therefore, even though they couldn’t function without such data, they must abide by the rules. Throughout this guide, we’ll look at what types of data breaches might occur, when they could lead to a claim and what level of compensation might be possible.
Please bear in mind that data breach claims against public bodies generally have a 1-year time limit. However, claims against private companies have a 6-year time limit. As time limits can vary, we’d advise calling our team to verify how long you have to start your claim. And this way, you shouldn’t miss out by only realising that you’re too late to claim when you contact us.
Cyber Data Breach Statistics
To give some idea of how often data security incidents occur in local government, we’ve provided some data from the ICO below. It relates to the first quarter of the financial year 2021/22.
The number of reported incidents relating to cyber security (top 3 scenarios) were:
- Ransomware attacks – 5 cases.
- Phishing attacks – 4 cases.
- Hardware or Software issues – 3 cases.
What Could Be A Rugby Borough Council Data Breach?
Let’s now define what a data breach actually is. In terms of the GDPR, they are security incidents that cause personal data to be accessed, disclosed, lost, changed or destroyed in a way that is unauthorised, accidental, deliberate or unlawful.
Those aren’t enough grounds to seek data breach compensation though. You must be able to clearly show that the data controller did not do enough to protect your personal data. You could make a claim for mental suffering as well as financial losses. For that to be the case, there must be evidence of how the breach resulted in suffering. This might include diagnosed conditions like anxiety, stress or even Post-Traumatic Stress Disorder (PTSD). It could also include monetary problems that the breach has caused.
It is also worth noting that claims must show that the data controller did something wrong. For example, if a local council failed to maintain a high level of IT security, that allowed a cyber attack to happen that exposed your personal information.
Data Protection Policies For Borough Councils
The rules of the UK GDPR generally apply to any organisation that process personal information about residents of the UK. Therefore, they apply to local authorities like Rugby Borough Council. The rules are for data stored electronically or physically within filing systems.
Generally, data controllers must always ensure there is a lawful basis to process personal data. As part of this process, they must check that the same objective cannot be achieved without using personal data. Additionally, data controllers must be able to prove that they comply with the principles of the GDPR. These are that:
- Processing methods are lawful, transparent and fair.
- Processed data will be limited to what is necessary, adequate and relevant.
- It will be accurate
- Any processed personal data will not be retained for longer than is necessary.
- All personal data must be stored securely.
- Processed data will be purpose limited
Types Of Data Breach
We are now going to provide a few examples of data breaches that could potentially occur in local authorities. While we have listed a few scenarios, don’t be put off if yours isn’t listed – you could still be eligible to claim.
- Where adoption files are shared without permission and cause significant problems for the adoptee.
- If a cyberattack results in personal information being obtained by unauthorised parties. This type of scenario could only lead to a claim if something wrong allowed the breach to occur. This could be the case if they’d failed to keep their firewall software up to date, for instance.
- Where a letter that was intended for you is posted or emailed to the wrong person.
- Where personal information is not redacted in documents that are shared with unauthorised organisations.
Data Held By Housing Departments And Social Services
We are going to look at what sorts of documentation held by council departments could contain personal information. It’s not possible to list everything here but some examples include:
- Identification documents. During some applications, copies of passports or drivers licenses might be scanned and stored.
- Care records. Council’s will need to keep records containing highly sensitive information about social care clients.
- Tenancy agreements. These will more than likely contain your personal details and details of your property. They may also contain your contact details as well.
As these documents contain personally identifiable data, they must be kept securely. If they’re not, and they result in stress, embarrassment or financial loss, call our team to see what your options are.
Should The Information Commissioner Be Notified?
You may have the urge to contact the ICO if you suspect a Rugby Borough Council data breach has occurred. That is something you have the right to do. However, you could follow this process first. The steps you could follow are:
- Make a complaint to the council
- Await a response. If you don’t agree with it, escalate the complaint as per the instructions within the letter.
- Wait no longer than 3-months without any meaningful communication, to contact the ICO.
Our advice is to contact our team in the first instance. If your claim is taken on, your solicitor will look at the merits of involving the ICO. It’s quite possible your solicitor could achieve a compensation payment without having an ICO report. This is more likely if a council has publicly confirmed that the breach has happened.
Steps In The Compensation Process
So, following on from everything we’ve said so far, we’ll briefly summarise how to start a claim. We suggest that you:
- Start by gathering evidence. This may include letters from the data controller, bank statements and copies of your medical records.
- Contact our advice centre to have your case reviewed for free.
If there appears to be strong enough grounds to proceed, we could appoint a specialist solicitor to your case. If accepted, you’ll be represented on a No Win No Fee basis. To start the ball rolling, why not call today?
What You May Be Able To Claim Damages For
Putting a value on a data breach claim is never easy. That’s because you need to claim for any suffering that’s already happened as well as any that could occur in the future. What’s more, you need evidence to back up every penny that you claim for. Generally, your claim will be separated into two parts:
- Material damages is the part of your claim dealing with monetary losses.
- Non-material damages is the part that covers any psychological or psychiatric injuries.
For material damages, an example might be where you’ve lost money because of criminal activity. In this case, you could claim back any money that was taken from your bank account, for instance. In non-material damages claims, you could claim for any injuries that have been diagnosed by your GP. This could include depression, stress or anxiety.
However, you’ll also need to figure out if you’ll continue suffering in the future before submitting your data breach compensation claim. To help do this, you may need a medical assessment. Your solicitor will therefore book a local appointment with an independent specialist. This is nothing to worry about. During the meeting, the specialist will ask some questions and may refer to your medical notes. After that, they will write a report and explain your prognosis.
As it’s so important to include everything in your claim, we believe it’s best to have a data breach lawyer on your side. They’ll assess your claim in detail so that your suffering is fully understood before the claim is submitted. If you’d like our help with starting your claim, please get in touch today.
How Do You Calculate Compensation For A Rugby Borough Council Data Breach?
In 2015, a Court of Appeal judge made some important statements when summing up a data breach case. He said that: It is acceptable for compensation to be considered for psychological injuries caused by data breaches.
If the claimant’s case is successful, amounts used in personal injury cases should apply. Therefore, we have added a compensation table of relevant injuries below. It uses data from the Judicial College as this is how personal injury claims solicitors determine settlement figures.
|Injury / Illness||Severity||Details||Potential Settlement Range|
|PTSD||Very severe||In this category, all aspects of life will be affected by PTSD significantly.||£56,180 to £94,470
|Moderately severe||Initial suffering will be the same as above but there will be a chance of some recovery.||£21,730 to £56,180|
|Moderate||There will be moderate suffering relating to PTSD but, with professional support, a good recovery should be possible.||£7,680 to £21,730|
|Less severe||Only minor symptoms will persist beyond a period of one to two years, and a virtually full recovery will have been made.||Up to £7,680|
|Psychiatric harm||Very severe||Severe psychological harm. Factors that are affected include the ability to work; future vulnerability; whether treatment will help; affect on relationships. There will be a very poor prognosis.||£51,460 to £108,620|
|Moderately severe||A more positive prognosis but symptoms will be similar to above for some time.||£17,900 to £51,460|
|Moderate||A good prognosis will be offered due to a good level of marked improvements.||£5,500 to £17,900|
|Less severe||Injuries in this bracket will be valued based on the extent to which the injury impacted things like sleep and daily activities||Up to £5,500|
Please bear in mind that no two claims are alike. Therefore, these figures should not be taken as gospel. When your claim is assessed, a more personalised compensation estimate might be offered. If you’d like to know more, please feel free to call today.
Rugby Borough Council Data Breach – No Win No Fee Solicitors
When thinking about making a compensation claim for a data breach, you may be concerned about the level of solicitor’s fees you’ll pay. We can help reduce that worry though. That’s because every case we work on is funded by a No Win No Fee agreement. Therefore, you don’t pay anything upfront. You also don’t have to cover any solicitor’s fees if the case isn’t won.
After your case has been reviewed, your solicitor will provide a Conditional Fee Agreement (CFA) if they’re happy to represent you. This will explain what they must do before you need to pay them. Within the CFA, you’ll see details of a success fee. This is a percentage of any settlement that will be deducted by your solicitor to cover the cost of their work. By law, success fees are capped so that you can’t be overcharged.
Will I Need A Lawyer Specialising In Data Protection Laws?
We believe that your best chance of receiving the right level of compensation for a data breach comes from having specialist legal representation. While you might find a law firm locally, will they have dealt with a case like yours recently and will they offer a No Win No Fee service?
If you call our advice line, we could partner you with one of our data breach solicitors. They conduct cases over the phone, via email and online to keep the process as efficient as possible. Don’t worry though, our team are all registered with the Solicitors Regulation Authority. That means you can rest assured about the quality of our work.
To see what other clients think of our service, why not read our online reviews? We’re here to help when you’re ready to begin your claim.
Beginning Your Claim
Now that you’ve read our guide you can contact our advisors to ask any questions you have with regards to your rights should a Rugby Borough Council data breach take place. Our claims team can be contacted using the following methods.
- Connecting to an advisor in live chat.
- Calling our advice line on 0800 073 8804 to discuss your options.
- Using our online claims form to request a call back.
- Let us know about your claim in an email to email@example.com.
Remember, every claim we take on is processed on a No Win No Fee basis. That means you’ll pay no solicitors fees unless you receive a compensation settlement.
What To Read Next
In this section, we have added some resources that might prove useful if you’re considering claiming for a personal data breach.
Loss Of Personal Information – Explains when you could claim if problems result from lost personal data.
Bank Data Breaches – This guide looks at what issues could result from a banking data breach.
Psychological Injuries – Here we look at what psychiatric injuries could be included in different types of compensation claims.
Information Commissioner’s Office – Information from the government on the duties performed by the ICO.
Coping With Depression – NHS guidance on what measures could help you to deal with depression.
ICO Fines And Action – A list of recent enforcement action taken by the ICO.
FAQs For Data Subjects
In our final section of this guide on local authority data breach claims, we’ve answered a few questions about the GDPR.
What are your rights to data privacy?
According to data protection laws, you have several rights. These include the right to: be informed; access; request changes; request erasure; data portability; object to data processing; withdraw consent at any point, and the right to complain to the ICO. Also, there are rights relating to automated decision making.
What is a data controller?
In terms of the GDPR, the data controller is an individual, organisation or public authority that decides why personal data is required and how it will be processed. For example, a local authority will be the data controller when it requires personal information from its clients.
What is a data subject?
When personal information is processed, the data subject is the identifiable or identified individual that the information is about. For example, a council tenant will be the data subject where their name appears on a tenancy agreement.
When could you request your data held by a company or organisation?
You are allowed to ask any organisation for copies of the information they hold on you. This can be done verbally or in writing. The process of doing so is called making a subject access request. You can ask for the information the organisation holds, how it is used, who they share it with and where the information came from.
Thank you for reading our guide on your rights if a Rugby Borough Council data breach occurred.