Southend-on-Sea Borough Council Data Breach Compensation Claims Guide
Could I Claim For A Public Sector Data Breach?
Has your personal data privacy been compromised by the council? Did they fail to have data protection procedures in place? If so, this article could provide the information you need. We have created this guide to help you understand the process you could take following a Southend-on-Sea Borough Council data breach.
A data breach is usually when a security breach leads to your personal data being changed, lost, destroyed, accessed or disclosed in a way that isn’t authorised and is unlawful. This may either be accidental or deliberate.
In previous years, the rules around how our personal data was used were less strict. However, the General Data Protection Regulation (GDPR) was created to enforce more regulations on the collecting and processing of people’s data.
The GDPR is still relatively recent though and there are a lot of organisations still trying to get their procedures up to standard. However, even in tandem with the continuous development of cybersecurity, the GDPR hasn’t stopped breaches from occurring.
It has helped guide organisations, including councils, on how they can do their part to protect people’s data and ensure they are using it lawfully and responsibly. Failing to comply with the GDPR can result in breaches.
If a council’s data protection failings cause a data breach, you may suffer mentally or financially. If that’s the case, you could make a claim. For more information, call our advisors on 0800 073 8804. Otherwise, continue reading for more advice.
Select A Section
- A Guide About How To Claim For A Southend-on-Sea Borough Council Data Breach
- Statistics And Trends In Data Security
- What Is A Southend-on-Sea Council Data Breach Claim?
- Are Public Bodies Bound By The GDPR?
- Types Of Breaches In Data Protection
- Social Housing Rent Statement Data Breaches
- How Do I Complain To The ICO?
- What Steps Should I Take If Impacted By A Data Breach?
- What Data Protection Breach Compensation Could You Claim?
- Southend-on-Sea Borough Council Compensation Calculator
- Claim For A Southend-on-Sea Borough Council Data Breach With A No Win No Fee Solicitor
- Starting Your Claim For A Breach Of Data Protection
- Contact A Expert Solicitor
- Useful Data Breach Resources
- FAQs On Public Sector Data Breaches
Are you feeling frustrated that your data has been exposed due to poor data protection practices? Perhaps you’ve suffered psychologically since the incident? Or maybe your finances have taken the hit? If so, and you have evidence to do so, you may be able to claim compensation for the damage you’ve suffered.
In this article, you can find out more about the process of making a data breach claim. Additionally, we’ll be exploring what harm you could claim in compensation and the evidence you’ll need to support your claim.
Furthermore, we understand that you may be feeling apprehensive about seeking legal representation due to the upfront costs that can be associated.
However, here at Legal Expert, if our advisors feel you have a favourable valid claim, they could connect you with our solicitors. Our solicitors operate on a No Win No Fee basis. We’ll be looking at what this means and how it can benefit you further down in our guide.
If, after reading our guide, you feel you could benefit from chatting with one of our advisors, you can get in touch on the number above.
How long do I have to make a data breach claim?
If you’re looking to make a data breach claim, you should be aware of the time constraints that may apply. So, it’s 1 year if claiming against a public body, such as a council. But it’s 6 years if you claim against a private company. Note that the nature of the defendant isn’t always obvious as far as where responsibility lies. And other factors could also impact the timeframe. So, we urge you to speak to us about filing a claim sooner rather than later. That way, you won’t miss out by unknowingly being too late.
The Cyber Security Breaches Survey 2021 explores the incidents and nature of cybersecurity breaches in the UK. The most recent 2021 survey looked at the action that businesses and charities may take after a breach.
It found that 36% of businesses and 28% of charities took no action after their most disruptive breach. However, it reported that 78% of medium firms were likely to take action to prevent further breaches or attacks. 79% of large firms were likely.
Additionally, 66% of businesses and 59% of charities report having a formalised response process that they follow after a cybersecurity incident. It might include one or a few of the following:
- Identifying the source of the incident
- Roles and responsibilities assigned to specific individuals
- Assessment of the scale and impact of the incident
- Formally logging incidents
- Written guidance on who to notify
- Communications and public engagement plans
The graph below shows actions businesses and charities have taken to prevent further breaches after having one. The figures are based on those organisations that took action after their most disruptive breach or attack.
In addition to the action taken, 36% of businesses and 28% of charities took no action at all.
The Southend-on-Sea Borough Council is responsible for various different departments such as housing (which covers housing benefits and council tax), rubbish and recycling collections and registering marriages, civil partnerships, deaths and births amongst other things.
Each one requires a different department and set of staff to ensure it runs smoothly. Additionally, different personal and financial information will be needed when you access the variety of services provided.
As they hold and process a variety of data for UK citizens, the local council should protect your data as per the GDPR and the Data Protection Act 2018. Failing to do so could result in severe consequences that you could claim compensation for.
For instance, it could be an accidental breach such as losing copies of someone’s marriage certificate due to poor storage systems. Or a deliberate breach where an ex-council employee has been able to access personal data for their own use without consent.
Either way, you will need to prove that the council failed in some way to follow data protection laws and secure your personal data. This could be partly done through correspondence you’ve had between yourself and the council outlining the details of the breach.
For more information on how the GDPR may apply to your local council, see below.
Firstly, you might be wondering what the GDPR actually is. The GDPR is an EU law that came into force in 2018. It was then enacted into the UK’s law through the Data Protection Act 2018.
The legislation essentially creates a duty for organisations to act lawfully in the way they use someone’s data. Organisations are expected to be clear about how they’re going to use someone’s data, why they need to use it and gain consent from the person before using it.
This does apply to councils as well. However, there are certain lawful exemptions as to when they can share your data without your consent. These exemptions will be considered on a case by case basis and may not always apply.
One exemption might include the processing of data for Council Tax purposes. For example, a council might need to pass information to the HMRC for lawful reasons.
However, no matter the exemptions that may apply in certain situations, no organisation that collects or processes information is fully exempt from complying with data protection legislation.
Our guide explores the concept of a potential Southend-on-Sea Borough Council data breach. However, we could help if you’ve suffered financially or mentally due to any data breach. Why not call for free legal advice?
As the Southend-on-Sea Borough Council is responsible for various departments, there is a lot of personal and financial data they have a legal obligation to protect. However, mistakes can be made resulting in breaches such as:
- The social care department accidentally sending an email detailing information about an adoption to an unauthorised person instead of the person it was intended for.
- There being a lack of security software on the portal where people keep track of and pay their council tax, resulting in a hack that puts people’s financial details at risk.
- The marketing team sending unsolicited marketing emails promoting an upcoming election to people who hadn’t consented to receive them.
- The council sharing identifiable information (such as names and addresses) to unauthorised parties about people who had objected to planning applications.
- Someone stealing IT equipment containing sensitive personal data that the council had failed to ensure was secured. (Sensitive personal data can include sexual orientation, ethnic origin and health-related data.)
In addition to digital breaches such as the ones listed above, there could be physical data breaches such as an employee:
- Leaving documents containing sensitive personal data in an unlocked cabinet for people without authorisation to access.
- Failing to dispose of personal data correctly such as throwing passport scans or documents with financial details in an open bin that’s accessible to the public.
These are just a few of many incidents that a council could be responsible for. However, if you’ve experienced something similar that isn’t listed above, you can get in touch with our advisors on the number above. They’ll be happy to provide further help and advice.
Part of the council’s responsibilities is providing social housing and housing benefits to those who need it. In order to do that, they need to process various types of personal and financial information such as:
- Your name, date of birth and address
- Your occupation
- Bank details
- Your passport or another form of ID
Some of this information is directly identifiable data. This is data that someone could use to easily identify you such as your name, address or passport.
In addition, there may be data within the information you need to provide that could result in someone indirectly identifying you. This is data that could help someone identify you if they use it in combination with other information. For example, this could be your car registration number or your passport number.
For that reason, the council should take care to follow data protection procedures. This should ensure they are protecting your data and only using it in the way you gave consent to. However, there are ways that breaches can happen. For instance:
- Failing to store copies of tenancy documents in a locked and secure place.
- Keeping passport scans for longer than necessary, long after a tenant has moved out.
- Sending rent statements to the wrong person even after a new address has been provided.
- Failing to remove personal information from an email thread including people not authorised to see that information.
If the council fails to protect the personal data you provide them, it could result in a data breach. If the consequences have had a severe impact on your psychological wellbeing or your financial state, you may be able to claim compensation for the damage you’ve suffered.
For more information, see further down in our guide.
This guide on what constitutes a potential Southend-on-Sea Borough Council data breach aims to give you helpful information. But if you need anything else, why not contact us?
In order to make a complaint to the ICO, you first need to ensure you’ve done everything you can to resolve the issue without their input.
Firstly, if a data breach has occurred and it could risk your freedom and rights, the council needs to let you know without unreasonable delay. They also need to report the breach to the ICO within 72 hours of becoming aware of the incident.
If the council has contacted you, this is a good opportunity to start a dialogue with them about what they plan to do to resolve the issue. Alternatively, you could contact them if you have concerns that they haven’t followed data protection regulations.
If you either don’t hear back from them or they fail to take your concerns seriously, you could take the next step of contacting the ICO. However, it’s important to be aware that the ICO could find it more difficult to investigate your complaint if a longer period of time has passed.
For that reason, you should try and contact the ICO in a timely manner, usually within three months of the last productive contact you had with the council.
What can the ICO do?
If the ICO conducts an investigation and finds an organisation has acted wrongly and is in breach of its duty to comply with the GDPR, it may face penalties.
The ICO may issue a monetary fine or an enforcement action such as a warning to get their data breach policies up to standard. In some cases, the ICO may issue both of these.
The penalties should be:
- Effective: It should be successful in making organisations aware of their failings.
- Proportionate: In line with the impact the breach has had on the people involved.
- Dissuasive: It should discourage companies from acting in the same way again.
For instance, the ICO fined Papa Johns £10,000 for sending multiple marketing emails that people didn’t request or consent to.
Whereas, the ICO fined the airline Cathay Pacific £500,000 for failing to protect their customers’ personal data.
As you can see, the action taken varies greatly depending on what type of breach occurred and the consequences that may have resulted from the breach.
There are a few steps you can take. Firstly, you could contact the council directly. Failing that, you could contact the ICO.
However, despite this being the recommended process to make a complaint to the ICO, you don’t need to do either of these things to start a claim.
Instead, you can get in touch with a solicitor and make a start on your claim. However, it can help to try and contact the council first as it can help to provide evidence when proving they did something wrong.
If you require any further information, see further down in our guide about how a solicitor may benefit you.
If you need any questions answering regarding this Southend-on-Sea Borough Council data breach guide, why not get in touch? Our advisors give free legal advice.
The GDPR provides you with the right to claim compensation for the harm you’ve suffered. This might include both financial and mental harm.
You could claim compensation for any financial losses caused by the data breach under material damages. These cover both past and future losses. For instance, if you’ve suffered a data breach that has involved someone stealing your identity, this could become a persistent problem. Loans could be taken out in your name and your credit score may be affected.
In addition, you could claim for any psychological harm caused by the breach, such as anxiety or stress, under non-material damages.
However, you will need evidence to support your claim for either type of damages. For any financial losses, you could provide bank or credit card statements. Additionally, you could provide your credit score rating to help assess the long term impact the breach may have on you.
For psychological harm, you could provide medical documents that provide information on your mental state. Furthermore, you should be invited to attend a medical assessment that can provide an additional independent report on the state of your psychological condition.
Most importantly, in order to hold a valid claim, you’ll need to prove that the council did something wrong to cause the breach of data protection. For instance:
- Any correspondence you’ve had with the council regarding the breach
- Any findings provided by the ICO
- Other evidence that may be obtained over the course of the claim
The amount of compensation you could be awarded may vary depending on the nature of the data breach incident. For instance, did it only affect you financially? Or did it affect you psychologically as well?
The decision from the Court of Appeal during Vidal-Hall and others v Google Inc  altered the way compensation can be claimed for data breaches. The Court held that you can claim psychological harm without having any financial losses. Before this case, you could only claim for mental harm if you’d also suffered financially.
The Court also held that the mental suffering could be subject to the same process of valuation as it is under personal injury law.
The amount of compensation that is awarded may vary from case to case. So it can be difficult to provide an average amount that’s applicable to each claim.
However, we have been able to create a compensation table below, providing estimated figures of what you could claim for any mental harm you’ve experienced.
|Type of harm||Severity||Further details||Award|
|Post-traumatic stress disorder||Moderately severe||There may be an impact on a person's sleep or mood. The symptoms may improve with professional help but are likely to persist and cause future problems.||£21,730 to £56,180|
|Post-traumatic stress disorder||Moderate||The person may have mostly recovered but may still have to deal with moderate ongoing symptoms.||£7,680 to £21,730|
|Post-traumatic stress disorder||Less severe||For the most part, the person may have made a full recovery. However, some minor symptoms may continue to cause a problem.||Up to £7,680|
|Psychiatric damage||Severe||The person will have significant problems and a very poor prognosis.||£51,460 to £108,620|
|Psychiatric damage||Moderate||The person may have experienced an impact on their work, education, life and relationships. However, they may see some improvement in the symptoms they experience.||£5,500 to £17,900|
|Psychiatric damage||Less severe||The award given will depend on how long the person has been effected by symptoms such as trouble sleeping or going about daily activities.||Up to £5,500|
The figures have been created using the Judicial College Guidelines, which is a document that can help to value claims. It may be used alongside the independent medical report which may also be considered when calculating compensation.
If you have any questions regarding compensation, contact our advisors on the number above and they’ll be happy to provide further help.
Have your finances been impacted by the data breach incident you’ve been involved in? If so, and you still want to have access to an expert solicitor, we have an option that could help.
Our advisors could connect you with a solicitor who could represent you on a No Win No Fee basis. This means that if the solicitor fails to succeed with your claim, you won’t be required to pay solicitor fees.
If your solicitor is successful with your claim, you’ll be required to pay a small fee. However, you decide on the success fee you’ll be asked to pay with your solicitor before starting your claim.
The most important thing to remember is that this type of agreement allows you to reap all the benefits of having a solicitor represent you. But you’d avoid upfront and ongoing solicitor fees and won’t need to pay any solicitor fees unless your claim is successful.
Do you have evidence of a valid claim and are ready to claim? If so, you may be wondering how to go about finding a solicitor you trust to help you.
Here at Legal Expert, our advisors can support you by checking the chances of your claim being successful. If it looks favourable, they could connect you with one of our solicitors who are experienced in data breach claims. Furthermore, our solicitors are able to represent you on a No Win No Fee basis and have experience handling claims.
They can support you each step of the way and use their knowledge to help you get the compensation you deserve.
For more information, you can check out our reviews. Or you can contact our advisors using the details below.
We hope you feel more knowledgeable about the process of making a data breach claim and the steps you may need to take. However, if you have any questions or simply just need a little bit of clarification, our advisors can help.
They are available 24/7 to offer you free legal advice and answer any questions you may have regarding council data breaches.
Furthermore, if you are ready to get started with your claim, they could connect you with a No Win No Fee solicitor. Alternatively, they can just provide you with further information if you’re not ready to take this step.
For more information, get in touch with our advisors using the following details:
- Telephone: 0800 073 8804
- Instant legal advice using the live chat feature at the bottom of this page
- Arrange a callback by filling out the form and we’ll call you at your specified time
We’ve almost got to the end of this guide on what to possibly do following a Southend-on-Sea Borough Council data breach. Hopefully, the below resources could help.
Did someone access your medical records without authorisation to do so? If so, our guide could help you understand the next steps you need to take.
Was your data exposed after a comparison site failed to keep its security system up to date? Visit our guide to find out what you could do to get the compensation you deserve.
See our guide for more information on nursery data breach claims and the compensation you could claim for them.
Visit the ICO website for more information on the penalties they may issue for a data protection breach.
The ICO website offers guides on how you can be more data-aware when it comes to political campaigning practices.
For more research and statistics on cybersecurity, visit the government website.
If you require further information on data breach claims, see below where we’ve answered some commonly asked questions.
Can you be compensated for a data breach?
If you can prove that an organisation did something wrong to cause a data breach, then you could claim compensation for the financial or mental damage you’ve suffered.
How much can you be fined for breaking GDPR?
Organisations could face fines that vary in amount depending on the breach. For instance, the ICO could fine organisations thousands or millions.
Can an individual be prosecuted for breaching GDPR?
It may be possible for an individual to face consequences if they breach the GDPR. For instance, an ex-employee at EE was arrested under criminal law for unlawfully accessing his ex-girlfriend’s personal data.
What is a GDPR violation?
A violation of the GDPR is either the accidental or deliberate action of losing, destroying, altering, accessing or disclosing someone’s data without consent or authorisation.
We hope you found our guide on the steps you can take following a Southend-on-Sea Borough Council data breach. Thank you for taking the time to read it.
Written by Mitchell
Edited by Victorine