Swindon Borough Council Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Swindon Borough Council Data Breach
There are a number of different reasons why your local council would have to collect and use your personal data. Planning applications, interaction with social services, applying for and living in social housing, the list goes on. Holding this information brings responsibility. In this article, we will look at potential scenarios of a Swindon Borough Council data breach and what the effects could be.
If you have had your personal data breached by Swindon Borough Council, could you be entitled to make a claim for compensation? Keeping your personal information secure and private is an important responsibility on the part of the council. Letting you down in this regard could cause you significant harm to your finances as well as making you deal with stress.
To find out whether you could be eligible to claim data breach compensation, and if so how much, there are a number of things you could do. Start by reading through the rest of this page and the information on it. Also, use the following contact methods to reach Legal Expert and have a talk with them about your situation.
Select A Section
- A Guide About Claims For A Swindon Borough Council Data Breach
- 2021 Cyber Security Breach Statistics
- What Could Be A Swindon Borough Council Data Breach?
- Do UK GDPR Rules Apply To Local Government Bodies?
- Types Of Data Protection Breaches By Local Councils
- Rental And Tenancy Data Breaches
- Should Data Breaches Always Be Reported To The ICO?
- My Council Breached My Data Privacy, How Do I Claim?
- What Compensation Can You Get For A Borough Council Data Breach?
- Calculate Payouts For A Swindon Borough Council Data Breach
- Claim Against Swindon Borough Council On A No Win No Fee Basis
- How Could A Data Breach Solicitor Help You?
- Contact A Data Breach Claims Expert
- Useful Information
- Frequently Asked Questions
People often need to share confidential information with their local councils. Their home address, their contact details, credit card and banking information. In some cases, medical or criminal records depending on circumstances need to be shared. This kind of personal information could be potentially used to forge identities should it fall into the wrong hands. Personal data such as this could be used for all sorts of harmful purposes, ranging from nuisance phone calls and spam emails to fraud or even blackmail.
Because of the risk of people being exposed to this kind of treatment, laws exist to protect people from data breaches. These laws require third parties holding peoples personal information to prove that they have been taking adequate steps in order to keep peoples personal data safe. Your local council must ensure they have robust systems in place both IT systems and staff training to protect data subjects personal information.
In 2018 the EU General Data Protection Regulation GDPR was enacted into UK law through the Data Protection Act 2018. We now refer to the UK GDPR since leaving the European Union. This legislation must be adhered to when dealing with individuals personal data.
A specialist data breach solicitor can be used when dealing with cases like this. They can help you to put together a claim and represent you when you raise it with a council and in the event that the case goes to court. If you would like to speak to a lawyer, get in touch with us once you have finished reading this article.
Statistics indicate that over the past few years there has been a number of cyber-attacks and data breaches being experienced by businesses and charities. Almost a quarter of charities and almost half of businesses faced some type of attack or cybersecurity breaches in the past 12 months.
During the period of the lockdown resulting from the Covid-19 pandemic, the number of reported attempted data breach incidents actually took a slight fall. This could be a result of the reduction in business activity making businesses less attractive targets for cyber-criminals. However, it could also be explained by a disruption in businesses ability to perform the necessary procedures and reporting needed to properly monitor data breaches and attempted data breach incidents. One thing is clear though, and that is that there is always more that could be done to prevent peoples personal information from being put at risk of data breaches.
A data breach could refer to a number of different situations. The following scenarios are situations that could be classed as data breaches.
- Personal information is disclosed to or shared with unauthorised parties
- Lost or stolen memory sticks and laptops that are not encrypted
- Verbally sharing private information about an individual without authorisation.
- Leaving filing cabinets unlocked that contain personal information and can be accessed by those who are not authorised.
- Sending an email containing data subjects private information to another unauthorised individual.
- Cyber-security attacks lead to the unauthorised download of files.
It may not always be apparent when a data breach has occurred. Organisations must train staff on data awareness if they are dealing with personal information.
The rules for data protection and security are set out in the UK General Data Protection Regulations (GDPR) or The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020. These laws place specific restrictions on what a party collecting and processing data is and isn’t permitted to do with people’s data. 7 Key principles of the GDPR;
- Informing the data subjects that their details are being collected, and only using lawful methods for collecting data.
- Only using the data for the purposes that were outlined to the data subject when they were asked to provide their data.
- Only collect data that is needed.
- Destroying or disposing of data once its purposes have been met.
- Keeping data up to date and accurate.
- Holding data securely, in a manner that precludes as much as reasonably possible the danger of the data being accessed by unauthorised parties
- Demonstrating that these conditions have been met.
A local council is one example of a data holding party that could have exceptions to GDPR requirements under certain circumstances. These circumstances could include situations where the confidentiality or the safety of the person supplying the data could be a concern. Or situations where an investigation into possible criminal offences is at stake.
These situations could include cases where a person’s details have been referred to social services by a family member or a loved one. Or situations where a local council has referred information to social security fraud authorities. Or the police for the purposes of an investigation. These exceptions would fall under one of the 6 lawful bases for processing personal data and may not be seen as an actual exception.
A local council will hold on to lots of peoples personal information for a wide variety of purposes. So there are a number of different potential ways in which someone’s personal data could be breached either by accident or deliberate act. Below is a list of examples of potential different data breach scenarios.
- Sending documents containing sensitive information to another individual due to a failure to update personal information.
- Failing to redact personal information when forwarding documents to other third parties.
- Employee’s or ex-employees accessing databases for their own purposes.
- Cyber-attacks due to insufficient IT security measures.
- Social services information being disclosed.
- Disclosure of adoption records information.
- Identifiable information being disclosed about people who have listed complaints about neighbours or anti-social behaviour.
- Breaches of council employee information.
- Social housing tenancy information breaches.
Most, if not all, local councils are responsible for providing and managing social housing (council housing). Some of the information that councils might hold in regard to their social housing tenants could include things like:
- Tenancy agreements
- Other tenancy documents
- Banking information
- Copies of wage slips
- Rent statements
Information like this could be compromised. This can be done by mistakes such as sending letters containing personal information to the wrong address. Or sending documents containing non-redacted personal information to other parties, such as businesses engaged in planning permission discussions with the council
The Information Commissioner’s Office (ICO) is the regulator that handles personal data security in the UK. They are the authority responsible for responding to reports of data breaches by carrying out investigations into complaints. They can hand down fines and other conditions onto those found responsible for data breaches or breaches of data security practices.
You have the option of making a complaint to the ICO. If you do wish to make a complaint to the ICO, make sure you have a record of complaining to the council beforehand to show that you have given the council the chance to fix things first.
Secondly, make sure that you contact the ICO within three months of your last contact with a council. The ICO will probably not engage with your complaint if too much time has passed since you found out about the breach. You can see the website of the ICO for further details about how to make a complaint.
There are a few steps that you could take first. These are outlined in the section above on making complaints to the ICO. Try complaining to the council first, then you can take the matter to the ICO. You could also make a claim for data breach compensation but you must be able to prove that the data controller failed to protect your personal information.
You can contact Legal Expert any time of the day or night to have your case assessed. This is free. They can discuss your situation and provide you with an assessment of whether or not you could be entitled to make a claim. Therefore if they find you have a valid case they will assign a specialist solicitor. Once you are in contact with a solicitor, they can explain where the claim will go from there.
The amount of compensation you could be entitled to receive in your claim is down to the amount of harm a data breach has inflicted upon you. The more heavily affected you were by a data breach, the more compensation you could be entitled to claim.
In a data breach compensation claim, you could be entitled to claim compensation for the mental stress a data breach has caused. This could be for the emotional distress caused by the breach, to any long-term symptoms of diagnosed Post-Traumatic Stress Disorder. A data breach could have a major impact on your mental health. This could be through the fear and anxiety it causes as you worry about the possible effects of your data falling into the wrong hands. The compensation you could claim for psychological damage is called non-material damages.
Another factor affecting the amount of compensation you could be awarded is any money lost or stolen. There are a number of different ways your financial situation could be impacted by a data breach. These could include the loss of earnings from taking time off work due to stress, to having money stolen from your bank account by cyber-criminals who have managed to access your personal financial information. This part of your compensation is called material damages.
Calculating the material damages part of your compensation is performed by adding up the total proven financial losses resulting from the data breach. Therefore, you will need to put together the documentation that proves the losses you are claiming for. This can include things such as bank statements, wage slips and so on.
Calculating the non-material damages can be done with medical evidence. We have used figures from the Judicial College Guidelines in the table. These outline amounts of money that have been awarded in personal injury cases. You can see the breakdown of these guidelines in the table below.
Finally, calculating the amount of compensation you will claim for your data breach is done as part of the process of making the claim. We cannot provide valuations here. To find out further details you can speak to one of our team of advisors.
|Severe psychiactric damage||£51,460 to £108,620|
|Moderately severe Psychiatric damage||£17,900 to £51,460|
|Moderate psychiatric damage||£5,500 to £17,900|
|Less severe||£1,440 to £5,500|
If you have been through the stress of a data breach, you will obviously want to avoid further stress by making the claims process as straightforward as possible. One way you can do this is by opting for a lawyer who offers No Win No Fee terms.
This is a type of claim where you and your lawyer will sign an agreement stating that you are not liable for any legal costs in the event of a failed claim. This agreement will also outline that your lawyer is entitled to a “success fee” made up of a minority portion of your claims compensation award if you win.
A data breach claims lawyer’s job is to help their clients make a claim and to maximise their chances of winning the claim. They put their legal qualifications and experience to use in helping their client put together a strong case with supporting evidence. They will conduct communications with the party being claimed against. If the claim does go to court, and most claims don’t, they will represent their client in court.
Their knowledge of the law will offer your case many advantages. By taking on your case they also lift the responsibility for making the claim off of your shoulders to a large extent. This then will allow you to focus on getting things back to normal.
To conclude, if you want to take the next step towards starting a data breach compensation claim contact our advisors. Or if you want to know more about how data breach compensation claims work before you come to a decision, you can speak to our team. Also, you can reach a member of our team to ask questions by dialling 0800 073 8804. However, you can also send a message to our contact page, or messaging our live chat.
What Are Damages You Could Claim?
In a data breach compensation claim case, you could claim non-material damages for psychological harm. Also, material damages for the financial losses caused.
Who will be the defendant in your case?
If you are making a data breach compensation claim against your local council, this would be the defendant.
What limitation periods could affect your claim?
You have 6 years to make a data breach claim against a private company. But this drops to 1 year if it’s against a public body, including a council. Now, you may not be aware as to what your timeframe could be. That’s because you may be unsure as to what timeframe your defendant falls into. Therefore, we suggest speaking to us ASAP to avoid missing out on potential compensation.
Are there pre-action protocols your claim needs to follow?
If you think you have suffered a Swindon Borough Council data breach, you can contact them first. Importantly, if you get a response it could help figure out what has happened, if anything. Then you have the option of either making a complaint to the Information Commissioner’s Office (ICO) or starting a claim if you have a valid reason.
So, do you need more advice? Are you wondering if you may have suffered a Swindon Borough Council data breach? Why not call for free advice today?
Written By Yarlett.
Edited By Melissa.