Wiltshire Council Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Wiltshire Council Data Breach
Each time we send an email or shop online we often consent to the working of Cookies. ‘Cookies’ pop up on every screen asking if it’s okay to collect details about us. As well as these we may often consent to the sharing of our personal data. We give this consent with the hope and understanding that the companies involved will use that data respectfully and properly. When they fail, through either staff error or weaknesses in their software security, the results may mean our personal data is compromised. In this article, we will examine what may be meant by a Wiltshire Council data breach.
Wiltshire Council has a responsibility, like every other local authority, to collect, store and use our data with extreme care. New, far-reaching laws came into effect to acknowledge this in 2018. They ensure a greater degree of protection for the consumer in this area. At Legal Expert, we can explain your rights and what steps you can take to seek compensation if a local authority failed to protect your personal data. Are you already the victim of a serious data violation? If so, get in touch to see how we can help you right now:
- Call us for no-obligation advice about a local authority data breach on 0800 073 8804
- Email or write to us at Legal Expert.co.uk
- Use the ‘live support’ option, bottom right
Select A Section
- A Guide To Claims For A Wiltshire Council Data Breach
- County Council Government Department Cyber Security Breach Statistics
- What Is A Claim For A Wiltshire Council Data Breach?
- Are County Councils Exempt From Following The GDPR?
- What Are The Different Types Of Council Data Security Breaches?
- Social Housing And Council Tenant Information Data Breaches
- Report To The Information Commissioner every time?
- How Do You Make A Claim Against A County Council?
- What Could Your Payout Compensate You For?
- Calculate Wiltshire Council Data Breach Compensation Payouts
- No Win No Fee Claims For A Wiltshire Council Data Breach
- How To Choose A Data Protection Breach Lawyer
- Begin Your Claim
- Useful Information
- Council Data Breach Claim FAQs
First and foremost, we look at exactly what constitutes a breach of personal data. What is personal data and why is it collected? Why is it stolen and for what purpose? In this article, we aim to explain the fundamental parts of starting a claim against a local authority if they were to leak your personal information. There is a 6-year time limit for making a claim against a private company that misused your personal information. Note, though, that this drops to 1 year when claiming against a public body, a council being one example. Here, we explain how you can start today.
Working with a personal injury lawyer, we demonstrate how they could calculate damages for your claim. Also, how they might refer to the Data Protection Act 2018 and the new General Data Protection Regulations (GDPR) as the basis for seeking restitution on your behalf. After a change in the position of the law with a case called Vidal-Hall v Google, the courts recognised that it was possible to suffer psychological harm without the presence of financial loss.
We look at how the evidence for a breach is gathered and what a data protection problem could mean to you. Our article hopes to offer you the resources and information to make an informed decision about a claim. Whilst you do not necessarily need a lawyer to manage a data breach case, we hope to explain how working with a lawyer in this way could offer you the most advantageous option.
A data breach is classified as the unauthorised use, sharing, alteration, copying and destruction of data that could be used to identify a specific individual, or ‘living entity’ as we are known. This status can go far beyond simply a name and address or date of birth.
According to the Government’s cybersecurity breaches survey, 2021 a quarter of all charities experienced having cybersecurity breaches or attacks along with four in ten businesses. Attacks seem to happen more to medium and large sizes businesses than smaller ones. It seems fewer businesses this year experienced attacks than in 2020 but for charities, the number stayed roughly the same.
Data breach claims for compensation can be made if you feel an organisation you shared your personal information with failed to protect it and it was leaked or hacked into. This can be an accidental or deliberate leak of information. If you can prove with evidence the failure to protect your personal information and the damage to your health, finances or reputation because of a council data breach, you could be eligible for damages.
The use of personal data shared with third parties is governed by GDPR laws. These laws are enforced by the Information Commissioners Office (ICO). They are a non-departmental government body with very extensive powers to investigate, regulate and fine any company or agency that is found not to be complying with the GDPR regulations. In extreme cases, the ICO can issue multi-million pound fines and their website offers regular updates on the companies that they are investigating.
The ICO ‘s intention is to try and help companies practice better data security. They understand that these new laws are complex and may require a radical internal overhaul of procedure, staff training and attitude at every level. The ICO will support companies that take data protection seriously and investigate the ones that do not.
Consider for a moment how much information a local authority may actually need to keep on record about you. It could be easy to imagine how identity theft or the fraudulent use of that information could be used for criminal purposes. Council data breach scenarios could involve:
- Your name
- Date of birth
- Marital status
- Bank details
- Immigration status
- Health details
- National insurance number
- Passport information
- Details about your children
- Criminal records
Details such as these leaked into the public arena and shared online amongst cybercriminals could provide them with ample opportunity to create bogus identities or attempt to plunder the bank accounts of the unwitting council tenant or service user. You may not even know there has been a privacy violation until it’s too late. The local authority may be unaware also. Good cybersecurity and vigilance of our accounts could help identify when something is not quite right.
Subject Access Requests
There are few exemptions from GDPR laws. The police, law enforcement agencies and intelligence services may be exempt from some of the regulations of the UK GDPR. There are other exemptions to these laws and regulations.
If you are unsure whether Wiltshire council breached GDPR regulations in their request to share and access or make use of specific data, speak to our team for help and advice.
Human error can account for a great deal of exposed data risk. A laptop left open or a casual conversation between staff or the public can be all it takes to risk the confidentiality of another. Scans of tenancy documents, public housing tenants details or passport data are all highly sensitive pieces of paperwork that staff should not leave lying around.
In addition to this, external threats present themselves on an almost daily basis. Every company or agency must be proactively vigilant against a fairly constant barrage of cyber attacks and hacking attempts as criminals test weak spots in poor IT defences. Common examples of online threats can include:
- Password Guessing.
- Recording Key Strokes.
- Malware or Virus.
- Distributed Denial of Service (DDoS)
Random external attacks on data – why?
Criminals can use any of these techniques to break into the secure IT of local authorities and steal information. In some cases, hackers have no other motive than to cause disruption and the knock-on effect to you can be weeks or months of expensive aggravation to put right.
Other examples of potential Wiltshire council data breach scenarios
A data breach claim could also hinge on:
- An incorrectly posted letter
- Details not updated properly
- Unredacted information on an email or attachment
- Ex-employees unlawfully accessing details
- Laptops, smartphones, USB sticks left lying around
- Unlocked filing cabinets, etc
- Social services details passed to the wider family
- Poor IT security and firewalls
- The casual sharing of ‘identifiable information’
- Neighbour dispute details
- Scans or photocopies of personal documents
GDPR regulations are enforced so rigorously because of the wide margin for unforeseen damage a violation of privacy can cause. It’s impossible to tell where the negative consequences could lead. As a victim of this, you could see your life, your finances, privacy and peace of mind turned upside-down.
When a local authority becomes aware of a data breach they in most cases have a duty to inform the ICO within 72 hours of its discovery.
Furthermore, the data breach victim may not become aware until they notice unusual activity in a bank account or on social media platforms. Certain troubling indicators can start to make themselves known to the victim:
- An increase in ‘spam’ emails
- Sudden increase in ‘cold callers’
- Strange notifications about declined payments or authorisation requests
- Unauthorised overdraft alerts
- Missing money
- Contact from the police about financial crime in your name
Long after the financial aspects are resolved, victims of a data breach can suffer trust and privacy issues and real damage to their mental health.
As a social housing tenant, there is a good chance that your rent is paid on a standing order or direct debit to the local authority or the housing association. Many councils insist on rent being paid this way as it guarantees prompt collection and ensures a clamp-down on sub-letting or other types of tenancy-agreement breach.
Obviously, this requires the sharing of a degree of personal banking information. The possession of that data is extremely sensitive. From the moment the local authority has those details, they accept the responsibility by law, to protect it properly. An outside hacker could take the details of rent paid and trace banking details from it. They can divert funds away. The first you may know of the local authority breach is a demand for unpaid rent six months down the line.
Whilst we can check our finances every day, it’s not unreasonable to expect the local authority concerned to provide adequate and safe data protection measures. The law expects it, therefore you could have grounds to sue them if they failed.
Three main users of data
The three main parties involved in the use of data are controllers (the company that originally requested the information) the processors (who can be inside or outside agencies tasked with the role of handling, processing or storing the data) and third parties. This last group can be any external company that can use the data for pre-agreed purposes. This might involve reasons such as marketing, consumer trends, training opportunities or customer service improvements.
Permission or consent may not need to be sought every time your data is shared with a third party. You can raise a complaint with the agency concerned if you feel the sharing is inappropriate. The ICO offer two templates to do this. The first helps you raise a concern with the company involved and the second allows you to complain directly to the ICO if you fail to receive a satisfactory response from the local authority or company within a three-month period.
The ICO may not automatically take up your complaint, but their involvement undoubtedly sends a message to the local authority concerned that you are unhappy about what has happened with your data.
You may choose to approach a council about their data breach directly. They could accept responsibility and offer you compensation. You are perfectly free to accept or decline this offer. It’s also important to note that the ICO does not pay compensation. In order to seek damages from the defendant, you might need to sue them privately in a personal data breach claim.
To summarise the main step by step procedure for making a data breach claim is as follows:
- Check the data-sharing issue was not something you actually agreed to
- Change any relevant passwords online or on social media to limit the radius of damage
- Make contact with the council to raise a complaint
- After no longer than three months, contact the ICO if you have had no meaningful response
- Report them to the ICO if you wish
- Start to catch and collate proof of all costs to you from the breach
- Gather evidence
- Reach out to a No Win No Fee lawyer to seek damages
There are two avenues of compensation available in a claim for data breach:
Material damages refer to the actual out-of-pocket losses you have suffered as a result of the data breach. Any financial impact such as lost money, costs to alter security for yourself, your children or your home and acts of provable fraud carried out in your name might be eligible. Your bank can assist with the evidence that unusual activity has occurred in your name. You can use bills and statements to demonstrate the impact of the costs on you. A data breach specialist solicitor can also advise on how to track the long-term consequences of financial fraud caused by a data breach. As you can only make your claim once, this is an important opportunity to ensure you include everything the first time.
After the Vidal-Hall v Google case, the connection between financial damages needing to be present to imply emotional damages was broken. It is now recognised that it’s perfectly possible to suffer psychological anguish because of data theft in its own right. This means it can be possible to calculate potential emotional or psychiatric damages on your behalf.
The Judicial College Guidelines offers award bracket amounts based on injuries such as Post-traumatic stress disorder (PTSD) and other profound mental health reactions to extended periods of anguish caused by the worry and uncertainty of being a data breach victim.
Together, these two heads of damages can greatly improve the final settlement amount your lawyer can aim for on your behalf.
With this in mind, the table below offers an excerpt from the Judicial College Guidelines to demonstrate the level of awards that are possible with the right medical evidence. Your No Win No Fee lawyer can help organise an independent psychiatric assessment to gain a full and clear picture of how the data breach impacted you and calculate possible awards accordingly.
|Type of injury||Potential award bracket|
|Psychiatric injury (severe)||Resulting in marked inability to function with everyday life.||Up to £108,620|
|Psychiatric injury (moderately severe)||Showing significant problems coping with things like education, work and relationships. Some recovery may be made with professional help, but the damage will be significantly disabling.||Up to £51,460|
|Psychiatric Injury (moderate )||There will be marked improvements with treatment and prognosis is good.||Up to £17,900|
|Psychiatric injury (less severe)||Residual issues that yield over time to treatment.||Up to £5,500|
|Post-traumatic stress disorder (severe)||Inability to cope at anything approaching a pre-trauma level.||Up to £94,470|
|Post-traumatic stress disorder (moderately severe||Symptoms which cause significant disability for the foreseeable future.||Up to £56,180|
|Post-traumatic stress disorder (moderate)||Where recovery is largely complete and any residual effects don't grossly disable the injured person.||Up to £21,730|
|Post-traumatic stress disorder (less severe)||Awards in this bracket will depend on the extent to which daily activities and sleep were impacted.||Up to £7,680|
Compensation amounts are judged on individual circumstances. Each case varies and there are no guarantees. However, a good solicitor knows how to use the results of your medical examination to aim for the most appropriate eligible damages.
The immediate advantage of using a data breach specialist lawyer in a No Win No Fee capacity is that there aren’t fees to pay upfront to hire them. Legal representation like this means you only ever have to pay the lawyers when the case wins. A small capped percentage of the overall settlement amount is all that is due at the end.
By allowing your lawyers access to your medical report and finances, it can be possible for them to build a compelling argument against the local authority that breached your data. If the case loses there are no fees to pay your solicitor.
Choosing a lawyer may seem daunting. This may well be the first time you have ever considered using legal services to sue someone. What is the best course of action to take and how could you find a good No Win No Fee lawyer with the relevant expertise and knowledge to help?
At Legal Expert, we can provide you with a specialists solicitor. With communication between you and the data breach specialists conducted remotely, it’s no longer essential to meet with the lawyer if you do not want to. Or use the services of a local law firm that may lack expertise with data breach cases. With Legal Expert’s help, you can benefit from excellent legal representation today, where ever you live.
In conclusion, thank you for taking the time to read this guide examining what a Wiltshire Council data breach may look like. Speak with our friendly team today.
- Call us for no-obligation advice about a local authority data breach on 0800 073 8804
- Email or write to us at Legal Expert.co.uk
- Use the ‘live support’ option, bottom right
Our team are available 7 days a week, 24 hours a day to help.
In addition to the highlighted text, please use the resources below for further information on other types of personal injury claims such as negligence by a GP or child abuse claims. Also, we can offer help and guidance on PTSD claims.
How long could a claim take?
It’s important to note that claims can vary a great deal. So, in view of this, there is no hard and fast guide. Therefore, it would be sensible to expect a period of 6 months from the start of the claim to the conclusion.
What evidence do I need?
For material proof, you need evidence of financial loss such as bills, receipts or statements that demonstrate how you suffered in an out-of-pocket way because of the data breach. For non-material, your medical report can act as evidence.
Written By Waters
Edited By Melissa.