A Guide To Claiming Council Data Breach Compensation
Council Data Breach Compensation Claims
If you have been impacted by a data breach incident at your local council, our solicitors could help you claim compensation
£85 million in compensation
Won for our clients by JF Law Solicitors
A Guide To Claiming Council Data Breach Compensation
Council Data Breach Compensation Claims
If you have been impacted by a data breach incident at your local council, our solicitors could help you claim compensation
We rely on our local council for a range of services including social care, waste management, leisure facilities and taxes. So, when data protection law is not adhered to, significant damage can be caused. This guide examines who could be eligible to claim council data breach compensation.
On this page , you will see important information regarding what a data breach is, the criteria to begin a claim and how data breach compensation for the two types of damage is calculated during the claims process. We have also included a compensation table with guideline compensation figures.
At JF Law, we have considerable experience in dealing with data breach claims. So the towards the end of this page, we examine exactly how our dedicated solicitors could help you claim compensation.
To get a free assessment of your potential claim’s validity, or to ask any questions you might have, contact our advisors today using the details given here:
- Call us on 0151 375 9916.
- You can also contact us online by completing this form.
What Are Council Data Breaches?
A personal data breach is defined by the Information Commissioner’s Office (ICO) as a security incident that impacts the availability, integrity or confidentiality of personal data. We explain the ICO’s role in data protection later on.
Councils and local authorities manage a huge amount of data for residents in their areas, meaning any failures to comply with data protection law can have far-reaching and serious consequences.
A council data breach, therefore, is any incident that impacts the personal data held by the local authority. We examine some examples of how this can happen, as well as the types of data that councils can hold in the next sections.
The Types Of Data That Are At Risk
Personal data is information that can be used to identify a living individual through both direct and indirect means. Local Councils process large quantities of data on their constituents daily for purposes such as council tax billing, the provision of care and benefits.
Examples of personal data held by a council can include:
- Names.
- Your residential address.
- Contact information such as your home phone, email address or mobile number.
- Financial information including bank and credit card details.
- Criminal records.
- Data relating to council run services like leisure centre and library membership.
Under the UK General Data Protection Regulation (UK GDPR), there is also special category data. This is personal data that is deemed to be of higher sensitivity and therefore requires much greater standards of protection.
Examples of this can include:
- Data regarding health.
- Information on religious and political beliefs.
- Membership of trade unions.
- Data regarding sexual orientation and sex life.
Examples Of Data Breaches By Local Authorities
A data breach at a local authority can occur in a number of different ways. Examples of this can include:
- Staff at the council offices had not received sufficient data protection training. Documents containing the addresses and contact details for multiple recipients of social care were left unsecured. These documents were subsequently lost.
- Failures to update cybersecurity software resulted in the payment information of several council constituents being stolen in a hacking attack.
- Administrative errors resulted in social care documents containing details of your disability and support plan being sent to the wrong address.
You can get a free eligibility assessment by talking to our advisory team today.
Can You Claim Compensation For A Council Data Breach?
In order to properly examine the law surrounding personal data breaches, there are 3 different parties we must discuss. These are:
- Data controllers: This is the organisation that determines when, why, and how your personal data is to be processed.
- Data processors: an external organisation that has been contracted to undertake data processing services on behalf of the data controller. So, for example, while your local council may have taken personal information for council tax purposes, the council are not necessarily processing that data itself.
- Data subjects: A living individual to whom the personal data relates and can be used to identify, both directly and indirectly. Any time we say “data subject” on this page we could very well be talking about you!
Both data controllers and processors must adhere to the standards of data protection set out by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
To begin a council data breach claim, the following criteria will need to be met:
- The data processor or controller failed to abide by the standards set out in the DPA and UK GDPR.
- This failure resulted in a data breach. Furthermore, your personal data was included in this breach.
- You incurred financial loss, psychological harm or both due to this compromise of your personal data.
Established, Experienced, Dependable, Responsive and Committed
We strive to provide the highest level of service possible. Our sole aim is to get you the best result we can and one you’re satisfied with. Get in touch today to find out how we can help you.
What You Can Claim For
There are two seperate types of damage that council data breach compensation may be awarded for. Material damage is financial harm caused by having your personal data exposed, whereas non-material refers to the psychological impacts.
There are two landmark cases that changed how compensation is calculated in data breach claims. These are:
- Vidal-hall v Google Inc 2015: the ruling in this case stated that claimants do not have to have suffered financial losses in order to claim for emotional distress.
- Gulati v MGN 2015: the court upheld that the psychological damage caused by a personal data breach can be valued as it would in a personal injury claim.
This means solicitors can refer to the Judicial College Guidelines (JCG) when determining potential compensation figures. However, this is only for non-material damage. Your financial losses will be assessed separately through reference to any documents (payslips, prescription letters, receipts) you provide.
We have taken some of the JCG figures to create this table of non-material damage compensation. Please note that the top entry is not a JCG figure.
Compensation Table
This information has been included for guidance purposes only
| Type of Harm | Severity | Guideline Compensation Amount | Notes |
|---|---|---|---|
| Very Severe Psychological Distress with Material Damage | Very Severe | Up to £500,000 and above | Very severe psychological harm with significant financial losses including loss of earnings, medical costs and security expenses. |
| General Psychological Distress | Severe (a) | £66,920 to £141,240 | Marked problems in relation to ability to work, maintain relationship and a very poor prognosis. |
| Moderately Severe (b) | £23,270 to £66,920 | A more optimistic prognosis but significant problems relating to employment and social life will be present. | |
| Moderate (c) | £7,150 to £23,270 | A marked improvement with a good prognosis. | |
| Less Severe (d) | £1,880 to £7,150 | This bracket is influenced by the length of the disability period, and impact on sleep and daily activity. | |
| Post-Traumatic Stress Disorder | Severe (a) | £73,050 to £122,850 | Permanent effects preventing anything resembling pre trauma functioning across all aspects of life. |
| Moderately Severe (b) | £28,250 to £73,050 | Significant disability for the foreseeable future despite some recovery with professional help. | |
| Moderate (c) | £9,980 to £28,250 | A large scale recovery will have occurred and any continuing effects will not be grossly disabling. | |
| Less Severe (d) | £4,820 to £9,980 | Virtual recovery within 2 years with only minor continuing symptoms. |
Factors Affecting Compensation Amounts
There are a number of factors that can influence what compensation you receive. For example:
- The severity of the psychological distress.
- What treatment you require.
- How long your recovery takes.
- The impact on your daily life, earnings and any costs you may have incurred.
The Difference Between Material And Non-Material Damage
As we said above, material damage means financial harm caused by having your personal information exposed. Some possible costs you could be reimbursed for include:
- Loss of earnings.
- The cost of therapy sessions and prescription medications.
- Security installations or relocation expenses if your address has been compromised.
This information is intended to act as a guide only. For a free assessment of your eligibility, contact our team today using the details given below.
The Role Of The ICO In Council Data Breaches
The Information Comissioner’s Office is the UK’s independent body for upholding information rights. They have the power to investigate breaches of the UK GDPR and impose penalties on offending data controllers and processors.
It is important to note that the ICO does not have the power to award compensation, or order data controllers to pay out compensation to affected data subjects. Nevertheless, the findings from an ICO investigation can be very useful to you when making your claim.
We pride ourselves
on providing the best service
possible for our clients.
We pride ourselves on providing the best service possible for our clients.
How To Make A Successful Claim
While our solicitors will guide you through the entire process of claiming council data breach compensation, we wanted to highlight a few key aspects of the claims process.
Which Evidence You’ll Need
Proving the fault of the data controller or processor will be a key part of your claim. A few examples of evidence you could use have been included here:
- Correspondence between you and the data controller informing you a data breach has occurred.
- Documents showing any financial harm incurred.
- Professional diagnosis of the psychological distress caused.
- Findings from the ICO investigation (if there was one).
Time Limits For Filing A Local Authority Data Breach Claim
Generally, you will have 6 years to start the legal process if a data controller breaches your personal information. However, if you are claiming against a public body, such as a local council, this is reduced to 1 year.
Contact our team as soon as possible after a social worker has breached your data. Our advisors can offer guidance on the data breach limitation period and assess your eligibility to start a claim. Use the contact details provided above to talk to our team.
Do You Need A Lawyer?
Legally speaking? No, you do not have to instruct a solicitor to represent you in a claim. Is it advisable to do so? Absolutely. By choosing to work with one of our solicitors, you have a highly experienced and knowledgeable legal professional in your corner who can undertake a number of tasks on your behalf and support you throughout the claim.
Some of the ways a data breach solicitor could support you are:
- Breaking the legal language barrier by explaining all the jargon and technical terms.
- Assisting you with gathering evidence.
- Determining a potential compensation figure.
- Negotiating with the defendant’s representatives on your behalf.
- Ensuring any court instructions and deadlines are met.
To find out more about how JF Law can help you get compensation after a local authority breached your data, talk to our team today using the contact information provided below.
Make A Claim With A No Win No Fee Solicitor
One of our solicitors could represent your claim under a Conditional Fee Agreement (CFA). This is a type of No Win No Fee contract our highly experienced data breach solicitors can offer to eligible claimants.
A CFA insulates claimants from paying solicitor fees both at the start of and during the claims process. You will also not pay any fee towards your solicitor’s work if the claim fails, hence “No Win No Fee.”
You will, therefore, only pay if the claim wins. This is referred to as a success fee and is subtracted from the compensation as a pre-agreed percentage. The Conditional Fee Agreements Order 2013 caps success fee percentages, so you know from the outset that the majority of any payout will be yours to keep.
To get a free assessment of your potential claim’s validity, or to ask any questions you might have, contact our advisors today using the details given here:
- Call us on 0151 375 9916.
- You can also contact us online by completing this form.
More Information
You can read some of our guides on other topics here:
- Find out more about starting a bank data breach claim here.
- Read our guide to making an accident at work claim against your employer.
- Check out our public liability claims FAQ page here.
We have also included these external resources for additional information:
- You can access advice and guidance on staying safe online from the National Cybersecurity Centre on their website.
- The NHS has published this resource on stress and where to access support.
- Access advice on when to report a data breach from the Law Society.
Our Latest Customer Reviews
AS SEEN ON
Contact Us
Our helpline is open 24 hours a day, 7 days per week.
All calls are free and there’s no pressure whatsoever to proceed with a compensation claim.
If you write to us, we aim to respond within an hour or two, and no more than a few hours.
Request a Callback
