Housing associations are non profit organisations that provide social housing, shared ownership and supported living arrangements to various people in need. However, if these organisations fail to take sufficient steps to protect the personal information of residents, then a housing association data breach could occur.
That’s why we’ve made this guide to cover all aspects of the data breach compensation claims process. We’ll explain the eligibility criteria to claim, the role of the Information Commissioner’s Office (ICO), the national regulator for upholding information rights, and how data breach compensation amounts are calculated for the two types of damage you can be compensated for.
We have also included a real world case study of a housing association that was reprimanded by the ICO following a breach of residents’ data.
In our final section, we examine the No Win No Fee contract offered by our panel of expert data breach solicitors. To find out if you are eligible to claim, speak to our advisory team for a free assessment today:
- Call us on 020 8050 3051.
- You may also contact us through our website.
- Or, you can open the live chat window on your screen now.
Select A Section
- What Is A Housing Association Data Breach?
- How Could A Housing Association Data Breach Happen?
- Case Study: Clyde Valley Housing Association Data Breach
- How Can Housing Associations Prevent Data Breaches?
- How Do I Know If I’ve Been Involved In A Housing Association Data Breach?
- What Compensation Could I Receive From A Data Breach Claim?
- Claim For A Data Breach Using A No Win No Fee Solicitor
- More Useful Resources About Data Breach Claims
What Is A Housing Association Data Breach?
The ICO definition of a personal data breach is an incident of security that results in the unauthorised disclosure of, access to, unlawful or accidental loss, alteration or destruction of personal data. This definition encompasses both deliberate and human error data breaches.
When considering a claim following a personal data breach, there are 3 parties that need to be considered. These are:
- Data subject: The living identifiable individual to whom the personal data relates.
- Data controller: The organisation that decides when, why and how personal data will be processed or stored.
- Data processor: a data controller may elect to use an external organisation to process the data on their behalf. It should be noted that not every data controller will do this.
Data controllers and processors are required to protect your personal information under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. The housing association is the data controller in this situation, but can also be the data processor.
In order to make a housing association data breach claim, you will need to demonstrate the following:
- The data controller or processor failed to uphold their obligations under UK GDPR.
- This resulted in a data breach in which your personal information was affected.
- You experienced financial harm, psychological injury, or both as a result of this.
For a free assessment of your eligibility to claim data breach compensation, call our advisory team using the contact details provided above.
What Personal Information Could Be Exposed By A Housing Association?
Personal data, also known as personal information, is any data that can be used to identify a living individual, whether that be direct or indirect identification. Examples of such information that a housing association could hold could include:
- Your name.
- Your address.
- Bank and credit card information.
- Contact details such as your phone number and email address.
The UK GDPR also creates a “special category” of personal data that requires higher levels of protection due to increased sensitivity. This can include data such as health data, religious and political beliefs, race and ethnicity and sexual orientation. For example, a housing association that operates accessible dwellings may hold information regarding tenants’ disabilities to better cater for their needs.
To find out more about making a personal data breach claim against a housing association, get in touch with our advisors today.
How Could A Housing Association Data Breach Happen?
A housing association data breach could occur in a variety of different ways. Before we get into our real world case study, we’ve set out a few possible examples of data breaches you could potentially seek compensation for here:
- Inadequately trained staff left hard copies of your resident record on a train. Unauthorised persons subsequently gained access to your address as a result of this paperwork being lost.
- Administrative errors meant documents concerning your disability were attached to a group email instead of being sent out privately.
- Failures to install appropriate security measures meant a cyber attack on the housing association systems exposed the names, addresses and bank details of several tenants.
- Carelessness by housing association staff caused the accidental destruction of your personal data when your tenancy file was deleted in error.
Our team can assess the validity of your potential claim free of charge. Reach out to our advisors today using any of the contact details provided at the bottom of this guide.
Case Study: Clyde Valley Housing Association Data Breach
The Clyde Valley Housing Association data breach occurred in 2022 when a new online customer portal was launched. A user discovered that they could access documents related to other tenants, not just their own. Information regarding the names, addresses and contact details of all customers were available to anyone who logged into the system.
The resident complained, but their concerns were not escalated, and the information remained unsecured for 5 days. An additional 4 residents reported the same issue before the portal was closed down.
The ICO opened an investigation and found that the housing association failed to conduct adequate testing before launching the system. The staff had also not been adequately trained on the escalation procedures in the event of a data breach.
The ICO issued a formal reprimand and recommended the Clyde Valley Housing Association implement a rigorous testing process for any future systems and conduct reviews of data protection training to ensure staff know how to respond to such incidents adequately.
How Can Housing Associations Prevent Data Breaches?
There are many steps that can be taken to help prevent or substantially lower the risk of a housing association data breach. We have summarised the ICO guidance for the housing sector here:
- Training: all staff should be trained in the organisation’s legal responsibilities under data protection law. Staff should also be knowledgeable of internal procedures relating to personal data and the handling of any queries.
- Records: accurate and up to date records of all residents should be maintained so any issues can be dealt with swiftly and any access requests can be fulfilled.
- Appoint a Data Protection Officer. A public authority must have a Data Protection Officer.
- Openness: inform all residents on what data has been collected and how it is being used.
Other things that housing associations can do is ensure all cybersecurity measures are updated regularly and sufficient for the volume and sensitivity of data being held. A data controller should also make sure an action plan is in place in the event of a data breach and that all staff are knowledgeable of this.
To find out if you can make a data breach claim in your particular circumstances, get in touch with our dedicated advisory team today.
How Do I Know If I’ve Been Involved In A Housing Association Data Breach?
If you have been involved in a housing association data breach, then that housing association should inform you, and any other affected data subjects, without undue delay if your rights and freedoms have been put at risk. This should be done through a data breach notification letter.
There is also a legal obligation to inform the ICO within 72 hours if the reporting threshold is met.
You also have the legal right to express concerns or request further information regarding how your personal data is being stored or used by the housing association. You can escalate your complaint to the ICO if you receive an unsatisfactory, or no response at all.
While the ICO have no powers to compensate affected subjects, they can issue reprimands and fines to data controllers who fail to uphold their legal obligations. We’ll cover data breach compensation in the next section. For a free assessment of your eligibility to claim, speak to our advisors today.
What Compensation Could I Receive From A Data Breach Claim?
Housing association data breach compensation can be awarded for two different types of damage:
- Material damage refers to the financial impacts of a personal data breach. We’ll examine this in more detail in the next section.
- Non-material damage means the psychological harm caused by having your personal information exposed. This can range from general distress to severe psychiatric harm and post-traumatic stress disorder (PTSD) in the most serious of cases.
Those assigned the responsibility of calculating a potential non-material damage figure can refer to your medical diagnosis in conjunction with the Judicial College Guidelines (JCG). The JCG publication contains guidelines compensation figures for various injuries.
JCG figures for psychological damage have been used in the table below. We’d like to emphasise that the first entry was not taken from the JCG.
Compensation Table
Please be advised that this table has been included for guidance purposes only.
Type of Injury | Severity | Guideline Compensation Figure |
---|---|---|
Very Severe Psychological Harm with Significant Financial Losses. | Very Severe | Up to £500,000 + |
General Psychiatric Damage | Severe | £66,920 to £141,240 |
Moderately Severe | £23,270 to £66,920 | |
Moderate | £7,150 to £23,270 | |
Less Severe | £1,880 to £7,150 | |
Post-Traumatic Stress Disorder | Severe | £73,050 to £122,850 |
Moderately Severe | £28,250 to £73,050 | |
Moderate | £9,980 to £28,250 | |
Less Severe | £4,820 to £9,980 |
Can I Claim Compensation For Material Damage?
As part of your personal data breach compensation claim, you could claim for financial losses stemming from the personal data breach. These losses are known as “material damage.” We have detailed a few potential examples here:
- The costs of security or relocation if your address has been compromised.
- Loss of earnings from time taken off work to recover from the psychological distress.
- Medical expenses such as therapy or counselling sessions.
Make sure you have copies of your payslips, receipts and other documentation that proves you incurred these losses.
To find out more about what your potential personal data breach claim could be worth or for a free assessment of your eligibility, call our advisory team today using the details given below.
Claim For A Data Breach Using A No Win No Fee Solicitor
To find out if you are eligible to begin a housing association data breach claim, contact our advisors for a free eligibility assessment. If eligible, an expert data breach solicitor from our highly experienced panel could offer to take on your claim.
Our panel can offer their services on a No Win No Fee basis under a Conditional Fee Agreement (CFA). A CFA gives claimants a range of benefits including:
- No fees to pay for the solicitor to begin work on the claim.
- You will also not be liable for any fees during the claims process itself.
- Finally, there will be no fee to pay should the claim not succeed.
You will receive a data breach compensation award if the claim succeeds. The solicitor will take a percentage of this award as their success fee. As The Conditional Fee Agreements Order 2013 caps these fees at 25%, you know from the beginning you will keep the majority of any compensation that is paid out.
You can get your eligibility to claim assessed for free by speaking to our advisors today. Get in touch using any of the following contact information:
- Call us on 020 8050 3051.
- You may also contact us through our website.
- Or, you can open the live chat window on your screen now.
More Useful Resources About Data Breach Claims
You can read some of our other data breach claims guides here:
- Find out about claiming for probation services data breach here.
- Read our guide on making a claim if your GP sent a letter to the wrong address by clicking this link.
- Learn more about making a student accommodation data breach claim here.
These external resources have also been included to provide additional information:
- Charity Victim Support has published this guidance for victims of cybercrime and online fraud that you can read here.
- A personal data breach can be a significant source of anxiety. Read the NHS guidance on their website.
- The Nation Cyber Security Centre has published this guidance for individuals and families to help them stay safe online.
Thank you for reading our guide to making a housing association data breach claim. To get your eligibility to claim assessed for free, call an advisor today using the number provided above.