You may never have thought about local authority data breach claims until falling victim to one. Local authorities often keep a wide range of information about tenants, service users and the public who live in that area. We assume that they keep it safe, buy what happens if they fail? This guide explains how you might be entitled to compensation for the financial and emotional harm this has caused.
We start by defining local authority data breaches and explore what types of information they hold. Some examples of data breaches are examined. In addition to this, we explain what compensation can apply and how evidence is used to calculate it. Lastly, we lay out the advantages of working with a data breach solicitor from our panel who can provide legal representation under a type of No Win No Fee contract.
If a local council has mishandled your personal data in a way that caused you harm, they could be in breach of data protection laws. This article guides you through the claims process, but if you’d like to speak to an advisor about your case now, you can:
- Free call on 0208 050 3051
- Contact us to make your claim enquiry
- Ask the live chat a question about local authority data breach claims.
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
Frequently Asked Questions
- What Is Meant of a Local Authority Data Breach?
- What Types Of Personal Data Is Held By A Local Authority?
- The Common Causes Of Local Authority Data Breaches
- Who Can Make Local Authority Data Breach Claims?
- How Much Data Breach Compensation Could I Get From A Local Authority?
- Making A Successful Local Authority Data Breach Claim
- Do I Need A Solicitor For Data Breach Claims Against A Local Authority?
- Learn More
What Is Meant of a Local Authority Data Breach?
A local authority is typically the council responsible for a specific area. They provide services to residents in that area. The term ‘local authority’ can include:
- County councils
- District, Borough or City Councils
- Unitary (or single) councils
- Metropolitan district councils (for more complex areas)
- Town and Parish councils
- Combined authorities.
When it comes to data protection rules, the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) outline the requirements for processing personal information correctly and establishing a lawful basis for its use. These data processing obligations apply equally to all local authorities.
The Role Of The ICO In Data Breaches
The Information Commissioner’s Office (ICO) is an independent agency that enforces data standards for the public and can investigate data breaches. If an organisation is found to have breached personal data, the ICO can issue penalties to any public or private entity. You can make a complaint about your data use with the ICO.
You don’t have to involve the ICO, and it has no bearing on your right to start a compensation claim either way. However, they may investigate serious breaches, and you could use their findings to support your compensation claim. Call if you’d like more guidance.
What Types Of Personal Data Is Held By A Local Authority?
A local authority might need to retain a surprisingly wide range of information about you and your dependents. The list below gives an idea:
- Name and address
- Contact mobile and email address
- Marital status
- Bank details and rent account information
- Information about council tax and housing benefits
- Passport and immigration status information
- Details about dependents and your child’s school.
Any of this information could be used alone or linked together to enable others to commit criminal activity.
Examples Of Special Category Data
In addition to the general information typically maintained by a local authority, it may be necessary for them to store more sensitive information. This is called special category data and can include details about:
- Race and ethnicity
- Political, religious and philosophical beliefs
- Biometric data
- Information about medical conditions for you (or your dependents)
- Details about civil or criminal convictions
- Social services information.
- Adoption information.
The long-term repercussions of a serious data breach can leave the person with both financial loss and emotional trauma. So if you feel your local authority failed to adequately safeguard your data and you were harmed, speak to us about a claim.
The Common Causes Of Local Authority Data Breaches
There are common causes of data breaches, ranging from innocent human error to acts of deliberate malice. We look at some common examples of how a breach can happen and potentially form the basis of a valid claim:
- An admin assistant in the local authority office failed to secure paperwork about residents. This resulted in the loss of personal data.
- A case worker at a Council put sensitive information in a normal bin rather than securely destroying it, and an unauthorised person found it.
- The computer screens in the local authority housing office were not set with a security timeout. This enabled others to read the details on the screen without consent.
- Insufficient IT protection made it easier for cybercriminals to infiltrate the local authority’s database and access information in ransomware or malware attacks.
- An internal email included a resident’s financial details by mistake. This allowed unauthorised parties to access the data and use it for criminal activity.
- A breach of adoption data caused severe family disruption and financial impact when a letter was sent to wrong address.
There can be other ways in which a data breach at a local authority causes harm. If your case is different and you would like to discuss it, speak to the team. They can answer any questions you might have about claims from local authorities regarding data breaches.
Who Can Make Local Authority Data Breach Claims?
Anyone who can prove they were harmed by the repercussions of a local authority data breach could be eligible to start a claim.
A local authority has a responsibility to ensure that the integrity, confidentiality and availability of the data they hold is protected.
A personal data breach can arise after data is lost or stolen, unlawfully destroyed, duplicated, altered or shared with unauthorised others. With this in mind, you could have valid grounds to start a data breach claim if you can show the following:
- The local authority had a duty to safeguard your personal data.
- They failed to do this, resulting in a breach of your data.
- You were financially and/or psychologically harmed by the data breach.
You might become aware of a data breach problem in the following ways:
- A sudden increase in spam emails or cold callers
- Unusual activity in your bank account
- Notification from credit lenders or retailers about overdue balances on cards
- Charges from your bank for unauthorised overdraft use or other penalties.
Discovering activity like this can be very distressing. However, you could be in a position to seek these lost amounts back if the data breach was someone else’s fault. Chat about local authority data breach claims with our friendly team, and there could be a path forward for data breach compensation for you.
How Much Data Breach Compensation Could I Get From A Local Authority?
If the data breach claim is a success, the compensation awarded is often made up of two areas called material and non-material damage. Non-material damage is the psychological harm caused by the data breach.
The table below is made up of entries from a publication called the Judicial College Guidelines (JCG). This provides a list of compensation brackets for a wide array of physical and psychological injuries based on past cases in England and Wales. We’ve used them to put together the following table. It’s essential to know that these are only guidelines. Data breach claim outcomes always differ, and the first line used here is not from the Judicial College Guidelines:
Compensation Guidelines
| HARM | HOW SEVERE? | COMPENSATION GUIDELINES | DETAILS |
|---|---|---|---|
| Several forms of severe mental harm and material damage amounts | Severe | Up to £500,000 plus | This level of compensation reflects multiple forms of psychiatric injury alongside material damage compensation for counselling fees, lost earnings and costs for re-establishing personal privacy. |
| Psychological harm of a general nature | (a) Severe | £66,920 going up to £141,240 | Very poor prognosis resulting from acute psychological harm that broadly impacts the person's life. |
| (b) Moderately Severe | £23,270 going up to £66,920 | Similarly significant problems as the entry above but future outlook for recovery is more optimistic. | |
| (c) Moderate | £7,150 going up to £23,270 | Issues like those listed above are experienced but this bracket differs because of an improvement noted by the time a trial might start. | |
| (d) Less Severe | £1,880 going up to £7,150 | This reflects the length of injury and how impacted daily activities are. | |
| PTSD (Post-traumatic stress disorders) | (a) Severe | £73,050 going up to £122,850 | Permanent trauma impacts that halt the person's ability to cope on any level the way they did before the incident. |
| (b) Moderately severe | £28,250 going up to £73,050 | Still a significant disability, compensation in this bracket reflects the positive influence of mental health counselling. | |
| (c) Moderate | £9,980 going up to £28,250 | A recovery (by and large) is seen, with any stubborn symptoms being classed as not grossly disabling. | |
| (d) Less Severe | £4,820 going up to £9,980 | Within a period of 1 - 2 years, virtually a full recovery takes place and minor issues only continue past this. |
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
What Determines The Amount Of Compensation I Get?
The ultimate amount of any compensation is determined by the severity of the psychological harm caused and the level of financial damage experienced. By adding material and non-material damage amounts together, a total compensation amount can be reached. The amount can also be determined by any losses and expenses predicted for the future, such as long-term psychological care or lost earnings.
Can I Claim For Any Financial Losses I’ve Suffered?
You can include a detailed claim for material damage if you have proof. This refers to the financial losses or expenses caused by the local authority’s data breach. You will need to present evidence such as:
- Payslips that show how stress caused you to miss work and lose income
- Invoices for private counselling or mental health services
- Receipts for the cost of repairing or replacing any corrupted devices like your phone or laptop
- Other expenses relating to restoring your privacy. For instance, in cases of severe identity theft, it might be necessary to relocate your job or home, and this can carry significant costs.
Do you feel that a local authority failed to do all they reasonably could to protect your personal data? Speak to our advisors about local authority data breach claims.
Making A Successful Local Authority Data Breach Claim
When setting out on local authority data breach claims, it’s important to focus on gathering evidence and understanding time limits. You might also want to work with an expert data breach solicitor, so we look at these areas individually:
What Evidence Do I Need To Help Support My Claim?
Local authority data breach claims carry a higher chance of success if they have solid evidence. Gathering this together can be more straightforward than you might think. For example, the following can help:
- Any correspondence between you and the local authority about the data breach. All companies need to send a letter of notification to impacted data subjects about a serious breach after uncovering it. This applies to breaches that have the potential to damage your rights and freedoms.
- Any correspondence you might have with the ICO about the data breach.
- Bank statements and other documents that prove you suffered financial harm because of the local authority data breach.
- Proof of the cost for any counselling that you sought to deal with the stress of the data breach.
A data breach expert solicitor from our panel can help you gather supporting evidence like this. Why not take a moment to see if your claim qualifies? If it does and you’d like to work with a solicitor, our advisors could connect you to one today.
Is There Time Limits For Making Local Authority Data Breach Claims?
You have 6 years to start a data breach claim. This starts from the date that you first became aware or were notified about the data breach. Please feel free to call our advisory team to discuss the time limits for local authority data breach claims.
Do I Need A Solicitor For Data Breach Claims Against A Local Authority?
It’s not a legal necessity to use the services of a solicitor to file a data breach claim. However, there is a wide range of advantages to consulting with an expert about claims like this, as they can become complicated.
You could qualify to fund your data breach compensation claim with an expert from our panel of solicitors using a Conditional Fee Agreement (CFA). This is a variation of No Win No Fee contracts, and it provides solicitors services with the following benefits:
- A CFA means that you will not be expected to pay any upfront solicitors’ fees for work to start on the claim.
- Also, no solicitor’s fees apply as work on the claim develops.
- If the claim fails, no fees apply for completed services.
- Instead, a small percentage of the compensation needs to be paid to your solicitor as a ‘success fee’ should the outcome be successful.
- Furthermore, you can agree on this percentage with your solicitor before the claim starts.
- Additionally, this percentage is restricted by law to ensure that the person claiming the compensation is the one who benefits the most.
Funding your council data breach solicitor this way means you don’t have to worry about the costs of your legal team. Interested?
Contact Us
You can discuss local authority data breach claims with our expert team of advisors right now. Simply:
- Free call on 0208 050 3051to see if you can claim compensation.
- Contact us to make your claim enquiry.
- In addition to this, you can ask the live chat a question about data breach compensation payouts.
Learn More
In addition to details on local authority data breach claims, these other articles may be helpful:
- This guide explores other types of incidents that can lead to data breach claims.
- Here, our article looks at social services data breach in more depth.
- Also, claims after the accidental destruction of your personal data.
External help:
- Read about actions the ICO has taken.
- Also, here are tips for security online from the Nation Cyber Security Centre (NCSC)
- Finally, read more from GOV.UK about data protection legislation.
To close our guide, thank you for reading about local authority data breach claims. Our team is on hand to answer any further questions about how a No Win No Fee agreement offered by our panel of solicitors could be the funding option you seek.