This page contains a basic guide to the steps you could take if you were to be affected by a potential data breach at Cheshire East Council. We’ll examine what circumstances could be grounds for a claim for compensation after a data breach caused you harm.
When Could You Claim For A Data Breach At A Council?
It’s not enough that your personal data is exposed for you to be eligible to make a claim. In order to be owed compensation, you need to show that the breach caused you harm and that it was caused by the failings of the data controller (the organisation that holds your data and decides how it is processed).
But how might a breach occur due to failure to secure your data? This is one of the questions we will answer in this guide.
Claims each have unique circumstances. Therefore, your own claim will be based on a set of specific facts that differ from other cases.
This means that we may not answer all of your possible questions in this guide. However, don’t worry if we have not; we can still help you. If you would like any more information about claiming for harm caused by a data breach, you can call our claims experts on 0800 073 8804. You can also fill out our online form or use the live chat to the bottom-right of this guide.
Select A Section:
- A Guide On What To Do If Affected By A Data Breach At Cheshire East Council
- Statistics
- What Could Be A Data Breach At Cheshire East Council?
- Must Councils Follow The GDPR Rules?
- Ways Data Privacy Could Be Breached
- Social And Housing Service Data Breaches
- Who Do I Report A Data Breach With?
- How Claims Could Be Made
- How Claims Could Be Valued
- Calculate A Payout For A Data Breach At Cheshire East Council
- Data Breach At Cheshire East Council – No Win No Fee Cases
- Choosing A Specialist Solicitor
- Beginning A Claim
- Supporting Resources
- Data Breach And Subject Access Request FAQs
A Guide On What To Do If Affected By A Data Breach At Cheshire East Council
What steps could you take if a Cheshire East Council data breach occurred, causing you emotional or financial harm? Who would be liable in a data breach claim? These are just some of the questions you might have that we hope to answer in this guide.
The guide starts with a graph that is based on statistics that relate to central government data security incidents. We hope this will enable you to visualise what data breaches can entail.
We will also provide a general definition of what a data breach is and the forms it could possibly take. This includes an explanation of the laws in the UK that protect data subjects (the individuals to whom personal data relates).
Next, we look at the legal obligations of the council to follow UK data privacy laws. This section also provides some examples of the ways that a data breach affecting a council could potentially happen.
This is followed by several sections that cover aspects of the complaint and claims process. You will learn how to report or make a complaint about a data breach. Additionally, we outline the process of making a claim. We have included an explanation of the reasons you might claim damages, as well as an example compensation table. Finally, we look at what a No Win No Fee agreement is and the key benefits that you could encounter when funding legal representation in this way.
This guide ends with some advice on how to start your claim. Furthermore, we have provided some useful links and a short section addressing some frequently asked questions.
Time Limits To Claim
How long could you have to claim for harm caused by a data breach? We’ll address this question in this section.
This time limit will vary depending on the circumstances of your claim. For example:
- If you are claiming against a public body, then the time limit would be one year.
- If you are claiming against an organisation other than a public authority, then the time limit would be six years, unless your human rights are affected.
There can be other factors that have an effect on this time limit. If you want to find out exactly which time limit could apply in a data breach claim, call our team to find out.
Statistics
In the UK, there is a governing body that oversees data protection legislation. This is the Information Commissioner’s Office (ICO). We will look a little closer at the responsibilities of the ICO later in this guide.
However, at this point, we want to give you a visualisation of data breaches. The ICO has published this data that we have used to make the bar graph below.
If a data breach at Cheshire East Council occurred our team is qualified to answer any questions you have about the steps to take following a data breach. In order to hold any valid data breach claim you, the data subject, would have to prove that the data controller failed to protect your personal information accordingly.
What Could Be A Data Breach At Cheshire East Council?
In the European Union (EU), the General Data Protection Regulation (GDPR) protects the rights of data subjects. The Data Protection Act 2018 (DPA) ratified this piece of legislation into UK law. The UK-GDPR informs data protection in the UK since the UK left the EU.
Your local authority has to comply with all these regulations. Doing so should help to protect your personal data.
A data breach is where a security incident has meant that your personal data has been lost, destroyed, altered or disclosed to or accessed by someone without authorisation. This can happen unlawfully or deliberately. It can also be an accident. Data breaches can happen when cyber criminals choose to target organisations and access data for their own gain. However, they can also happen as the result of poor training or errors on the part of employees.
If you were to suffer stress, psychological harm or financial loss due to such a breach, you might be able to claim compensation. However, you will need to show that the data controller failed to take all proper actions to protect your data. If the local authority did all they could to protect your data and a breach occurred anyway, you may not be able to claim.
If you are unsure whether your claim is valid or not, we can help. Our claim advisors are available 24 hours a day, 7 days a week, to help you. You may use the contact information at the end of this guide to get in touch with us.
Must Councils Follow The GDPR Rules?
Your local council has to follow UK-GDPR to protect your personal data. Personal data is classed as any information which could be used to identify you, alone or in conjunction with other pieces of information.
Generally, the authority has to follow the seven principles of GDPR. These are:
- Acting with lawfulness, fairness and transparency.
- Practising data minimisation to limit the volume of data stored.
- Practising storage limitation to reduce the length of time your data is stored.
- Ensuring your data is kept secure.
- Practising purpose limitation to limit how your data is used.
- Keeping your data up to date and accurate.
- Being accountable for any breaches in GDPR policy.
Ways Data Privacy Could Be Breached
Due to the nature of the information that could be held by a local authority, a potential data breach at Cheshire East Council could have serious ramifications. This is because the council need to hold data on people who use their services.
For example, if you are under the care of social services, the council might need to hold your data in order to provide you with these services. They could also hold information on school or nursery applications for your child.
If sufficient security steps are not taken by any data controller, this could lead to your data being exposed. These breaches could potentially take the form of:
- Pieces of paper containing your personal data are lost or left in a public place.
- A computer screen left on in a staff canteen, with your data visible on it.
- A cybercriminal spots holes in the online security system. They launch a cyberattack and gain access to your personal data.
- A device such as an external hard drive or USB stick that contains your data being disposed of insecurely before being fully wiped.
So, to be eligible to claim you would need to be able to prove that the data controller did not do all they could to secure your data. You can call and talk to our team to learn whether your claim may be valid.
Social And Housing Service Data Breaches
If you are a council tenant or under the care of social services, the council needs to store a range of information on you in order to provide you with these services.
Information that the local authority could hold if you use these services include:
- Passport scans
- Rent agreements
- Social worker notes
- Tenancy audit information
If a cybercriminal gained access to scans of your passport they could commit identity theft and take out loans in your name, affecting your credit score. If details of your personal circumstances were exposed to an unauthorised third party, this could cause you extreme stress, depression or anxiety. In some cases, it may even lead to Post-Traumatic Stress Disorder (PTSD). And if a cybercriminal gained access to your rent statements, they could use the information on these to create a phishing scam to get hold of your bank details.
Who Do I Report A Data Breach With?
Before you move on to try and make a compensation claim for a data breach, you might like to report it first. The outcome of the ICO’s investigation is not final; however, if they decide in your favour, it could lend weight to your claim.
Cheshire East Council is likely to have a Data Protection Officer. You could contact them if you suspect a data breach. After a data breach, the data controller might offer you compensation themselves to remedy the situation. If they do, and you accept, then you cannot go on to seek compensation through a claim.
If you don’t receive a satisfactory response from the data controller, you can report this to the ICO. You should do this within 3 months of your last meaningful communication with the data controller; if you wait any longer, the ICO may not investigate the issue.
How Claims Could Be Made
You can pursue a compensation claim if you are able to prove that the data controller breached GDPR and never protected the personal information they hold on you. This is completely separate from any complaint you have made to the ICO. While the ICO are able to investigate and sanction companies who fail to adhere to data protection laws, they cannot award you compensation.
It’s not a requirement for you to have a solicitor act on your behalf if you choose to pursue a claim. However, the laws surrounding data breaches can be complex, and we recommend working with a solicitor who has experience in these kinds of claims.
For more help and advice about making a claim against a data controller if a data breach were to occur, please call and talk to one of our advisors today.
How Claims Could Be Valued
In a successful data breach claim, your compensation could consist of two heads of claim. Firstly, any financial loss you may have suffered as a result of the data breach would be compensated under material damages. Secondly, any stress or psychological harm caused by the data breach could be compensated through non-material damages.
You could claim psychological damage even if you suffered no financial loss. This is because of a landmark Court of Appeal case. The case was Vidal-Hall and others v Google Inc [2015], and the court held that the victims of the data breach could be compensated for emotional harm caused by the breach, even if they experienced no financial harm.
If you would like to know more about the circumstances that could justify a data breach claim, please call and speak with our team today. One of our agents will be happy to offer you free legal advice.
Calculate A Payout For A Data Breach At Cheshire East Council
Giving a one-size-fits-all answer to this question is difficult. This is because the circumstances of each claim are unique.
Instead, we have created this table below that shows possible compensation brackets. The Judicial College produces guidelines for valuing injuries. We are able to base our table on these because of Gulati and Others vs. MGM Ltd. In this case, it was decided that harm caused by data breaches could be valued in the same way as in personal injury claims.
Severity | Health Issue | Potential Damages | More Info |
---|---|---|---|
Moderate | Psychiatric harm or damage | £5,500 – £17,900 | In this category, we would place all moderate psychiatric damage. It is likely that the victim would recover fully in time, but there could be ongoing yet trivial symptoms post-recovery. |
Less severe | Psychiatric harm or damage | Up to £5,500 | In this category, we would place all less severe psychiatric damage. The victim may recover fully after a period of time, but there may be ongoing mental health issues that affect their life in some way. |
Moderately severe | Psychiatric harm or damage | £17,900 – £51,460 | In this category, we would place all moderately severe psychiatric damage. It is possible that the victim may recover to an extent, given time, but there would likely be ongoing symptoms post-recovery, potentially into the long term. |
Severe | Psychiatric harm or damage | £51,460 – £108,620 | In this category, we would place all severe psychiatric damage. There would almost definitely be ongoing mental health problems, potentially for the rest of the victim’s life. |
If you would like to get a more accurate estimate of the value of the compensation you could potentially claim, please call our team. One of our advisors can assess your claim for you.
Data Breach At Cheshire East Council – No Win No Fee Cases
It is very likely that you have heard or seen the phrase No Win No Fee before. But do you have a thorough understanding of what it means?
Put simply, a No Win No Fee agreement sets out the conditions that need to be met before your solicitor asks for payment. With this kind of agreement, you won’t be asked to pay them anything unless your claim is successful. They won’t charge you any ongoing fees as the claim progresses, and you also won’t be asked to pay them if the claim isn’t a success.
If the claim is won, however, a modest success fee will be deducted from your compensation. For more information about how this kind of agreement could benefit you, speak to a member of our team today.
Choosing A Specialist Solicitor
Should a potential data breach at Cheshire East Council occur, Legal Expert could help. Our legal team can evaluate your claim for you and then connect you with an expert data breach lawyer to begin working on it for you.
All you have to do is give us a call and speak to an advisor to get the ball rolling. Just explain your circumstances, and the advisor will then walk you through our claims process.
Beginning A Claim
Are you looking to make a claim for harm caused by a data breach? Or do you just want to know more about the steps you could take if a data breach at Cheshire East Council were to potentially occur? If so, we can help.
One of our advisors can arrange for a solicitor to start working on your claim right away. Use the contact details below to get in touch.
Telephone: 0800 073 8804
Use the live chat feature to the bottom-right of this screen
Fill out our online form
Supporting Resources
Here are some external links that have more relevant information.
- Make a complaint about the way an organisation has handled your data
- A guide to data protection
- Information on personal data breaches
Reading these other guides may also help.
- How To Claim For A Bank Data Breach
- Medical Data Breach Claims Explained
- Claiming Against A Local Council
- Foster Care Data Breach Claims
- Sickness At Work Data Breach Compensation Claims
- UK GDPR Breach Compensation Claims
- Child Custody Data Breach Claims
- Estate Agent Data Breach Claims
Data Breach And Subject Access Request FAQs
Here are some simple answers to common data breach claim questions.
What is a subject access request?
A subject access request is when you ask an organisation for information on what data they hold on you and how this is being used.
Who could make a subject access request?
Anyone can make a subject access request, as it is a basic right given to you by GDPR.
What happens if SARs are not complied with?
If the local authority does not comply with a subject access request, then you could make a complaint to the ICO.
Thank you for reading our guide on steps to take should a data breach at Cheshire East Council potentially occur. We hope that you’ve found it useful.
Written by Wheeler
Edited by Stocks