We've been featured in:

Greater London Authority Data Breach Compensation Claims Guide – How Much Compensation Can I Claim?

Can You Claim Compensation If The Greater London Authority Breaches Your Personal Data?

This guide aims to provide help for anyone who has experienced a potential Greater London Authority data breach.

It is normal for large organisations such as the Greater London Authority to collect personal data from their key stakeholders. This may include GLA employees and other individuals they have a working relationship with. Consequently, the Greater London Authority should abide by the UK General Data Protection Regulation (GDPR). This is to protect any personal data they collect or process.

Greater London Authority data breach

In this guide, we will look into the causes of data breaches. And we will explain how to claim compensation if you have evidence of a valid claim.

Legal Expert would help you if you’ve suffered psychologically or financially because of a data breach caused by a third party’s security failings.

To see if you could begin your compensation claim, call our claims advisors on 0800 073 8804. Or fill out our online claims form for a callback. On the other hand, continue reading this guide to learn more.

Select  A Section

A Guide To Greater London Authority Data Breach Claims

The Greater London Authority (GLA) is the devolved governing body for the London region. The GLA has jurisdiction over Greater London and the City of London. There are two branches of the Greater London Authority. The first is the mayoralty, and the second is the London Assembly.

The Greater London Authority has three functional bodies:

  • Transport for London (TfL)
  • The London Fire Commissioner
  • The Mayor’s Office for Policing and Crime

(London’s local councils, also known as local authorities, are a separate governing body to the GLA.)

This guide aims to help you understand what a data breach is and under what circumstances you could claim. In addition, we will look at how to claim compensation.

Making A Greater London Authority Data Breach Claim

If you have evidence of a justifiable claim, Legal Expert could connect you with a knowledgeable solicitor to work on your case. Our solicitors offer their services on a No Win No Fee basis.

However, please note that there is a time limit in the UK for making a data breach claim.

  • The data breach claims time limit is six years.
  • However, with data breach claims time limit is one year when the claimant’s human rights were violated.

To see if you can begin your compensation claim, contact Legal Expert today.

Data Security Trend Statistics

The annual Cyber Security Breaches Survey 2021 makes for sobering reading. The survey tells us that from March 2020 – March 2021, 39% of businesses and 26% of respondent charities experienced a data breach.

It seems larger organisations are at greater risk of experiencing a data breach. For example, 65% of medium businesses and 64% of large businesses had experienced a data breach. Likewise, 51% of high-income charities had had a data breach at their organisation.

What Is A GLA Data Breach Damages Claim?

What happens if a Greater London Authority data breach takes place?

A data breach begins with a security incident. As a result, the security of personal data that the organisation holds is compromised. It could be lost, accessed, destroyed, disclosed or changed without a lawful reason.

A data controller decides why and how personal data is collected or processed. The data subject is the person whose personal information is collected or processed.

Below are some examples of what could constitute a data breach:

  • Personal data exposure incidents
  • An organisation loses or destroys personal data without a lawful basis
  • An unauthorised person steals personal data
  • The alteration or encryption of personal data occurs without a lawful reason
  • Unauthorised persons gain access to the personal data

The causes of data breaches can vary. Many data breaches happen because of human error. For example, an employee may accidentally attach a file to a mass email containing personal data belonging to employees. Therefore they would share their employees’ personal data without permission or another lawful reason.

On the other hand, malicious actors can also cause data breaches. For example, cybercriminals can hack into unsecured online systems to access personal information and hold it for ransom.

Data breach victims can suffer emotional distress as a consequence. What’s more, criminals may use stolen bank details to target victims for theft. Consequently, the data breach victim may also experience financial losses.

If an authority’s failings led to a data breach involving your personal information and caused you psychological or financial damage, you could be compensated. You may be eligible to make a data breach claim for compensation.

Are Local Authorities Exempt From GDPR?

Governing bodies and local authorities should follow the rules of the UK General Data Protection Regulation (GDPR).

The GDPR is a set of EU data protection regulations. It was enacted into UK law via the Data Protection Act 2018.  It sits alongside the UK GDPR.

When an organisation or authority collects or processes personal data, it should ensure it abides by data protection law. This is to enable the protection of people’s personal information.

Here are some core tenets of the UK General Data Protection Regulation:

  1. Organisations should take measures to protect the data they collect from the public.
  2. An organisation can be held liable for any data breaches that occur if their failings caused it.
  3. Furthermore, an organisation should have systems in place to prevent data breaches from taking place. This could include an adequate cybersecurity system.
  4. And finally, if an organisation’s failings cause a personal data breach, the data subject can claim data breach compensation if they suffered psychologically or financially as a result.

This guide aims to help you understand what you could do after a potential Greater London Authority data breach. If you have any questions, why not get in touch?

Types Of Local Authority Data Breaches

Though the GLA isn’t a local authority, it does work within the government system. Now, let’s look at some examples of local authority data breaches that could take place:

  • A local authority can commit a data breach by sending a letter containing personal information to the wrong address, despite having the correct address on file. Therefore, an unauthorised third party could receive the personal data.
  • The authority shares a document without redacting the personal information contained within. Therefore, the authority could share personal information without permission or another lawful basis.
  • A social services department shares confidential personal information about a client with other family members without permission or another lawful basis.
  • An authority employee loses their work laptop that contains unsecured personal data. Therefore, unauthorised individuals access confidential files on the device.
  • The receptionist leaves an unsecured confidential file containing personal information on a public-facing desk. This enables unauthorised persons to view personal data.
  • A local authority can be the target of a cyber attack. This can happen if its computer security systems haven’t been updated. This could enable criminals and other malicious actors to steal personal data.

Have you been affected psychologically or financially by a local authority breach of data protection? Then please get in touch with Legal Expert today to speak to an advisor. If we can see that you are owed data breach compensation, we could connect you with a skilled data breach lawyer to start working on your claim.

Rent Statement Tenancy Record Data Breaches

Local authorities often provide social housing. This is low-cost housing owned by the local authority and is rented out to those in need of it. Local authorities collect, process, and store data that belong to tenants to carry out this process.

Local authorities should have processes to protect this data from becoming exposed. Many tenants are vulnerable people.

Here are some examples of personal data that local authorities may hold on their public housing tenants:

  • Names
  • Addresses
  • Original tenancy documents
  • Scans of tenancy audit documents
  • Contact details such as phone numbers and email addresses
  • Passport numbers and scanned passport documents
  • Information about the tenant’s personal characteristics such as race, gender or disability status

Again, local authorities should safeguard their tenants’ personal data. They may do so and suffer a data breach regardless. Not every data breach will be caused by the authority’s positive wrongful conduct.

However, a data breach could occur because the authority neglected to implement required cybersecurity measures or didn’t train staff in data protection where necessary. If this happens and it causes you to endure psychiatric damage or financial loss, you could claim.

Essentially, the data breach needs to be a product of the authority’s positive wrongful conduct and cause you mental or financial harm in order for you to be able to potentially claim.

Please be aware: you do not have to use data breach solicitors in London to work on your claim. You can use a solicitor based anywhere in the country. Legal Expert could connect you with a skilled data breach solicitor to handle your claim. Why not reach out whenever you’re ready?

Do You Have To Start With A Complaint To The ICO?

In this part of our guide on what you could do after a potential Greater London Authority data breach, we look at trying to resolve issues regarding data privacy.

We will now look at how the data breach claims process works. We will start by answering some questions you may have about making a personal data breach claim.

If a personal data breach has affected you, we recommend that you report the breach to the Information Commissioner’s Office (ICO). The ICO is an independent authority. The ICO protects the public’s data privacy rights.

It is responsible for upholding the GDPR in the UK. What’s more, the ICO can issue local authorities with data breach fines if they breach personal data protection law.

If you wish to take steps to resolve the data breach issue, you could:

  • Firstly, report the data breach to the authority whose failings led to it. If you are not happy with the response, you could escalate your complaint. The authority may be able to resolve the problem internally.
  • Secondly, you can report the data breach to the Information Commissioner’s Office. Please do so if three months have not yet passed since your last meaningful communication with the authority.

To begin your data breach compensation claim, you do not need to have already contacted the ICO. In fact, we recommend beginning your claim as soon as possible to avoid falling outside of the time limits.

How Do I Sue A Local Authority For A Data Breach?

Legal Expert can help you if you’re eligible to claim compensation for a personal data breach.

How Can Legal Expert Help You?

  • Our knowledgeable solicitors have experience handling data breach claims.
  • What’s more, our solicitors can handle your claim on a No Win No Fee basis.
  • Moreover, your solicitor will try to value your claim accurately.
  • Our solicitors can work on your case from anywhere in the country, so you’re not restricted to the solicitors in your area.

Call our claims advisors today for your free consultation. If we can see that you have a favourable claim, an expert solicitor could start working on your claim right away.

What Could You Be Compensated For?

For many people, being the victim of a personal data breach can be an emotionally distressing experience. Some individuals may even suffer psychological injuries as a result of having their personal data privacy breached. For example, the victim may develop anxiety, stress or depression after a data breach. It could even worsen pre-existing conditions.

What’s more, when someone’s personal data privacy has been breached, criminals may use their personal data for fraudulent purposes. This can lead to the person suffering financial losses. For example, criminals may use stolen payment card data to make purchases.

Victims of a data breach caused by an authority’s failings could claim any emotional distress or psychological injuries caused by the data breach. This is referred to as non-material damages.

Similarly, they could claim compensation for any financial losses that were caused by the data breach. This compensation is referred to as material damages.

Thanks to Vidal-Hall and others v Google Inc [2015], claimants can seek compensation for psychological harm in a data breach claim without having also suffered financial loss. Before this case, that wasn’t possible.

Plus, because of the case, compensation for psychological harm can be valued as it is in personal injury law.

Greater London Authority Data Breach Compensation Calculator

You can use the compensation table below to estimate how much compensation you could receive for psychological harm caused by a data breach. This is otherwise known as non-material damages.

Please note that the compensation payout amounts listed in this table are based on guidelines, which the Judicial College has produced. These guidelines help solicitors when they’re valuing injuries.

How much compensation you receive can vary depending on the individual circumstances of your case.

Edit
Type Of Psychiatric Harm Suffered Severity Damages About The Harm Suffered
Psychiatric Injury Severe £51,460 to £108,620 At the severe level there is likely to be a poor prognosis. The damages should account for the overall effect on the person’s life and their ability to return to education, work or social life and relationships.
Psychiatric Injury Moderately Severe £17,900 to £51,460 The victim could suffer issues in the same aspects of their life as above. However, they should have a better prognosis.
Psychiatric Injury Moderate £5,500 to £17,900 The person could have been affected in a similar way to those above but should have a better prognosis. They could already have recovered from the harm caused.
Psychiatric Injury Less Severe Up to £5,500 The claimant may experience similar symptoms to the above. The settlement will take how long these symptoms persist for into account.
Post-Traumatic Stress Disorder (PTSD) Severe £56,180 to £94,470 There could be a permanent effect on the person’s ability to work or to be able to work at their pre-trauma level. All parts of the person’s life could be affected.
Post-Traumatic Stress Disorder (PTSD) Moderately Severe £21,730 to £56,180 The person will have been given a better prognosis for recovery through professional care. The effects of PTSD may still cause significant disability for some time to come.
Post-Traumatic Stress Disorder (PTSD) Moderate £7,680 to £21,730 They should have mostly recovered and there should not be any severe, permanent disabling symptoms.

In order to prove your psychological injuries were caused or worsened by the data breach, you should need to attend a medical assessment. It’s part of the claims process.

The independent medical professional who assesses your condition would create a report. This report would reflect the severity of your injuries. Additionally, if you use the services of a solicitor, they can use the report to value your injuries.

The compensation table above doesn’t include estimates for potential material damages. However, an advisor can accurately estimate how much compensation you could claim if you call our helpline.

No Win No Fee Greater London Authority Data Breach Claims

At Legal Expert, we believe that data breach claims should be accessible to all. This is why we offer our clients the choice to make a No Win No Fee claim. It means that you will not have to pay a success fee in the event that your claim is not successful.

No Win No Fee claims work by the claimant signing a Conditional Fee Agreement (another term for No Win No Fee agreement). They agree to pay a success fee, only on the condition that their solicitor wins their claim. This lowers the financial risk involved in funding a solicitor’s services to make a claim.

Moreover, the claimant will not have to pay their solicitor’s fee before work on their claim begins. Instead, the success fee is deducted from their compensation payout at a legally capped percentage.

Plus, under No Win No Fee agreements, there are no ongoing solicitor fees during the claim.

Our solicitors offer their services on a No Win No Fee basis. Contact Legal Expert today.

How To Find A Specialist Data Protection Solicitor

To begin your data breach claim, contact Legal Expert using the details below:

  • Call our claims advisors on 0800 073 8804.
  • Please write to us using the claims form on our website.
  • Ask a legal advisor a question using our Live Support widget. It’s on the bottom right-hand corner of your screen.

Additional Resources

We hope that this guide on what you could do after a potential Greater London Authority data breach has been helpful. You’re welcome to review these other data breach guides if you wish to know more.

How To Report A Data Breach Incident

Medical Records Data Breach: How To Claim Compensation

University Of London Data Breach Compensation Claims Guide

NHS Data Breach Compensation

Make A Complaint: Data protection guidance from the Government

Raising A Concern With An Organisation: An ICO guide

Be Data-Aware: An ICO guide

Other Useful Guides

Frequently Asked Questions

We will now answer some common FAQs about making a data breach claim.

Do I need to wait for criminal prosecution?

If you wish to claim compensation for a data breach, you could claim without waiting for criminal prosecution. Likewise, you can claim compensation even if the organisation does not receive an ICO fine.

Do I have to report the data breach?

You will not have to report the data breach to the ICO to claim. The organisation may be able to resolve the matter internally.

What do I need to show for a data breach?

To make a successful data breach claim, you will need to provide evidence. Usually, you will have a notification from the organisation telling you that your data was affected, which you can use as evidence. Similarly, medical evidence that proves you were psychologically injured because of the breach can also be used. In addition, you can use documents that prove you suffered financial losses due to the breach.

How long after a breach of data privacy could I claim?

There is a six-year time limit to making a data breach claim. However, you will only have one year to claim compensation if the data breach violated your human rights.

Thanks for reading this guide on what steps you could take after a potential Greater London Authority data breach.

Written by Chelache

Edited by Victorine