Thurrock Council Data Breach Claims Guide
Welcome to our guide on your rights if ever a Thurrock Council data breach occurred. We are going to look at how the UK GDPR (the UK General Data Protection Regulation) and the Data Protection Act 2018 (DPA) give you more control over how your data is used. We’ll also look at how the Information Commissioner’s Office (ICO) can penalise companies who fail to follow the rules. Finally, we’ll look at when you could seek damages if a data breach leads to financial losses or mental harm.
If you believe you have the grounds to claim, we can help. Our team will happily review your claim and provide free legal advice about how to continue. If the claim is strong enough, we could appoint one of our data breach solicitors to it. Should they agree to represent you, they’ll do so on a No Win No Fee basis.
Our advice line is open 24-hours a day, 7-days a week. To start your claim right away, please call us on 0800 073 8804. Alternatively, please read on to learn more about data breaches.
Select A Section
- A Guide On How To Claim Should A Thurrock Council Data Breach Occur
- Rates Of Cyber Security Incidents
- What Could A Thurrock Council Data Breach Be?
- Councils Compliance With UK GDPR
- Types Of Data Breach Under UK GDPR
- Children, Families, Adult Care And Social Housing Data Breaches
- Report A Data Breach Of The UK GDPR
- How To Make Compensation Claims For A Breach Of Data Protection
- Damages For A Breach Of The Data Protection Act
- How To Calculate Damages For A Thurrock Council Data Breach
- No Win No Fee Solicitors For A Thurrock Council Data Breach
- Data Protection And Data Breach Solicitors
- Talk To A Solicitor For Free
- Useful Links And Resources
- FAQs Data Breach Victims May Have
A Guide On How To Claim Should A Thurrock Council Data Breach Occur
Whenever you interact with the council these days, there will be some tick boxes or pop-up boxes involved. They will ask questions regarding the usage of your personal data. They may also ask for you to allow it to be processed. That’s because of the UK GDPR. Often, they will also need to seek your permission before using it. However, seeking consent to process and use your personal data is just one lawful basis. There are 5 others. So your consent may not always be needed.
Where the rules are broken, and data breaches occur, the ICO can launch an investigation. Where they find fault, they can fine up to £17.5 million (or 4% of the organisations turnover) or issue enforcement notices. However, they do not have any powers relating to compensation for the victims of data breaches. That’s why you may need to take your own action. We’ll guide you through the process of doing so and look at what level of compensation could be paid later on.
While some data breach claims have as long as 6-years to be started, those involving local authorities can have a 1-year time limit. Therefore, you should move quickly if you are thinking of claiming. That’s because there is some work that a solicitor will need to do before the claim is submitted.
If you are thinking of claiming and would like to check how long you have to start, please call our team. We’ll review your case and explain what you need to do next for free.
Rates Of Cyber Security Incidents
Unless you’ve been involved in one, you might not realise how frequently data breaches take place. That’s because, often, you’ll only read about large breaches and those involving cybercriminals. However, statistics from the ICO regarding local government security data incidents show:
- 40 reports of data being emailed to the wrong person.
- 13 cases of paperwork being lost, stolen or left in an insecure location.
- 11 incidents of verbal disclosure of personal information.
These figures relate to the first quarter of the financial year 2021/22. You can view all of the latest figures from the ICO here.
What Could A Thurrock Council Data Breach Be?
It is important to understand what a data breach is before claiming. We’ll provide some examples later on but the technical definition is:
- Where a security incident results in data that could identify an individual being destroyed, changed, disclosed, accessed or lost deliberately, accidentally or unlawfully.
Something to bear in mind is that not every breach will automatically allow you to claim compensation. For a solicitor to consider your data breach compensation claim against a data controller, you’d need to show that:
- Data that could identify has been involved in a data breach.
- Failure to protect the data led to the breach.
- You were harmed as a result. This could include both financial suffering and psychological injuries.
If a council’s computer systems were as secure as they could possibly be, if a data breach somehow managed to occur a claim would not be as likely.
If you’re not sure whether you are eligible to claim, why not call our advice centre today?
Councils Compliance With UK GDPR
In accordance with the UK GDPR, there must be a lawful basis to process personal data. Importantly, this can’t be achieved if it’s possible to complete a task using methods that don’t require personal information. Additionally, when processing personal data, the following principles apply:
- Data should be processed using methods that are legal, transparent and fair.
- Purpose limitation
- The data must be accurate and up to date.
- There isn’t a time limit but personal information should not be kept longer than necessary.
- Personally identifiable data must be processed confidentially and securely.
- A minimum amount of data should be processed to fulfil the requirements of the task.
- Data controllers must be able to show that they comply with these principles.
The rules of the UK GDPR apply to any personal data that’s processed by computer or electronic systems. It also applies to paper records that contain personal information.
Types Of Data Breach Under UK GDPR
To help you understand how a data breach might happen, we’ve listed some different example scenarios below:
- An employee searches for a friend or relatives details on the council’s computer systems without a business need.
- Where personally identifiable data is uploaded to the companies website.
- If a bulk email is sent but there was failure use the BCC field.
- Where encryption software is not used and a laptop containing personal data is stolen or lost.
- If a letter is posted to the wrong address and contains identifiable information about the intended recipient.
A data breach, whether caused deliberately, illegally or accidentally, can cause a data subject to suffer both emotionally and financially.
Where the breach affects a data subject’s rights, it must be reported to the ICO and the data subject without undue delay. If you receive a letter or email confirming your data has been leaked, you should keep it safe as it could be used as evidence.
Children, Families, Adult Care And Social Housing Data Breaches
There are many departments within any local authority that, at some point, will need to process personal data about clients. We have provided some examples of the types of documentation that could contain such data below:
- Social services/care records. These will contain information about adults or children in care. They will include personal details, care plans and care history.
- Tenancy agreements. The council will record your name, address and other personal details related to your property rental.
- Scanned identification. For security purposes, the council may ask to see your passport or drivers licence. Copies of these documents may be scanned and stored.
It is vital that councils secure these documents properly so as not to allow them to be leaked and exposed. If you have any questions or would like your case assessed for free why not call our team of advisors who are available 24 hours a day 7 days a week.
Report A Data Breach Of The UK GDPR
At the beginning of this guide, we explained that the ICO can investigate potential data breaches. You might think that you should therefore contact them as soon as possible if you have evidence a Thurrock Council data breach has taken place. That’s not always necessary though.
It is possible to claim compensation for your suffering without involving the ICO:
- Write to the data controller and ask for information in regards to a potential data breach
- If you don’t agree with their answer, escalate the complaint further. You should be told how to do this within the reply.
- Before 3-months have passed since your last meaningful update, you could report the incident to the ICO.
If the ICO does investigate, their report could help to prove what happened and what data was involved. They could also issue a fine or issue enforcement action. However, this still won’t result in you being compensated. The only way to seek damages is to take action yourself.
Please feel free to speak to one of our advisors to find out what you should do next.
How To Make Compensation Claims For A Breach Of Data Protection
You could follow this process to file a claim for a council data breach:
- Send a formal complaint to the council about how you believe they’ve caused your data to be exposed in a data breach.
- Collect evidence including the response from the council. Additionally, you could use financial and medical records.
- Call Legal Expert to have your claim reviewed for free.
Damages For A Breach Of The Data Protection Act
You’ll need evidence to support your claim and justification for every penny you claim for. Under UK GDPR rules, you are allowed to claim for:
- Material damages. Any financial losses, costs or expenses caused by the data breach.
- Non-material damages. Any distress that has resulted from the breach.
As an example, if your bank details were stolen during a data breach and used by criminals, you could claim for any money taken from your account. For non-material damages, you might include any conditions like stress, anxiety or depression.
However, you will also need to think about future suffering too. Before a claim can be settled, you’ll need a medical assessment. Your solicitor can arrange a local appointment to avoid excessive travel. In your appointment, an independent expert will review your medical records and discuss your injuries with you. They will then report on what injuries you’ve sustained and provide a prognosis too. Any future suffering will need to be factored into your claim.
As you’ll have noticed, there is a lot to consider before finalising your claim. It’s important to include everything as you’re only allowed to claim once. We believe that you stand a better chance of receiving the correct amount of damages if you let an experienced solicitor represent you.
We can check if one of our data breach solicitors can help with your case if you call our advice centre today.
How To Calculate Damages For A Thurrock Council Data Breach
When making data breach claims, we can look to recent court cases to understand how compensation is awarded. In the case of Vidal-Hall and others v Google Inc [2015] at the court of appeal, it was held that:
- A claimant can seek damages for mental harm whether they’ve lost money or not.
In the past, psychological injuries like stress and anxiety could only be claimed if you could prove the data breach had a financial impact.
In another case, Gulati & Others v MGN Limited [2015], the court ruled that:
- Any compensation paid for mental injuries should be in line with personal injury compensation.
Therefore, the compensation table below uses compensation ranges for personal injuries as listed in the Judicial College Guidelines.
Type of Injury | Injury Level | Settlement Range | Additional Information |
---|---|---|---|
Psychiatric Damage | Severe | £51,460 to £108,620 | The vicitm will be given a very poor prognosis. They will be vulnerable, treatment is unlikely to help them and they will struggle with relationships, work and life in general. |
Psychiatric Damage | Moderately Severe | £17,900 to £51,460 | The victim will have similar significant issues. The prognosis will be more optimistic though. |
Psychiatric Damage | Moderate | up to £17,900 | Similar issues as those detailed above will affect the victim. However, the prognosis will be good due to several marked improvements. |
PTSD | Severe | up to £94,470 | The victim won’t be able to work or return to their previous levels of functioning. The symptoms will be permanent and affect all aspects of their life. |
As these figures are for guidance only, please call if you’d like a more personalised estimate following a free case review.
No Win No Fee Solicitors For A Thurrock Council Data Breach
If a data breach at Thurrock Council occurred we could help. We can assess your case for free. Our team of data breach solicitors provide a No Win No Fee service. As a result, you’ll find the process of claiming a lot less stressful.
After your case has been reviewed, you’ll be given a Conditional Fee Agreement (CFA) if the solicitor accepts your case. The CFA will show you what needs to happen before you need to pay any solicitor’s fees.
If a claim is won, you’ll pay the success fee listed within your CFA. It is a fixed percentage of your compensation that will be deducted to cover your solicitor’s work. You needn’t worry about this too much as success fees are capped by law to stop overcharging.
If you want to check if your case is suitable for a No Win No Fee service, please call today.
Data Protection And Data Breach Solicitors
As we’ve said, we think our solicitors can improve your chances of being fairly compensated. They are registered with the Solicitors Regulation Authority and have been helping clients for decades.
To make everything as efficient as possible, we don’t ask you to waste time visiting our offices. Instead, if your claim is taken on, we’ll manage it online, over the phone and by email.
To learn more about how we can help with local authority data breach claims, please get in touch. Also, you find out what other clients have said about our service by visiting our reviews page.
Talk To A Solicitor For Free
Thank you for reading this guide about actions that could be taken should a Thurrock Council data breach occur. If you’d like us to support you with your claim, you can reach us by:
- Calling 0800 073 8804 to discuss your case with a friendly advisor.
- Emailing info@legalexpert.co.uk with information about your claim.
- Asking an online advisor to explain your options in live chat.
- Using our online enquiry form and telling us when you’d like a call back.
Our data breach claim service includes a free telephone review and legal advice on how to proceed. If your case is accepted, your solicitor will provide a No Win No Fee service. Please get in touch to find out more.
Useful Links And Resources
Within this section, you will find information from other organisations that might help you as well as some more of our guides about data breach claims.
Right Of Access – This guide explains how to make a Subject Access Request (SAR).
Post-Traumatic Stress Disorder – A guide on PTSD from UK charity Mind.
UK GDPR For Local Authorities – Information about the GDPR from the Local Government Association.
Data Breaches By Schools – Details of how school data breaches could result in compensation claims.
Breaches at Social Services – A look at how information held by social services could be involved in a data breach.
Employer Data Breaches – This article explains how you could sue your employer if they expose your personal information.
Other Guides Available
- Sickness At Work Data Breach Compensation Claims
- UK GDPR Breach Compensation Claims
- Child Custody Data Breach Claims
- Estate Agent Data Breach Claims
- Discrimination Data Breach Claims
FAQs Data Breach Victims May Have
In this final section of our guide about your rights, if a Thurrock Council data breach arose, we have listed some common data breach questions.
What should you do if you are a victim of a data breach?
If you find out about a data breach involving your data, you should ensure you keep an eye out for any fraudulent activity. You may wish to gather evidence to support your claim and then contact a data breach lawyer for advice on your options.
What are the potential consequences of a breach of personal data?
While some data breaches cause no problems at all, others can have more serious implications. For example, if personal information about you is leaked to friends or family, you could suffer embarrassment and anxiety. Where criminals are involved, there might be a financial impact as well.
What are my rights if my data has been breached?
If a company suffers a data breach that involves the rights and freedoms of the public they should inform the ICO within 72 hours. You should also be informed without undue delay. That means you’ll receive a letter or email outlining when the breach took place, how it occurred and what data was involved. If a data controller failed to secure your personal information you may have the right to seek compensation.
Can I sue if my data is leaked?
Ultimately it depends on how it happened. If a data controller does everything in their power to keep your personal data safe but it is leaked anyway you are less likely to have a valid claim.
Therefore, should a Thurrock Council data breach take place you can call our team of advisors any time of the day or night. Please get in touch if you require any further information.
Written By Hambridge
Edited By Melissa.