Recently, HNK Solicitors acted on behalf of a client, who will be referred to as SH, in a data breach claim against Cheshire East Council.
The data breach occurred after SH was subject to an anonymous complaint regarding their children. Although the complaint was not upheld, during the initial investigation Cheshire East Council, the Defendant, divulged personal data, and the context of the complaint with an unauthorised person(s). This is a clear breach of SH’s legal rights, and therefore they were entitled to claim for compensation.
This data breach caused much distress for SH, as their private and personal information was shared without their consent to an unauthorised individua. As they had no assurance that this data wasn’t further shared by this individual, it put them at further risk of potential malicious action. As a result, they came to HNK Solicitors looking for help to seek damages for the distress caused by this breach.
The law surrounding data breaches
The Data Protection Act 2018 and the UK General Data Protection Regulation both impose extensive and detailed requirements on organisations that store or process personal data. One part of those requirements is an obligation to ensure that personal data is processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, by using appropriate technical or organisational measures.
A breach of this obligation, as well as any other data protection obligations, entitles those that are affected to claim compensation for the distress and inconvenience suffered as a direct result of the data breach.
The data breach claim
SH approached HNK Solicitors in September 2021 and instructed us on their behalf in this matter. We accepted instructions on a no-win, no-fee basis and the case was handled by one of our Partners, Brian Higgs.
HNK claimed damages for breaches of legal obligations under the Data Protection Act 2018, the General Data Protection Regulation (GDPR), a breach of confidence and a misuse of private information.
A letter of claim was served on the Defendant. The Defendant accepted the incident occurred in response to the Letter of Claim, seeking full details of SH’s claim to assess likely amounts of damages they would have to pay.
Brian Higgs reviewed the response provided by the Defendant and sought to obtain from SH a Schedule of Information, as to how the data breach incident impacted them.
Once the necessary details were finalised, Brian Higgs returned to the Defendant putting forward the following submissions:
- It remained SH case that the Defendant had unlawfully, and without consent, exposed their personal data inclusive of specifics surrounding an anonymous complaint to an unauthorised person(s).
- There was no guarantee that the personal data divulged had not been shared beyond the unauthorised person(s) who received it, placing SH at future risk of malicious actions.
- The personal data shared was not minor and/or insignificant and far exceeded the required de minimus threshold which gave rise to a claim for compensation.
- The Defendant’s actions caused SH significant levels of distress and inconvenience, supported where necessary with appropriate case law.
In addition to the submissions, Brian Higgs advised SH to put forward an offer to resolve this claim at this early stage and without the need to commence litigation.
Following negotiations, SH case settled in the sum of £7,000 in full and final settlement of damages and costs.
Get in touch with HNK Solicitors if you have been the victim of a data breach
If your personal data has been inaccurately processed, exposed, lost, or insecurely held, contact our Data Protection department to see if we can assist with obtaining compensation on your behalf. Get in touch with our expert data breach protection solicitors today on 0151 203 1104 or email us at firstname.lastname@example.org.