Local Authority’s Data Breach Leads To £4,300 Compensation

A data breach occurring as a result of a Local Authorities error in posting an un redacted report to our client’s former coercive and controlling partner. The client receiving £4,300.00 in compensation.

Keith McLaughlin, litigation executive who specialises in data breach claims, represented the client on a “no win no fee” basis.

Call Keith on 0151 242 9000 if you want to claim compensation for a breach of your data protection rights.

The Data Breach made in Error

The Clients claim resulted from the Defendants failure to ensure a redacted copy of a report was sent to our client’s former coercive and controlling partner.  The Defendants error gave our clients former partner our client’s address, something that she had strived to ensured did not happen

The disclosure of this information caused significant distress and anxiety to our client.

Keith considered that:

  • The Defendants were a ‘data controller’ within the meaning of Article 4(7) GDPR;
  • The Client was a ‘data subject’ within the meaning of Article 4(1) GDPR;
  • Pursuant to Articles 5 and 6 GDPR the Defendants were under a duty to comply with the data protection principles in relation to all the personal data of which it was the data controller.

Upon review of the evidence Keith considered the client had the following causes of action against the Defendant:

  • Negligence:
    • The Defendants owed the client a duty of care at common law to avoid exposing her to a risk of physical harm;
  • Breach of Article 5(1)(a) GDPR.
    • The Defendants failed to process the Clients data lawfully, fairly and in a transparent manner. The client did not consent to her data being processed, in the manner and there is no other lawful basis under Article 6 GDPR for such personal data to have been so processed.
  • Breach of Article 5(1)(b) GDPR:
    • The Defendants failed to ensure that the client’s personal data would be collected only for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with those purposes.
  • Breach of Article 5(1)(f) GDPR.
    • The Defendants failed to process the client’s personal data in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing.
  • Misuse of Private Information and Reasonable Expectation of Privacy.
    • The Clients address was private in that it is protected by Article 8 and she had a reasonable expectation of privacy about it.
  • Breach of Confidence
    • The Client had permitted her personal data to be collected by the Defendant for a specific purpose. The data was private and given in confidence and the client therefore expected that it would remain private.
  • Breach of Article 8 of the Human Rights Act
    • The misuse of the Clients personal data has seriously and adversely interfered with her right to respect to a private and family life.

Upon considering the clients case, Cobleys Solicitors agreed to act under a conditional fee agreement (CFA) on a “no win no fee” basis.

Commencing the Data Breach Claim

Cobleys acted promptly upon being instructed by the Client.  The client’s losses were fully investigated; it was considered that the client’s distress/anxiety was sufficient enough to warrant the instructing of a Clinical Psychologist to prepare a psychological report detailing the effects of the breach upon the client.

Cobleys then forwarded our client’s Letter of Claim to initiate the relevant pre-action protocol to the Defendant.

The Defendants investigated the claim brought against them and responded by confirming that they accepted that the data breach occurred, as alleged, and no defence was to be put forward.

The Defendants settled the clients claim for £4,300.00 plus the client’s legal costs.