Mr Matthew McConville, the Head of our specialised Data Breach Department at Irvings Law has successfully represented two clients in a data breach compensation claim against a council. Mr McConville’s clients have entered into a confidential settlement agreement and so either party will not be named for the purposes of this case report but instead the Council will be referred to as ‘A’ and Mr McConville’s client’s will be referred to as ‘B’.
B received a telephone call from A to confirm that their data had been breached. It was explained to B that their data had been emailed to the wrong person. After raising concern and also confirming their correct email address, B then received a copy of what data had been breached the next day.
A asked B to ‘please also accept our apologies once again for the breach of data. I have attached the formal response to this incident and copies of the original documentation issued. The original letters [were] in relation to the Disability Related Expenditure Appeal asking whether you would like to proceed further to Stage 2 of that appeal process’. The said formal response confirmed that ‘the Council has been contacted by an individual in relation to a potential breach of the General Data Protection Regulations. The person who contacted the Council advised that they had received in error, an email containing social care financial assessment correspondence intended for yourself, which included financial information and care contribution charging assessments. The Council considers any actual or potential breaches of the Data Protection Act very seriously and it is clear that this customer should not have received any information in respect of your social care assessment or charges. This matter has been investigated and it has been confirmed that a letter and breakdown of your financial assessment has been emailed to the customer in error. … The internal investigation has confirmed that this matter clearly came about as a result of an officer’s error. The officer has since been made aware of the mistake and warned of the need to remain vigilant when corresponding with customers by email. In addition, internal processes are being reviewed and strengthened to ensure that there is no re-occurrence of this type of incident. On behalf of the Council, I would like to sincerely apologise for this incident and any inconvenience or stress that this may cause you’.
The said information pertaining to B that was incorrectly sent to a third party in error included the following:-
- A letter concerning Home Care Charges,
- Income details which refer to mobility and disability, and
- A breakdown of Financial Assessment from 27/05/2019.
Wanting further recourse, B contacted Mr McConville for expert assistance and he, without hesitation, offered to act for them on a no win, no fee basis and once instructed, Mr McConville lodged a Letter of Claim as A inherently failed to adequately keep B’s personal information secure and confidential which resulted in details of B personal and sensitive information being disclosed to a stranger without his knowledge and consent.
Specifically, Mr McConville alleged that A had breached / invaded B’s privacy under the Human Rights Act, had breached the Data Protection Act 2018/the General Data Protection Regulation (GDPR) as well as confidence following their misuse of private information pertaining to B.
In response to the presented claim, A admitted liability and made a derisory offer of settlement. After tough negotiations from Mr McConville, B settled their claim against A for £27,500.00 without Court proceedings needing to be served.