We all understand that Local Authorities must keep detailed records on the children under their care and supervision and their families. They also have a legal obligation to keep such sensitive and personal records confidential, except from the professional people who need to see them.
Discovery
Mr and Mrs C have a daughter who is under Lancashire County Council’s care and supervision. They recently conducted an assessment of her educational, health and care needs. Following the Council’s assessment, their SEN and Disability Officer attached a significantly detailed Educational, Health and Care Plan (20 pages) to another family’s email by mistake.
The Education, Health and Care Plan disclosed the following personal and sensitive information pertaining to the parents:
Representation
Upon receipt of this email, the other family contacted Mr and Mrs C to inform them of what had happened. Distressed, Mr and Mrs C contacted data breach/GDPR specialists Irvings Law to advise on the law and assist them. Without hesitation, Mr McConville, who is the Head of this expert department agreed that Mr and Mrs C’s privacy and personal data had been unlawfully infringed and so offered ‘no win, no fee’ terms to them to enable a claim to be pursued by them both.
Mr McConville then lodged a formal complaint to the Council. In response, the Council ‘sincerely apologised’ for their ‘mishandling’ of the personal information and confirmed that they had reported the matter to the Information Commissioner’s Office (ICO). Further, the Council confirmed that their SEN and Disability Officer’s actions were ‘not excusable’ and he is ‘now required to attend a further classroom based information security awareness course’, Also, all other Council ‘employees have been reminded to check the accuracy of any correspondence before it is sent out’.
Following this admission Mr McConville sent a Letter of Claim to the Council on behalf of Mr and Mrs C which alleged that there had been a Loss of Control / Breach and/or Invasion of Privacy / Breach of Article 8 of the Human Rights Act 1998, a Breach of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, a Breach of Confidence / Breach of Article 8 of the Human Rights Act 1998 and a Misuse of Private Information.
Resolution
Following receipt of this Letter of Claim, the Council responded and confirmed that it ‘was accepted that there has been a breach of the GDPR and Data Protection Act 2018’. Given this admission, Mr and Mrs C put forward a Part 36 offer in the sum of £1,000.00 and £3,000.00 respectively. This was then accepted by the Council without delay. However, Mr McConville is now pursuing claims for Mr and Mrs C’s son and daughter who were also mentioned in great detail within the erroneously sent email.
It is difficult to imagine a more sensitive and distressing accidental disclosure for the family concerned. To their credit Lancashire CC accepted that there was no excuse for this and were willing to offer appropriate compensation. We hope that they are able to prevent such breaches occurring again.
Go back to all newsThis is a question you may be asking yourself if you feel that you are entitled to some form of compensation. Why not ask us the question instead?
We offer free initial advice with absolutely no financial risk for you with our no-win-no-fee promise.
Please fill in the form with some basic details and one of our staff will be in touch to follow up your enquiry.