In October 2019, around 4,000 customers were altered to the possibility that their data had suffered a breach through their housing association. The housing charity, Home Group, based in Newcastle, contacted their customers and alerted them to the risk after they became aware that names, addresses and contact information had been leaked. A third-party cyber-crime security expert raised the issue immediately and Home Group acted to resolve the situation promptly. Below, we’ll look at the justifications behind data protection breach claims against Home Group.
Data Protection Laws
The General Data Protection Regulation (GDPR) came into effect in 2018. It was enacted into UK law via the Data Protection Act 2018. The legislation was brought in to combat the careless and abusive use of personal data on and offline that could give rise to exploitation and criminal opportunity. These laws aim to give more power to the customer and citizen by requiring all those who possess and use our data to do so in a more strictly legislated way.
In view of this, the Information Commissioner’s Office (ICO) is an independent body tasked with upholding these laws. With the power to enforce compliance and issue strict penalties, GDPR rules are a serious matter for everyone to consider.
Home Group and other housing charities like it have a legal responsibility to handle your information with the utmost scrutiny and care.
If you have evidence that proves that you suffered either mental or financial harm because of the Home Group data breach, get in touch. We can provide free legal advice on your options, and if you wanted to make a claim, we can connect you with our specialist panel of data breach solicitors.
Get in touch with our friendly team today to discuss exactly what happened with your personal information by:
- Calling us directly on 0161 696 9685
- Emailing or write to us at Legal Helpline
- You may also use the ‘live support’ option, bottom right for instant legal help and advice about your data breach.
Select A Section
- A Guide On Data Protection Breach Claims Against Home Group
- What Are Data Protection Breach Claims Against Home Group?
- What You Need To Know About The GDPR And Third-Party Data Sharing?
- The Home Group Data Security Incident
- Calculating Compensation Settlements For Data Protection Breaches
- Are There Different Types Of Damages For Data Breaches?
- What Does The Information Commissioner’s Office Do?
- Make Data Protection Breach Claims Against Home Group With A No Win No Fee Solicitor
- Getting The Right Solicitor For Your Claim
- What Should I Do If I Had A Data Breach?
- Talk To A Solicitor About Your Data Protection Breach Claims Against Home Group
- FAQs About Making A Claim
- Where To Learn More
Changes in the law from 2018 mean that every agency, charity, organisation and business now have more legal responsibilities to protect your personal data. In this guide, we examine what exactly the GDPR means, how the ICO upholds the law and what rights you have to start data protection breach claims against Home Group if you can prove that you’ve suffered financial or mental damage.
Our personal information belongs to us. We entrust others with it on the understanding that they need to use it to provide better services. We expect them to have the appropriate in-house security systems to make it as difficult as possible for outside agencies or cybercriminals to hack into their databases and steal this information.
A case called Vidal-Hall v Google changed the position of the law on the right to claim compensation for data breaches. It used to be necessary for financial damage to have been suffered by claimants in order to seek compensation for emotional damage too. Since the decision made in this case, it’s now possible to seek compensation for either form of harm. This means with valid proof, you could seek compensation in data protection breach claims against Home Group.
Below, we show you how. Our compensation table demonstrates the sort of awards that can be made for such matters and we explain how a No Win No Fee data breach solicitor could help you right now at no upfront cost. Home Group and companies like it have a duty to keep our details safe. If they failed, you have a right to seek damages for a housing group data leak.
If you have any questions or would like to get a free case check, simply call us on the number at the top of this page.
Firstly, let’s be clear about what GDPR and the ICO define as a breach. Any accidental or deliberate loss, destruction, alteration or unauthorised sharing of our personal data that can result in social, economic and emotional harm to the data subject is defined as a breach.
In practice, there are numerous ways in which a breach could occur. Examples not confined to a housing charity include:
- Casual conversations amongst staff in which private and damaging details are exposed
- Laptops or USB sticks and smartphones left available for people to see, containing sensitive information without any security, such as encryption
- Theft or loss of sensitive devices that contain client information
- Social media posts that include protected details
- Failure to physically lock away private information
- Weak or out of date security software
- Failure to encrypt documents or to log off when using information portals
- Loss or damage in transit and storage, particularly physical records
- Incorrect destruction of documents, such as a failure to confidentially shred paperwork
Human error can account for a great part of data leaks. A constant threat is also hacking and cybercrime. Any of these incidents could create potential data vulnerability for its customers.
The Home Group data threat happened because a hacker with expert cyber-security knowledge was able to compromise their internal security software. This can happen easily with cybercriminals committed to finding weak spots in firewalls or sending malware viruses to disrupt security.
Home Group responded quickly and the information was secure again in under 90 minutes. Unfortunately, this may have been long enough for criminals to exploit vulnerable data.
Firstly, data sharing is not intrinsically wrong. Companies rely on it to improve services and provide a better level of customer care. We also give our consent to third parties in many different ways, such as:
- Shopping online
- Sending and receiving emails
- Using social media
This consent can be given deliberately by clicking cookie preferences on websites or it can be given tacitly by agreeing to terms and conditions yearly or when something changes. Three main parties are involved in the processing and use of our personal data:
- Controllers are those who are in possession of our data for the reasons as outlined in the GDPR core principles below. They must demonstrate compliance with these rules or risk a breach that could incur penalties and prosecutions for the individual, firm or organisation.
- Processors are those responsible for the processing and storage of data, either inside or outside of the controller’s realm. Breaches can happen during transportation or storage, sometimes involving sub-contracted processors.
- Third parties are the recipients of data. It’s important to note that they must use this data within the strictly agreed terms described below. Failure to do so, or over-stepping their rights with our information could constitute a breach.
ICO Core Principles in data handling
The ICO provides a wealth of information regarding our data rights. Their website explains in simple English how your data is being used, your right to get copies of your data, have it deleted or amended and how to object to its use. They have also identified seven core principles in the handling of data:
- Lawfulness, fairness and transparency – is the data use fair and legal?
- Purpose limitation – are there exact reasons for the data to be collected?
- Data minimisation – a restriction on the amount of data collected
- Accuracy – precision and regular updates
- Storage limitation – data only kept for limited periods, then properly deleted
- Integrity and confidentiality – security at all times and at all levels
- Accountability – admit breaches and take steps immediately to resolve them
These principles mean that there is a simple template for all organisations to refer to regarding data management. Proper staff training and software security can provide a very effective defence against hackers and outside parties who mean to do harm.
The ICO is sympathetic to the challenges faced by companies when ensuring GDPR compliance, but first and foremost their role is to protect those who have entrusted their data to others. Human error is no defence for a data breach.
Cybercriminals are constantly looking for the opportunity to breach security and steal data. In the Home Group data protection breach, only basic information was exposed. Names, addresses and contact details were leaked but no financial details were involved, so the breach could have been much more serious.
This may still have been sufficient for cybercriminals to sell names and addresses online for a profit. Criminals could then use this information to set up bogus credit cards or commit other forms of identity theft.
The ICO takes even the slightest breach very seriously for this reason. There is simply no way to accurately predict what hackers could have done with the data. Because of this, each infringement has the potential to cause real harm in the lives of those it affects.
Home Group is responsible for carefully safeguarding data from abuse. Failure on their part may have exposed you. If you can prove that you have suffered financial or mental damage because of this breach, speak to our team for free legal advice on your options.
A housing association data breach could result in both financial and emotional harm. At this stage, it’s not possible for us to advise you on the potential compensation award for financial damage without knowing more about your case.
However, we can gain an insight into the value of the mental impact, referred to as ‘non-material damage’.
The compensation table below includes a selection of suggested awards from the Judicial College Guidelines, a document used to calculate potential compensation for psychiatric and physical injuries.
|Psychiatric Damage - Severe||Severe problems that affect many areas of daily and social life.||£54,830 to £115,730|
|Psychiatric Damage - Moderately Severe||Significant problems with daily life. But, there is a more optimistic prognosis.||£19,070 to £54,830|
|Psychiatric Damage - Moderate||Marked improvement shave been made, despite having struggles with various problems.||£5,860 to £19,070|
|Psychiatric Damage - Less Severe||The effect on daily activities and sleep will be taken into account.||£1,540 to £5,860|
|PTSD - Severe||Inability to function the same as pre-trauma due to permanent effects.||£59,860 to £100,670|
|PTSD - Moderately Severe||Recovery is possible with help from a professional, but the person will still likely suffer for the foreseeable future.||£23,150 to £59,860|
|PTSD - Moderate||Largely recovered with any persisting symptoms not being majorly disabling.||£8,180 to £23,150|
|PTSD - Less Severe||A full recovery is made within 2 years, with only minor problems persisting after this.||£3,950 to £8,180|
Did you suffer any of the following due to the Home Group data breach?
- Increased anxiety or sudden nervous disorder
- Depression or PTSD caused by acute worry
- Diminished relationships due to mental stress and agitation
- Impact on your ability to function normally because of worry
- Thoughts of personal risk and even suicidal thoughts
Vulnerability and stress can wreak havoc in our lives. The remissive behaviour of anyone in possession of your personal data could provoke these problems. Remember, you were completely blameless in this event.
If you’d like a more precise estimate of what you could receive in data breach compensation, or if you’d like further details on what else can be factored into a claim, please get in touch with our team.
The ‘non-material’ damages you’ve suffered need medical evidence to prove that they were caused by the data breach and not some other contributory factor. An assessment with an independent medical specialist can provide the proof. If you decide to work with Legal Helpline, our specialist panel of lawyers can arrange this appointment for you as close to your home as possible.
To be compensated for ‘material’ damages it is necessary to show how the data breach affected you financially. This can be in the form of bills or statements that prove any of the following:
- That money was taken from your account without your knowledge or consent
- You had to pay for psychotherapy counselling to cope with the stress
- You lost work due to mental stress
- There was fraudulent credit taken out in your name
- Damage to your reputation or credit rating scores
There could be other things happening that you are unaware of. When you reach out and connect with Legal Helpline, we can discuss the full implications of your housing association data breach. Once everything is in the open, a No Win No Fee data breach lawyer could help calculate a compensation amount that truly addresses every aspect of the damage.
Whether it’s material or non-material damages, it’s important to be as accurate as possible. You have 6 years to make a data breach claim from the date you obtained knowledge of the breach, which may seem ample, but collecting facts can take longer than you think. Also, you can only realistically claim for a data breach once. So therefore it’s essential to ensure that you include every possible impact of that breach.
For example, credit card theft can result in late fees and charges long after the initial fraud has been detected. Your credit rating can suffer for months. Your reputation could be harmed, precluding you from future work opportunities.
We cannot simply pluck a figure of compensation from thin air. It has to be grounded in reality and to give yourself the best chance of calculating this, speaking with an experienced data breach lawyer can really provide clarity. So get in touch today for free legal advice.
As part of upholding our rights, the ICO can get involved in serious data breach cases. There is a step by step procedure you could follow if you choose to involve them:
- Firstly, write to the housing association (or Home Group in this case) to raise a complaint about the data breach. The ICO website helpfully provides a template for such complaint letters.
- The housing group may offer to settle compensation with you directly. You are free to accept or reject this. You may get more money if you work with a data breach solicitor.
- The other party has three months during which to provide a ‘meaningful response’. If they fail to do this you can ask the ICO to intervene and apply pressure. The ICO may or may not take up the case. They do not pay compensation. But the weight of their involvement can go a long way to strengthening your case for compensation anyway.
- During this period, you can start to assemble the medical and financial evidence that supports your claim for damage. The more time you can give yourself to do this, the better.
- Finally, you can contact Legal Helpline to discuss involving a No Win No Fee data breach solicitor. Armed with all the evidence, they could calculate and aim for accurate damages against the housing authority in question and you could win compensation for your troubles.
Data Protection Breach Claims Against Home Group
Home Group may have already been subject to claims from some of their affected tenants. They may be willing to settle for any damage that you can prove that their breach has caused you. Speak to us if they are reluctant to engage with your enquiries.
No Win No Fee agreements can benefit people seeking compensation in many different ways. Normally associated with personal injury claims, a data breach solicitor can work in exactly the same way to help you receive compensation.
This means no fees to pay upfront to hire your data breach lawyer, no fees to pay as the case progresses and nothing to pay your lawyers at all if the case fails.
With a vested interest in winning your case, you know that your data breach lawyer is giving your situation their full attention. Their fee is deducted as a small percentage from the total payout amount at the end of a successful case only. It’s in everyone’s interest to win.
You simply have to provide the factual evidence and allow your data breach solicitor to handle the rest. Most cases do not need to go to court and you could receive a settlement amount to cover the pain and distress the data breach has caused you. You have little to lose and possibly much to gain.
Data breach claims can be complex. To ensure that you have the right lawyer working on your behalf, we offer an introductory service to our panel of No Win No Fee data breach specialists with years of experience.
Call the number below and chat over the details of how the Home Group data breach adversely affected your mental health or finances.
The emphasis no longer needs to be on using a local law firm. Communication can happen online with exactly the same level of security, confidentiality and expertise as a face to face consultation. The only difference is that you have given your data breach compensation claim a much greater edge by consulting with us.
Your information should be secure. If you can prove that Home Group failed in that duty, you could hold them responsible. Speak to us today for guidance.
It’s important to note that data breach claims should be legitimate. Its both unfair and unethical to attempt to start a data breach claim simply on the suspicion that Home Group or any other charitable housing association caused you harm through their negligence. Solid evidence must be the foundation of your claim.
To recap on the process if you have this evidence, you should:
- Write to Home Group and outline your complaint about your data being leaked
- Await a satisfactory reply
- If you fail to receive one, you can ask the ICO to investigate
- As you await a satisfactory response, you can decide to build your own claim for compensation with a No Win No Fee data breach solicitor
- Collect all the relevant medical and financial information to prove your claim
- Contact Legal Helpline for an instant start to your claim
We appreciate you taking the time to read this article about data protection breach claims against Home Group. If you feel ready to start a claim and need advice on the best way to proceed, we are available to help you right now. Simply:
- Calling us directly on 0161 696 9685
- Emailing or writing to us at Legal Helpline
- You may also use the ‘live support’ option, bottom right for instant legal help and advice about your data breach.
In this section, we’ve included answers to some questions we often get asked about data breach claims.
What special categories of data are there?
Special category data is classified under GDPR as:
- Any personal data that reveals racial or ethical origins
- Anything that might reveal your political opinions
- Personal data that could reveal philosophical or religious beliefs
- Data about trade union affiliations or membership
- Any genetic data
- Where biometric data is used for identification purposes
- Any personal data that concerns your health
- Information regarding a persons sexuality and orientation
How long might data protection breach claims against Home Group take?
Each claim can vary depending on the complexity of the issues involved. If the defendant admits liability, a data breach claim could be resolved in a short space of time. If the defendant disputes liability, or if the full impact of the damage done to your finances or health isn’t exactly clear, a claim may take longer.
How much time do I have to start my claim?
Data breach cases have 6 years from the date you obtained knowledge of the breach in which to be made, or 1 year if the case involves an infringement of your human rights.
What data is covered by the Data Protection Act?
The Data Protection Act covers any information that is held in hard copy or electronically. Devices are protected, regardless of the owner of that device and so is the use of the data in any given area.
We can offer more advice about GDPR data breach compensation claims here and also information about another housing association data breach involving Watford Community Housing. We also have a useful guide on bank data breach claims.
Furthermore, you can read more about victim support for data breach and how to protect your data better in the future. We are happy to take your call on any aspect of data breach compensation claims. Please refer here for more info about the ICO.
Thank you for reading our guide to data protection breach claims against Home Group.
Guide by JJW
Edited by REB