East Sussex Council pays out £26,000 in data breach claims amid ‘worrying’ rise

An investigation by DataBreachClaims.org.uk has revealed a stark increase both in terms of human error and cyber-attacks across UK councils.

Data Breach Expert at DBC, Eleanor Coleman says: “This rise is worrying and we hope that organisations are ensuring that they have sufficient security in place to protect people’s personal information.”

Councils are expected to collect, store, use, share and dispose of personal information or data about individuals, in line with General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).

According to the ICO (Information Commissioner’s Office), cyber attacks on local authority systems have increased by 24% between 2022 and 2023.

Personal data breaches reported by Local Governments, it confirms, have skyrocketed by 58% in the same time period.

Security breaches have the potential to put thousands of people’s personal details at risk, potentially harming victims psychologically as well as financially.

Through a series of Freedom of Information Requests to every UK Council, DBC has revealed the local authorities with most reported data breaches as well as those with the highest number of claims brought against them.

East Sussex County Council confirmed a total of 1,415 data breach incidents since 2021. A total of 436 incidents were recorded between 2021/22, followed by 494 in 2022/23.

So far, between 2023- March 24, some 485 incidents have already been logged.

It must be stressed that the majority of these are likely to be for relatively minor issues. These could include emails being sent to the wrong recipient or incorrect disposal of paperwork.

Similarly, not all incidents are reported to the ICO - especially those deemed to have had no real, significant impact.

Personal data breaches are defined as “any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”

Data Breach Claims also asked the council how many cyber attacks it has had within the same time period.

While East Sussex Council confirmed they did hold the information, it chose not to disclose figures due to concerns that it could potentially compromise its cyber security.

The Council did however confirm that it had paid out £26,250 in data breach claims compensation in the last three years.

A total of £18,000 was paid out between 2021/22, followed by £7,250 in 2022/23. A further £1,000 has been paid between 2023-March 2024.

Victims of a breach may be able to claim compensation providing a certain set of criteria is met.

Expert Eleanor Coleman says: “We have noticed an increase in data breaches generally over the last year, both in terms of human error and cyber-attacks.

“We understand that this is worrying and hope that organisations are ensuring that they have sufficient security in place to protect people’s personal information.

“In terms of compensation, this is dependent upon what has happened, the information which has been subject to the data breach and the distress it has caused. A lot of cases can be settled without the need to issue Court proceedings, but if this is necessary, then we would advise clients accordingly.”

DataBreachClaims.org.uk has a team of experts on hand to offer free guidance and advice for anyone with concerns following a data breach.

They operate a 24-hour helpline and live chat service which you can access on their website.