What Are My Rights After A Housing Association Data Breach?

Accident Claims UK can help if a housing association data breach has affected you. A housing association is a not-for-profit organisation that provides lower-cost housing, also known as social housing. Unlike the private rental market, social housing tenants tend to live in their home on a long term or permanent basis. Some social housing tenants are vulnerable individuals who may be elderly or have a disability.

I Suffered A Psychological Injury After A Housing Association Data Breach. What Are My Rights?

What are my rights after a Housing Association data breach guide

What are my rights after a Housing Association data breach guide

It is normal practice for housing associations to collect personal data belonging to tenants, employees and others. However, under the General Data Protection Act (GDPR), organisations must protect the personal data they collect. Therefore, you may be owed compensation if you have been affected by a housing association data protection breach.

In this guide, we will explain how a social housing data breach can happen. And we will show you how to make a valid data breach claim.

Get in touch with Accident Claims UK now to start your claim. Call us on 0800 073 8801 or make an online enquiry to get started. Or continue reading this social housing data breach guide to learn more.

Select A Section

A Guide On Housing Association Data Breach Claims

To operate, housing associations need to collect personal data from tenants, employees and other parties. When they do so, housing associations must follow data protection legislation. This includes the General Data Protection Regulation (GDPR). This is a piece of EU data regulation, which the Data Protection Act 2018 enacts into UK laws.

Under the GDPR, housing associations have the following responsibilities:

  1. Firstly, housing associations are responsible for protecting data they collect.
  2. Secondly, to protect the data, housing associations should have proper data management and cybersecurity systems.
  3. And finally, following a data breach, the housing association may be held liable for any harm caused.

We will look at the key parts of the GDPR in more detail later in this guide.

What Happens If A Tenant’s Data Is Compromised Or Staff Data Is Compromised At A Housing Association?

The victims of the data breach would have the right to claim compensation so long as the breach causes them to suffer. We will explain how data breaches can happen and how to make a data breach claim for compensation later in this guide. What’s more, we will review the Flagship Housing Association data breach.

We could help you if you wish to make a data breach claim for compensation. Contact us today for your free consultation. Our personal injury solicitors could start working on your case on a No Win No Fee basis if we can see you have a formidable claim.

What are the benefits of working with Accident Claims UK?

  • Our solicitors can assess your claim’s worth and negotiate hard to make sure you get the right amount of money.
  • Our solicitors have decades of experience handling compensation claims.
  • If a solicitor takes your case on, they’ll offer you their services under a No Win No Fee agreement.

Data Breach Claims Time Limits

There is a time limit of six years for a data breach compensation claim in the UK. However, the limit is just one year if the data breach was due to a public body such as an NHS data breach or Social services data breach.

Personal Data That Housing Associations Could Hold About You

Firstly, what does personal data mean? Personal data is data that can identify an individual, or be used with other information to identify a person. Below are some examples of personal data that housing associations may collect from their tenants.

  • Tenant (customer) name
  • Home address
  • Email Address
  • Phone number
  • Date of birth
  • Disability status
  • Nationality and national origin
  • Ethnicity
  • Sexual orientation
  • Gender or gender identity
  • Religious beliefs

Some of the data that housing associations collect relates to people’s personal characteristics. This can include ethnicity, sexual orientation or religion. This is considered sensitive personal data. The data subject may suffer prejudice, abuse or hate crimes if this data becomes breached.

Housing associations will also collect job-specific data on their employees, such as job title, start date, bank details and information about personal performance. This means they could also face claims for an employer data breach if they expose data and harm employees by doing so.

What Are Personal Data Breach Claims Against A Housing Association?

A housing association data breach is a security incident at a housing association involving data protection. It can involve an unauthorised party accessing the data, data leaks or data disclosure. It can also involve personal data becoming destroyed, altered, stolen or lost. This can be done without your consent and can be deliberate, accidental or unlawful.

How Do Social Housing Data Breaches Happen?

Many data breaches happen because of human error. A social housing data breach can happen if an employee makes a mistake. For example, an employee may intend to send a letter containing personal information to a tenant but send it to the wrong address. This means that the tenant’s data could be compromised because an unauthorised third party could access it.

Unfortunately, a housing association data protection breach can also take place if criminals attack the organisation. For instance, a housing association may become the victims of a cyber-attack. (This is when criminals use hacking or malware to attack an organisation.) They may carry out the crime to hold the data to ransom or target data subjects for fraud. This can lead to these individuals losing money further down the line.

Victims of a data breach may be eligible to make a data breach claim, providing they can prove suffering. Accident Claims UK can connect you with a data breach lawyer to handle your claim. To begin work on your data claim, call us today to discuss it with an advisor.

What Should A Housing Association Do After A Data Breach?

A data breach by a housing association means that tenant or staff data is compromised. This could violate the privacy and personal security of those involved. Therefore, if a data breach takes place, the housing association should act responsibly. They must inform the Information Commissioner’s Office (ICO) of the data breach within 72 hours if it puts data subjects at risk. What’s more, in such a scenario, they should send notifications to the individuals who have been affected by the data breach.

Does the ICO enforce the GDPR?

The Information Commissioner’s Office enforces the GDPR and other data protection legislation in the UK. They can investigate if a housing association commits a data breach. As a result, they may issue the organisation with an ICO fine.

To prevent personal data breaches, housing associations should follow legislation, such as the General Data Protection Regulation and the Data Protection Act 2018.

Housing associations should do the following when they collect, process and store data from individuals (data subjects):

  • Firstly, housing associations should inform you about the collection of your personal data.
  • Secondly, the housing association must explain their reason for collecting the data. What’s more, the housing association should not use the data for another purpose.
  • In addition, the housing association should keep personal data up to date.

You have the right to make a data breach claim if a housing association compromised your personal data and caused you to suffer. To see if you can begin your data breach claim, call Accident Claims UK to speak with an advisor.

Housing Associations Affected By Data Breaches

Flagship Homes are also known as Flagship Group. Flagship Homes is a housing association that owns over 31,000 homes in the East of England. They have over 1,200 employees and collect personal data belonging to their tenant’s and employees in order to function.

Unfortunately, the Flagship housing association was targeted by cyber attackers in November 2020. Some personal data was encrypted as a result. This data belonged to tenants and employees alike. Flagship Homes publicly stated that they did not believe that the attackers stole any personal data. The company clarified that they believe the attackers used a phishing scam to access the data.

What Happened As A Consequence Of The Flagship Group Data Breach?

The housing association data breach was reported to the Information Commissioner’s Office.

Call Accident Claims UK to talk to an advisor about a data breach that caused you to suffer. We could put you in touch with a skilled data breach lawyer to see that you are owed compensation.

Source: https://www.flagship-homes.co.uk/media/2196/flagship-homes-customer-faqs-241120.pdf

When Do You Have The Right To Claim For A GDPR Breach?

In the UK, the GDPR protects the data privacy of individuals. Therefore if an organisation breaches an individual’s personal data, the victim could have the right to make a compensation claim. You could make a data breach claim for any emotional distress or financial losses experienced due to a housing association data protection breach.

To find out if you could claim, please call Accident Claims UK for free today. An advisor will be able to assess your case in depth. If it’s formidable, they could assign a data breach claims solicitor to start working on your case to see that you are owed compensation.

Rights Of Data Subjects

Under the GDPR, individuals have the right to:

  • Be informed
  • Access their data
  • Rectification
  • Erasure
  • Restrict processing
  • Data portability
  • Object

You also have rights about automated decision making and profiling.

You can read more about your individual rights under the GDPR in this ICO guide.

Evidence Relevant To Data Breach Compensation Claims

What evidence could you provide to support your case? You could use:

  • Confirmation of the breach from the Information Commissioner’s Office.
  • Your social housing data breach notification.
  • Your medical records. They can provide evidence of psychological injury.
  • Evidence of financial losses. They can be provided through financial documents such as bank statements.

There may be other forms of evidence that you have. It’s important to provide proof so that you can be accurately compensated for every loss.

To discuss your evidence options, get in touch for free legal advice.

Housing Association Data Breach Compensation Calculator

Below, we have completed a table with figures from the Judicial College guidelines to give you some insight into what settlement awards could be achievable for specific levels of psychological injury. You would need to attend a medical appointment with an independent medical expert to obtain relevant medical evidence to submit with your claim.

The reason that we have done this is that a legal precedent was set in a case from 2015 that allows for the calculation of data breach compensation for psychological injuries to be completed similarly to personal injury cases. The case in question is Gulati & Ors v MGN Ltd [2015].

Another important case that set a legal precedent  regarding data breach claims was Vidal-Hall and others v Google Inc [2015] The decision in this case means that you could seek compensation for psychological damage caused by a data breach even if you have not suffered financial damage because of it.

Type & Severity Of Psychological InjuryDescription of injury and commentsCompensation Estimate
Less Severe Post-Traumatic Stress DisorderA full recovery should be made within a period of 1 to 2 years.Up to £7,680
Moderate Post-Traumatic Stress DisorderA full recovery should have been made by the time of the claim. There could be some residual effects but these should not be grossly disabling.£7,680 to £21,730
Moderately Severe Post-Traumatic Stress DisorderThis person will have been affected in similar ways, but will have a better prognosis than in the category below. £21,730 to £56,180
Severe Post-Traumatic Stress DisorderThe injury will have led to a lasting and permanent form of psychological injury.£56,180 to £94,470
Less Severe Psychiatric DamageThe settlement will take account any disability that the person is left with.Up to £5,500
Moderate Psychiatric DamageThe affected claimant will have been affected in their ability to carry on with education, training or work. Their personal life may also be affected. £5,500 to £17,900
Moderately severe Psychiatric DamageVictims may experience problems with factors such as working, training, education or relationships. £17,900 to £51,460
Severe Psychiatric Damage (General)Victims may experience a very severe form of psychiatric injury.£51,460 to £108,620

You could get an accurate, free estimation of what you could claim for non-material damages. Simply get in touch with our advisors today.

Non-Material Damages Compensation Under The GDPR

For many people, a social housing data breach can be as traumatic as being mugged or burgled. For example, you may be especially distressed if information about your sexual orientation or gender identity was made public against your wishes. Therefore data breach compensation payouts include non-material damages. This is compensation for any emotional distress or psychological injuries incurred.

Many victims of a data breach also lose money over time. Fraudsters may use breached data records to target data subjects for identity theft. They may be able to access bank details and steal from the victim. Therefore, claimants can also claim material damages to compensate them for any financial losses suffered.

No Win No Fee Personal Data Breach Claims Against A Housing Association

We believe everyone should have the opportunity to fund a solicitor if they feel they need a solicitor’s services. Therefore, our solicitors offer a No Win No Fee agreement. This means that you won’t have to pay for your claim upfront.

Instead, you would pay a success fee only on the condition that you win your claim. This would be formalised by signing a Conditional Fee Agreement.

You could enjoy the following benefits if you make a No Win No Fee claim:

  • No ongoing solicitor fees.
  • You don’t have to pay any solicitor fees if the claim doesn’t win.
  • Access to legal advice.
  • You only have to pay the success fee once the compensation comes through.
  • The success fee is legally capped to a small percentage.

To find out more about making a No Win No Fee agreement, call Accident Claims UK to discuss your predicament with an advisor.

Speak To Our Claims Team

Have you been affected by a housing association data breach? You may be owed compensation. To begin your claim, contact Accident Claims UK using the details below:

Frequently Asked Questions On Breaches Of GDPR Rules

Let’s look at some questions that we are frequently asked about data breaches.

Who is liable for a data breach?

The data controller may be liable for a data breach because they have responsibilities to protect your data. Sometimes a data processor (the body that processes data on the controller’s behalf) can be liable.

What are the consequences of a data breach?

Some individuals may suffer emotional distress as a result of their personal data being breached. What’s more, in extreme cases, people may develop psychological problems. This can include anxiety or depression. Sadly, criminals may also target data subjects for identity theft or fraud. This can lead to further financial losses.

A data breach can also hurt a brand’s public image. Especially if the organisation acted negligently, enabling the data breach to happen.

How Common Is A Housing Association Data Breach?

When it comes to making a claim for a housing association data breach, you might be wondering how common such breaches are. While we cannot deep dive into the statistics relating to each individual housing association, we can give you some statistics on how many data breaches there have been in local government. In quarter 2 of 2021/22, according to the ICO, there were 251 incidents reported from local government. 206 of these were non-cyber related with only 45 incidents relating to cyber security. You can see how this compares below.

housing association data breach statistics graph

The ICO has also given us details of the common causes of data breach incidents. You might be surprised to learn that sending emails to the wrong recipient was the top cause of such incidents in quarter 2. Other top causes included phishing attacks, incidents of unauthorised access and other non-cyber security related causes.


What is a cyber attack?

A cyber attack is when criminals attack an organisation to access its data. The attackers may use a technique called hacking. This involves exploiting existing weaknesses in the system. Alternatively, criminals may use malicious software known as malware to commit a data breach. One example of malware is ransomware, which holds personal data to ransom.

Related Guides

These guides may be helpful if you wish to make a data breach claim.

What Are My Rights After A Pharmacy Data Breach?

A guide to help you claim compensation if a pharmacy has breached your medical records.

What Are My Rights After A Hotel Data Breach?

A compensation claims guide for data breaches at a hotel.

What Are My Rights After A Nursery Data Breach?

A guide to nursery data breach claims.

Dentist Data Breach Claims

Our guide on what to do following dentist data breaches that cause you to suffer.

Comparison Site Data Breach Compensation Claims

A guide on comparison site data breach claims.

Your Rights After A Mortgage Provider Data Breach

A guide about claiming following a mortgage provider data breach.

External Guides Relating To A Housing Association Data Breach

An ICO guide on personal data breaches

A guide to identity theft from the ICO.

Data security incident trends according to the ICO.

Thank you for reading our guide to housing association data breach claims.