We've been featured in:

University Of Aberdeen Data Breach Compensation Claims Guide

When you attend a university, a lot of your personal information will be recorded and kept on file for educational purposes. When you leave, some of your information might also be retained on third-party databases so that the university can keep in touch with you. While that’s not usually a problem, this guide is going to show how a University of Aberdeen data breach involving such a database could potentially place its students and alumni at risk. If any harm results from a data breach, those affected could be entitled to seek data breach compensation if they can evidence their case.

University of Aberdeen data breach claims guideSince the General Data Protection Regulation or GDPR was passed into UK law by The Data Protection Act 2018, the rules on how organisations use your personal information have tightened. They could now face a massive financial penalty if the Information Commissioner’s Office (ICO) find that they have broken data protection rules. As an ICO investigation could provide useful evidence to support a compensation claim, we’ll look at what powers the ICO has later on in this article.

Legal Expert specialises in handling data breach claims. Our team provide free claims advice while assessing claims on a no-obligation basis. If your claim appears to have strong grounds, we could connect you with one of our data breach solicitors who’ll operate on a No Win No Fee basis if your claim is taken on.

To discuss your data breach claim today, please call us on 0800 073 8804. Alternatively, you’ll find more information about claiming for an alumni data breach if you continue reading.

Select A Section

A Guide To University Of Aberdeen Data Breach Claims

When you do just about anything these days, you’ll probably have some form of interaction relating to the GDPR. You might not notice it but they happen when you make an online purchase, visit a website, visit the doctor or enrol on an education course.

The reason why you have to tick boxes or click buttons on a website to agree to certain things is that the GDPR states that your permission has to be granted before a company or organisation can process personal information about you, store it or pass it on to others. What’s vital is that once you’ve told the company of your preferences, they adhere to them.

Additionally, the GDPR requires your information to be kept securely so it doesn’t get leaked into the wrong hands. If it does, it could be possible for you to ask for compensation for any harm caused.

When making a data breach claim, you’ll need to be aware of the relevant time limits. For most cases, there is a 6-year limitation period. However, should your claim relate to a breach of your human rights, you will only have 1-year to claim. Our solicitors would always advise you to start your claim as soon as you’re able to because you’re likely to find it a lot easier to recall what happened and how you suffered. Also, a solicitor will probably have an easier job obtaining supporting evidence the sooner they begin.

Once you’ve completed this article about claiming university data breach compensation, why not ask Legal Expert to review your claim? We offer completely free legal advice and your claim will be assessed, on a no-obligation basis, by one of our specially trained advisors.

What Is A University Of Aberdeen Data Breach?

When we talk about data breaches, it is fairly common to assume that it has been caused by a cyber-attack, hacking or another form of computer issue. However, data breaches can also involve physical documents like student records that are kept in a filing cabinet.

The GDPR definition states that a personal data breach happens when a security flaw causes personally identifiable information to be accessed, altered, lost, destroyed or disclosed in ways that were not authorised.

The cause of a data breach may be accidental, deliberate or illegal. Whatever the cause, though, the ICO could issue a fine to any organisation responsible for the unwanted disclosure of personal information.

Later on, we’ll look at a case involving Aberdeen University, as well as other organisations, where a database used to help raise donations from its alumni was hacked. The developer of the software, Blackbaud, admitted that credit card details, names and addresses could all potentially have been accessed.

If you would like us to look at whether you’ve got a valid compensation claim for a university data breach, please discuss your case with a member of our team today.

How The GDPR Protects University Students And Staff

The GDPR is a vast document at over 88-pages long. While it contains some complex legal terminology, it also defines some important roles relating to personal data. They include:

  • A data subject: the person whose personal data is to be processed.
  • The data controller: an organisation responsible for explaining why data is required and defining how it will be processed.
  • A data processor: an individual or company who will carry out processing on behalf of a data controller.

Also, there are several data principles defined which the data controller needs to adhere to, including:

  • The data subject needs to be told of the reason why their information is required.
  • Processing of personal information should be legal, transparent to the data subject and fair.
  • All personal information which is stored needs to be kept up to date.
  • When processing is carried out, it needs to be secure and confidential.
  • Excessive data collection is not allowed – only a minimum should be processed.
  • The processed data can only be stored for as long as necessary.

If you believe you’ve been the victim of a data breach that has caused you some form of harm, please let us know and we’ll take a look at your options with you.

Examples Of University Cyber Attacks And Data Breaches

Now it’s time for us to look at the Blackbaud data breach which has affected the University of Aberdeen and other organisations who use the software. The database is used to allow organisations like universities to manage relationships with its alumni and to manage fund-raising.

The provider of the software became aware of a ransomware data breach in May 2020. It identified that a cybercriminal had accessed its systems and taken data from the backup servers. It is thought that the data was removed at some point between February and May.

The information that was accessed included personal information like telephone numbers, email addresses, names, addresses, family information and education records. A later news report stated that Blackbaud had admitted that payment information and passwords could also have been stolen in the attack. It also conceded that not all payment information had been encrypted when it was stored in the database. The report went on to explain that the company had paid a ransom to the data thieves and they believed therefore that the data had been completely destroyed.

As per protocol, the Information Commissioner’s Office was brought in to investigate how the breach had happened. They reported that 166 UK companies or organisations had been affected including universities, schools, charities and trusts.

Once the breach had been identified, Blackbaud took steps to inform its customers. In turn, they contacted any individuals who might be affected and explained what steps should be taken.

Source (1): https://www.eveningexpress.co.uk/fp/news/local/rgu-and-aberdeen-university-alumni-data-hit-by-breach/

Source (2): https://www.bbc.co.uk/news/technology-54370568

University Data Protection Breach Statistics

You might think that data breaches are quite rare especially when you consider the tighter restrictions imposed by the GDPR. However, one study suggests that up to 54% of universities in the UK informed the ICO of data breaches in the year ending August 2020.

A worrying number of university staff (54%) have not received any formal data protection training and the budget for training is only just over £7,500 a year on average. The survey also reported that security training for students was only proactively carried out at 51% of the universities who responded (37% do provide data security advice for students who ask for it).

As well as holding personal information for all of the staff and students at a university, many conduct research and trials which could involve large amounts of sensitive personal data which makes the lack of investment in data training worrying.

The report indicated that the most common type of cyber-attack was phishing where malicious links are hidden in emails to try and tempt the user into divulging login details or downloading dangerous software.

Source: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf

While we’re not security experts, we could help you if your personal information has been exposed because of a university data breach. To start the ball rolling, why not call us today to find out whether we could help you start a data breach claim.

Criminal Data Attacks Against UK Universities

So, what can universities do to reduce the risk of further cyber-attacks? Well, they could:

  • Improve security training for both staff and students who use the IT infrastructure.
  • Invest in up to date IT equipment.
  • Hire a penetration tester to help identify flaws in their current system and to make changes accordingly. Penetration testing can help identify physical risks, such as unlocked server rooms, as well as software issues.
  • Encrypting memory sticks, tablets and laptops so that the content they hold is secure if they are lost or stolen.
  • Review their security policies regularly.

Taking these steps could help reduce the risk of the sensitive data held by universities making it into the public domain.

It’s important to note that not all data breaches relate to information held on computer systems. For instance, if physical documentation containing personally identifiable information isn’t disposed of securely, it could cause just as much harm as digital data if it gets into the wrong hands.

How You Could Be Compensated If Affected By A University Data Breach

There are usually two different things a solicitor could claim for relating to a data breach: Material and non-material damages.

Material damages are claimed when you’ve lost money following the data breach. Non-material damages are sought when you’ve been psychologically injured by the breach.

As every claim is unique, your solicitor will need to assess exactly how you’ve been affected. They’ll look at any impact that’s already been caused as well as looking at any potential suffering that might occur in the future. It’s important to get this part of the process right because you can only make a single claim.

To try and ensure the correct amount is claimed, a list of financial losses you’ve already sustained will be collated. In addition, there will be an assessment of any costs you might incur in the future. This could happen if your information has been used by cybercriminals and has a negative effect on your credit file, meaning you might have to pay higher interest on financial products in the future.

When claiming for the injuries you’ve suffered, independent medical specialists will be used to try and find out how any anxiety, depression or stress caused by the data theft has impacted your ability to cope (with life, work or education) and whether it’s caused any problems with your relationships. Again, any ongoing issues could also be factored into your claim.

We advise anybody who’s thinking of making a data breach claim to work with a legal specialist so that their claim is assessed properly. If you would like to find out whether you could be entitled to compensation, why not ask an advisor today?

Calculating Data Breach Claims Against The University Of Aberdeen

You might be wondering how much compensation you could receive for a personal data breach. Well, we can’t tell you exactly as no two cases are the same. However, we can give you some idea of potential compensation for psychological injuries using the table below. It contains data from the Judicial College Guidelines which is a document that legal professionals use to help determine compensation amounts.

Edit
Claim Type Level Range of Settlement Additional Information
Psychiatric Injuries There are four main factors used to determine compensation for psychological damage. They are: 1) Whether the claimant is able to cope with life, education or work; 2) What impact there has been on relationships 3) Whether any type of treatment is likely to help; 4) The medical prognosis.
Psychiatric Injuries Severe £51,460 to £108,620 The claimant will have serious problems with the factors described above leading to a very poor prognosis.
Psychiatric Injuries Moderately Severe £17,900 to £51,460 The prognosis will be more optimistic than above but there will still be significant issues with all factors.
Psychiatric Injuries Moderate £5,500 to £17,900 The claimant will receive a good prognosis in this category as there will already have been a good level of recovery.
Psychiatric Injuries Less Severe Up to £5,500 The amount awarded in this category will depend on how long the victim was affected and the extent in which sleep and daily activities were affected.

Unlike other types of claim, you could claim for the injuries listed even if you haven’t suffered financially. That rule was set out in the case of Vidal-Hall and others v Google Inc [2015] at the Court of Appeal.

To help determine which compensation amount you’ll claim for, you’ll be booked in for a local medical assessment by your solicitor during the claims process. At the meeting, you’ll be asked questions by a medical specialist who’ll also review any medical records available to them. After the appointment has ended, the specialist will prepare a report detailing their findings and send it to your solicitor.

How To Find A Solicitor Conducting University Data Breach Claims

If you are considering making a claim for the harm you’ve suffered following a university data breach, you may wish to find a solicitor to help you. Where do you turn though? Do you ask your family to recommend a solicitor, pick the closest law firm or look through pages and pages of online reviews?

Taking any of these actions could result in you finding a solicitor who’ll take on your claim, but they could also take a lot of time and not result in a positive outcome. Alternatively, you could make things easier on yourself by making one call to Legal Expert.

When you contact us, you’ll be able to discuss your claim with a specialist advisor and ask as many questions as you like. If your claim is taken on, you’ll be given a data breach solicitor to work with who will be available throughout your case to answer any questions. You’ll also receive regular updates about any progress with your case. The key aim of our solicitors is to try and obtain the maximum compensation possible for your claim.

To find out more, please call us today or take a look at some of our reviews here.

No Win No Fee University Of Aberdeen Data Breach Claims

We know that you might be sat reading this article with a nagging worry at the back of your mind regarding the cost of making a claim. Fear not, our team of specialist solicitors handle each claim they accept on a No Win No Fee basis. That means your financial risk is lowered and, in turn, the claim will be less stressful.

Before accepting a claim, a solicitor will review it to see if it has a reasonable chance of success. If they are happy to take the claim on, and when you’re ready to continue, a Conditional Fee Agreement (CFA) will be drafted for you. Your CFA will explain what work will be carried out for you and also that:

  • There are no upfront costs to worry about.
  • You won’t be asked to cover any solicitor’s charges while the claim is ongoing.
  • If the claim is lost, you won’t be asked to pay any of your solicitor’s fees.

In cases where your solicitor wins compensation for you, they’ll deduct a small percentage to cover the cost of their work. In the CFA, you’ll see this listed as a success fee. The percentage you’ll pay (which is legally capped) will be set out so you won’t be surprised when the claim is settled.

To find out if you can claim using a No Win No Fee agreement, please contact Legal Expert today.

Speak To A Data Breach Claims Expert

If you would like to begin an Aberdeen University data breach claim today, why not contact the team at Legal Expert for completely free advice? To do so, you can:

  • Call one of our data breach advisors on 0800 073 8804.
  • Make use of our live chat option.
  • Email us with information about your claim to info@legalexpert.co.uk.
  • Ask one of our team members to call you back when you begin an online claim.

If you do get in touch, one of our specialists will listen to what’s happened and look at any evidence you are able to supply. If the claim is strong enough, it could be passed on to one of our specialist data breach solicitors for a more thorough review.

Related Guides

Thank you for visiting and reading this article about claiming for a University of Aberdeen data breach. To assist you further, we’ve added some links and guides below that might prove useful now or in the future. If there is any extra guidance you would like relating to data breach claims, please don’t hesitate to ask.

Obtaining Exam Result Information – Advice from the ICO on how students can find out how their exams were graded.

Clinical Depression – NHS information on what causes depression, how it is diagnosed and what treatments are available.

University of Aberdeen Privacy Statement – Contains details of how personal information is used by the university.

Employer Data Breach Claims – A detailed look at when you could claim if your employer breaks data protection rules.

Negligent Doctor Claims – Information on how to claim damages if you’ve been injured due to a doctor’s negligence.

Claiming For An Accident At Work – Details on why compensation could be paid if you’re injured at work.

Other Useful Compensation Guides

Guide by Hambridge

Edited by Billing