What are data breach claims against the University of Cumbria? You might not realise it but many educational establishments store a lot of personal information about their staff, students, alumni and supporters. If that information were to reach the wrong hands, it could put the individuals at risk. Therefore, we will consider what harm a data breach could cause, how a university can prevent it and when you might be able to make a data breach compensation claim.
The rules relating to data privacy have been strengthened in recent years with the introduction of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. As a result of these new laws, organisations that use your data are obliged to ensure personal information is stored securely at all times.
If they don’t and a data breach occurs, the Information Commissioner’s Office (ICO) can investigate and levy financial penalties. At the same time, you might be eligible to claim compensation for any harm caused by the data breach.
Legal Expert is here if you need any help starting a claim. Our advisors are specialists in assessing claims without obligation and providing free legal advice. If they ascertain that your claim is strong enough, they could pass it to one of our solicitors who work on a No Win No Fee basis.
If you are already in a position where you would like to begin a claim, please call Legal Expert on 0800 073 8804 today. Please continue reading if you would like more details about data breaches before contacting us.
Select A Section
- A Guide To Data Breach Claims Against The University Of Cumbria
- What Is A University Data Breach?
- The Way GDPR Affects University Data Processing
- How The University Of Cumbria Was Affected By The Blackbaud Data Breach
- How Many Universities Have Had A Data Breach?
- Preventing Criminal Cybersecurity Incidents
- Specified Compensation For Those Affected By Data Incidents
- Calculating Data Breach Claims Against The University of Cumbria
- How Do I Choose A Solicitor Handling Data Protection Cases?
- No Win No Fee Data Breach Claims Against The University Of Cumbria
- How To Start Your Claim
- Learn More About Data Breach Claims
A Guide To Data Breach Claims Against The University Of Cumbria
The way in which you sign up to use a new service, make purchases, book appointments and even join a university have changed since the GDPR was implemented. That’s because organisations need to tell you why they want to process your information and, just as importantly, they have to get your permission first. (Although, they don’t always need your permission.) The way in which they ask can differ depending on what you are doing. You may have to tick boxes on application forms or select options on a website. Doing this may mean the organisation will know whether you allow them to process, store or share your information.
Also, they need to store your personal information securely to try and prevent data breaches. If a data breach does occur, as well as facing an ICO fine, the organisation could find that you want to start a claim against them.
You have 6 years to lodge your claim in most cases. If your case is related to a human rights breach, then you will only have 1 year to claim. You might find it easier to start your claim as early as possible because it’s often much easier to remember the effects of the data breach the sooner you begin.
If you would like us to assess your claim for free, and provide advice on your options, please get in touch when you’ve finished reading this guide.
What Is A University Data Breach?
The definition of a data breach, according to the 88-page GDPR documentation, is when a security problem means that personal information is lost, destroyed, accessed, altered or disclosed accidentally or unlawfully.
Importantly, the GDPR isn’t only concerned with computer data breaches. For instance, if your university stores physical personal data documents in an unlocked filing cabinet, they may have broken data protection rules. The ICO can investigate data breaches and issue fines whether they are caused by illegal, deliberate or accidental acts.
When a significant data breach occurs, the organisation responsible needs to provide information to those affected. This includes telling them:
- When it took place.
- What data was accessed
- How the breach occurred.
They also need to inform the ICO about the breach as well. But not always.
If you’d like to discuss this article on data breach claims against the University of Cumbria, please contact our specialists today.
The Way GDPR Affects University Data Processing
In most cases, a university is a data controller if they store personal information about staff, students, supporters or alumni (the data subjects). According to the GDPR, data controllers need to prove they are compliant with the following principles:
- They process data in a fair, obvious and legal way.
- They acquire the least amount of data possible.
- Any processing of personal information should be secure and confidential.
- They keep information of a personal nature up to date.
- While there is no clear time limit for retaining data, they don’t keep it longer than necessary.
If you believe that you’ve been affected by a data breach because the rules weren’t followed, please call an advisor for free advice today.
How The University of Cumbria Was Affected By The Blackbaud Data Breach
In this part of our guide, we are going to review a real data breach that affected the University of Cumbria. Although the breach didn’t happen onsite, it involved the personal data stored by a cloud computing provider.
Blackbaud realised that personal information had been accessed and identified the fact that some data had been downloaded illegally. Later on, cybercriminals contacted Blackbaud demanding a ransom in return for the destruction of the data.
Blackbaud informed the organisations involved, which included UK universities, who then informed those affected of the potential risks.
The information the hackers accessed included names, email addresses, telephone numbers and addresses. However, one news report said that Blackbaud had admitted that, in a few cases, passwords and payment information may have been hacked too.
In an unusual turn of events, Blackbaud confirmed it had paid the ransom and had been told by the cybercriminals that they had destroyed the stolen data.
Sources:
- https://www.timesandstar.co.uk/news/18621194.data-breach-university-cumbria/
- https://www.bbc.co.uk/news/technology-54370568
How Many Universities Have Had A Data Breach?
A study has recently come to light that examines data security in universities. A security assessmnet company contacted UK universities and through a Freedom of Information, request gained insight into how secure information in universities may be.
The study, based on responses from 86 universities, reports that:
- On average, the universities had a budget of just over £7,500 for training staff on security.
- Over half of the universities (54%) communicated with the ICO about data breaches in the preceding 12 months.
- On average, just over half (51%) of universities proactively train students on security.
- 27% of universities had not undertaken third-party penetration testing in the 12 months before August 2020.
Source: https://www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year
Preventing Criminal Cybersecurity Incidents
As highlighted in the previous section, universities are at threat from malware, viruses, ransomware, phishing, denial of service attacks and other types of cyberattacks. So what steps should they take to try and prevent them? Well, they could:
- Use encryption to protect devices like laptops, tablets or memory sticks so the data they contain cannot be accessed if lost or stolen.
- Keep all hardware, firmware and software up to date.
- Train staff and students on security risks to look out for.
- Use a third-party penetration tester to try and locate physical and network risks before a hacker does.
- Review and renew data privacy policies regularly.
It is true that these steps won’t necessarily be cheap but they could prevent a lot of individual harm and stop the university from facing an ICO investigation and fine.
Specified Compensation For Those Affected By Data Incidents
In this section of our guide to data breach claims against the University of Cumbria, we are going to explain what can be included in a data breach claim. We’ll also look at the amount of compensation you could claim. In general, your case could involve a claim for material damages that aims to recover any financial losses and for non-material damages that looks to compensate you for any psychological harm you suffered because of the data privacy breach.
To get a full understanding of how much compensation you might be entitled to, you will need to have your claim assessed properly. We know from experience that everybody is affected differently.
As well as looking at how much money you have lost following a data breach, your claim could also be based on any potential future costs you could incur because of it. For instance, if you’ve been a victim of identity theft and the thief used your details to take out financial products, your credit file might be damaged for years to come. This could mean it’s more difficult for you to take out a loan or mortgage when needed.
Also, while you could include any psychiatric conditions the breach caused in your claim, you might also need to include longer-term problems as well. That might be the case if a medical specialist says that anxiety, depression, Post-Traumatic Stress Disorder (PTSD) or any other condition are going to mean you’re unable to work at the same level as previously.
All of these considerations might seem time-consuming, but they are important. That’s because as soon as you settle a claim, you are not entitled to ask for more compensation later on. If you’d like all aspects of your claim assessed by a specialist, please call an advisor today.
Calculating Data Breach Claims Against The University of Cumbria
We have shown you why you might be entitled to start a claim following a data breach, so now it is time to look at compensation amounts. Importantly, claimants in data breach cases are allowed to seek compensation for psychological injuries even if they’ve not suffered any financial losses. That ruling was made by the Court of Appeal in the case Vidal-Hall and others v Google Inc [2015]. Any compensation for psychiatric damage should be paid at the same rate as personal injury claims.
To show you the potential settlement figures for different injuries, we have provided a compensation table below. It shows various different injuries and the potential compensation award based on figures from the Judicial College Guidelines. Data breach solicitors and other legal professionals use the JCG to aid them when working out the value of injuries.
Injury Claim | Severity Details | Settlement Range | Additional Details |
---|---|---|---|
General Psychiatric Damage | Severe | £51,460 – £108,620 | In this category, it is unlikely that any treatment will help. The prognosis will be very poor and the claimant will have severe problems coping with life, work and managing relationships. |
General Psychiatric Damage | Moderately Severe | £17,900 to £51,460 | There will be significant problems for the claimant in this category (similar to above) but the medical prognosis will be more optimistic. |
PTSD | Moderately Severe | £21,730 to £56,180 | Claims in this category will mean that the claimant will see significant problems for the foreseeable future. However, with professional help, improvements should be possible. |
PTSD | Less Severe | To £7,680 | Cases in this category generally mean the claimant has nearly fully recovered within a year or two. |
If you wish to claim an appropriate amount of compensation, you will need to supply evidence that shows the true extent of your suffering. A data breach solicitor is unable to do that themselves, so they rely on reports from independent medical specialists. That means that during your claim, you should visit a medical assessment centre. A specialist will examine you by asking questions relating to your suffering. They may also read your medical notes if they relate to your condition. After the meeting, they’ll create a report and send it to your lawyer if you have decided to use one.
How Do I Choose A Solicitor Handling Data Protection Cases?
If you have decided to proceed with a university data breach, the next thing you might want to do is choose a solicitor who can help, but how? In this day and age, many people scour the Internet for online reviews. Others ask colleagues, friends or family for a recommendation while others just choose the closest solicitor’s office.
To make your choice easier and less time-consuming, you could simply give Legal Expert a call. Our advisors are happy to spend time answering any questions you have about the claims process. They’ll also review your case for free. If it is strong enough, they could pair you with one of our solicitors. They are available throughout your claim to answer your questions or explain legal jargon. You will receive regular updates about progress in your case and, of course, your solicitor will work tirelessly to try and achieve the maximum amount of compensation possible for your claim.
Please feel free to get in touch to ask any questions about starting a university data breach. Our advice is free, even if you don’t go on to make a claim.
No Win No Fee Data Breach Claims Against The University Of Cumbria
What is it that puts many people off making data breach claims through a solicitor? For many, it is the risk of losing money to solicitor fees if the claim is unsuccessful. We understand that. It’s a reason why Legal Expert’s solicitors manage the claims they take on on a No Win No Fee basis.
A solicitor will need to review your case before agreeing to work on it. After they have done so, you will receive a Conditional Fee Agreement (CFA) if you are both willing to continue. Your CFA is a contract. It shows you how the claim will be handled. It also shows that:
- You don’t need to pay any fees upfront to your solicitor.
- There are no hidden charges and your solicitor won’t request fees while the claim continues.
- Should you lose your case, your solicitor will not ask for any of their fees to be paid.
To cover the cost of your solicitor’s fees in the event that you win your case, they will keep a small portion of your compensation to cover their work. This is known as a legally capped success fee.
Please let us know if you’re considering making a claim and an advisor will check if you’re eligible to use our No Win No Fee solution.
How To Start Your Claim
If you have come to the conclusion that it’s time to start a claim following a data breach, then Legal Expert could help you do so. To find out more about the ways in which we could support your claim, you can:
- Call us on 0800 073 8804 for advice on your options.
- Ask an online advisor questions about your case in our live chat tool.
- Request a call back at a suitable time when you make your claim online.
- Send an email regarding your case to our team: info@legalexpert.co.uk.
When you call, we will always be honest about your chances of winning your case. This is so that we don’t waste anybody’s time. The process starts with a telephone-based consultation to discuss what happened. During the call, you will receive free legal advice from a member of our team. If the claim appears to be strong enough, they could connect you with a solicitor from our team. Remember, all claims that we accept are handled on a No Win No Fee basis.
Learn More About Data Breach Claims
This the last section of our article on data breach claims against the University of Cumbria. In case you need additional information to help with your claim, we have linked to some external articles below. In addition, you will find some more of our guides relating to different types of claims we could help you with. Please feel free to contact our team if you require any additional information.
Student Privacy Notice – The University of Cumbria’s data protection policy for current students.
Making A Subject Access Request (SAR) – An ICO article that explains how to ask an organisation to provide the information they hold about you.
Talking Therapy – A list of psychological therapies used by the NHS to help with depression, anxiety and stress.
Car Accident Compensation – This article looks at what compensation could be paid for different injuries sustained in a car accident.
Data Breaches – Your Rights – An article that explains your rights if personal information about you is lost during a data breach.
Care Home Negligence – This guide sets out how you could claim compensation for any harm caused by negligence in nursing or care homes.
Other Useful Compensation Guides
- Teesside University Data Breach
- The Arts University Bournemouth Data Breach
- The Open University Data Breach
- Transform Hospital Group Data Breach
- University of Aberdeen Data Breach
- University of Bedfordshire Data Breach
- University of Bradford Data Breach
- University of Brighton Data Breach
- University of Buckingham Data Breach
- University of Cambridge Data Breach
- University of Central Lancashire Data Breach
- Can I Get Compensation For Loss of Medical Records?
- University of East Anglia Data Breach
- University of Edinburgh Data Breach
- University of Glasgow Data Breach
- University of Gloucestershire Data Breach
- University of Huddersfield Data Breach
- University of Hull Data Breach
- University of Kent Data Breach
- University of Lincoln Data Breach
- Data Breach Solicitors
Written by Hambridge
Edited by Victorine