We've been featured in:

University Of Edinburgh Data Breach Compensation Claims Guide

If you’ve been the victim of a data breach, you may have suffered emotional or financial harm or a combination of the two. Did you know that you could make a claim if someone has breached data protection laws in regards to your personal data? We created this guide to give you an understanding of what we mean by data breach claims against the University of Edinburgh.

data breach claims against the University of Edinburgh

In the sections that follow, we offer guidance for those who have suffered psychological harm, such as anxiety or stress, in the wake of a breach. We also look at the financial expense you may accrue due to data breaches.

We explain what personal data is and how breaches happen. We’ll explain the laws that protect your personal data and allow you to claim compensation if your data is breached. We also explore how a lawyer could help you make a claim for a data breach, and how much compensation you could receive.

If you are already looking to begin a claim, or have any questions, we’d be happy to help you. You can reach our expert advisors by calling 0800 073 8804.

Select A Section

A Guide To Data Breach Compensation Claims Against The University of Edinburgh

Whether you attend the University of Edinburgh as a student, are a member of its alumni, or work there, your personal data could be processed and held by the university. Just like other data controllers and processors, universities must abide by data privacy and security laws. These include the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. If you suffer financially or emotionally because of a data breach, these laws could allow you to claim compensation for the harm you’ve suffered.

This guide explains what you may need to know before you go ahead with a data breach claim. We explain what a breach is and how it could happen. We include some information about university data breaches that have happened in the past. In addition, we offer insight into:

  • The laws that universities must abide by.
  • The harm a data breach could cause.
  • How much compensation you could claim. 

We also introduce you to our No Win No Fee service and outline how we could help you get the compensation you deserve for the harm a university caused you following a data breach. If you’d like to find out more about this guide to potential data breach claims against the University of Edinburgh, call our advisors. They’re available on the number at the top of the page. They offer free legal advice and are here to speak to you whenever you’re ready. 

What Is A University Of Edinburgh Data Breach?

Data privacy is something we should take seriously. As we give our personal data out to organisations that need it to provide us with certain services, we would expect them to protect it.

However, if something goes wrong, and someone breaches the security of our data, our personal information could fall into the wrong hands. This could have all sorts of unwelcome consequences. But what personal information could be included in a breach, how could it happen, and what consequences could there be?

Personal Data Explained

The Information Commissioner’s Office (ICO) states that personal data is information relating to people who:

  • Could be directly identified from it.
  • Could be indirectly identified by it in conjunction with other data.

Personal data could include a person’s title, name, address, IP address, contact details and more.

What Is A University Of Edinburgh Data Breach?

According to GDPR, a potential data protection breach could include a personal data incident where the data in question is:

  • Lost
  • Made unavailable
  • Stolen
  • Accessed, disclosed, processed, transmitted, stored or altered without authorisation

How Could A Breach Happen?

There are various potential causes influencing a potential University of Edinburgh data breach. These could include:

  • Password, ransomware or malware attacks on the University of Edinburgh’s computer systems.
  • A University of Edinburgh phishing attack.
  • Theft or loss of computer equipment.
  • A DDoS (Denial of Service) attack.
  • An employee’s negligence or action.
  • A hacking.

These are just a few examples. Whether you’ve been affected by a malware attack or the data breach occurred due to another type of data protection breach, you could be eligible to claim compensation. This is providing it caused you to suffer psychological or financial harm.

What Could Result From A Data Breach Incident?

Depending on the nature and severity of the breach, there could be several unwelcome consequences, including:

  • Identity fraud – if a third party gains access to personal information that is sufficient for them to commit identity fraud, this could result in them taking out credit cards/loans in the victim’s name.
  • Theft – if a third party is able to use breached data to access a victim’s bank accounts, they could steal from the victim.
  • Distress – victims of data security breaches could feel anxious, lose sleep or become stressed as a result.

If you’ve suffered any of the unwelcome consequences above due to a data breach, we could assess whether you could be eligible to claim compensation for it. If you have questions about this or our guide to possible data breach claims against the University of Edinburgh, call today.

What Data Does The GDPR Relate To?

GDPR is arguably the strictest data privacy and security law in the modern world. It came into force in 2018 and, in effect, protects the personal data of all EU data subjects. The GDPR was enacted into UK law via the Data Protection Act 2018, so is still applicable post-Brexit.

All organisations, bodies or people that process and store data subjects’ personal information are classed as either data controllers or data processors. They must comply with GDPR’s 7 principles, which are:

  • Accountability
  • Accuracy
  • Confidentiality/Integrity
  • Minimisation
  • Purpose limitation
  • Storage limitation
  • Transparency, lawfulness, and fairness

Non-Compliance

There are strong penalties for non-compliance with GDPR. Universities, as organisations that process and hold personal data, could face enforcement action from the Information Commissioner’s Office if they seriously breach GDPR. Penalties could include fines and investigations. 

In addition to this, GDPR makes it possible for victims of a data breach to claim for material (financial) and non-material (psychological) damage.

Examples Of Which Universities Have Been Affected By Data Breaches

Unfortunately, a robust University of Edinburgh information security policy may not always be enough to ensure the security of alumni, staff or students’ data. That’s especially since a third-party supplier could cause a university data breach. One such data breach that occurred early on in 2020 involved a database service provider.

Blackbaud Hack

The Blackbaud hack occurred because of a ransomware attack. The attackers stole the data of staff, students and alumni from the following universities:

  • The University of York
  • The University of Reading
  • University College, Oxford
  • The University of London
  • The University of Leeds
  • Oxford Brookes University
  • Loughborough University
  • The University of Exeter

While Blackbaud paid the perpetrator in confidence that they’d destroyed the breached data, it had still been subject to unauthorised access.

Source: https://www.bbc.co.uk/news/technology-53528329

University of East Anglia

This is not an isolated incident, however. According to reports, the University of East Anglia had to pay £140,000 to students who had their personal health problems, bereavements and other issues disclosed when an email including an attachment containing the data was sent in error to nearly 300 people.

Source: https://www.bbc.co.uk/news/uk-england-norfolk-51284352

University of Greenwich

Another university data breach led to the University of Greenwich being fined £120,000 by the Information Commissioner’s Office in 2018. A student had reportedly set up a microsite in 2004 for a training conference. Unfortunately, the site was not secured effectively, and attackers compromised it years later. In 2016, attackers exploited the site to access other areas of the webserver. They accessed the personal data of nearly 20,000 people.

Whether you’ve been affected by a data breach involving situations similar to the above, or have suffered financial or emotional harm because of a different type of data breach, we could help.

Our advisors are on-hand 24/7. They could connect you with a data breach solicitor who could fight for compensation on your behalf. They could also discuss anything raised in this guide to potential data breach claims against the University of Edinburgh 

Statistics On Rates Of Data Breaches Affecting Universities?

A study conducted by Redscan has uncovered some shocking statistics relating to universities and cybersecurity. They collated data from answers to Freedom of Information requests sent to 86 universities and found that:

  • In a period of 12 consecutive months covering 2019/20, 54% of universities in the UK had reported a breach to the ICO.
  • When it comes to security awareness training, only 46% of university staff received security training. And, only 51% of students are given security training.
  • Internet service provider Jisc conducted penetration tests in 2019 and accessed the data of over 50 universities in less than 2 hours.

Source: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf

Criminal Cyber Attacks

The University of Edinburgh should have a data management plan that is robust and takes into account the importance of personal data protection. They should also have a data protection officer, and a data protection breach procedure in place to notify students, staff and alumni.

Their plan should involve their strategies to manage common cybersecurity risks such as:

  • Viruses and malware – if dangerous code makes its way onto servers or other computer systems, this could compromise personal data security.
  • Stealing of information – if unauthorised users access university systems, they could steal personal or research data that could be highly sensitive.
  • Keystroke recording attacks – if someone puts a keyword recorder onto an authorised user’s system, they could use it to record passwords so that an unauthorised user could gain access.
  • Ransomware – the perpetrator could demand payment for the return or destruction of hacked data.
  • Phishing – where users have been directed to a fake site to input their login details which looks legitimate. Once they have entered their details, a third party could then retrieve them.
  • Password attack– if password guessing software manages to obtain a password for an authorised user’s account, this could lead to them gaining access to university systems.
  • Denial of service – this type of attack could lead to authorised users being unable to access their data.

If you’ve experienced any of the breaches above, or another type of data breach, you could claim compensation for the harm it has caused you, emotionally and financially.

How The Victim Of A Data Breach Could Be Compensated

GDPR makes it possible for anyone who has suffered material and non-material damage to claim compensation for a data breach that has caused them such harm. But what could these damages include?

  • Material damages – if someone stole money from you through a data breach, or someone has made fraudulent purchases in your name, for example, these could represent quantifiable financial expenses, which we may class as material damages.
  • Non-material damages – these could be more difficult to quantify. Non-material damages could relate to a loss of privacy, depression, stress and anxiety or loss of sleep caused by a data breach.

Claiming For Emotional Damage

The reason it could be possible for you to claim psychological harm caused by a data breach is that a legal precedent was set in 2015. The case in question, Vidal-Hall and others v Google Inc [2015], involved the Court of Appeal addressing the issue of psychological harm caused by data breaches. Previously, financial damage was required in order to claim psychological harm too. The Court changed that position. Now, a claim can be made for either.

This is why people who have suffered stress, depression, and anxiety as a direct consequence of a data breach could include such damages within their claim.

Calculating Data Breach Claims Against The University of Edinburgh

Calculating compensation for financial damage would largely involve assessing the actual losses. You could use documents such as credit card statements to prove your financial losses. 

When it comes to assessing the impact of a breach on the emotional health of a data breach victim, this would involve a professional medical assessment. If you intend on claiming for distress or other psychiatric conditions, you’d need to be examined by an independent medical professional. They would assess the level of psychological damage suffered and write a report that you could use to evidence the injuries. This report could also allow lawyers to come to an appropriate settlement for your injuries.

To give you an idea of the levels of compensation that could be appropriate for these injuries, we have created a table using figures given by the Judicial College Guidelines. This is a publication that solicitors and the courts could utilise to come to a settlement amount. 

Edit
Injury Approx Compensation Guide Level Of Severity
PTSD £56,180 to £94,470 Severe
PTSD £21,730 to £56,180 Moderately severe
PTSD £7,680 to £21,730 Moderate
PTSD Up to £7,680 Less severe
General psychiatric damages £51,460 to £108,620 Severe
General psychiatric damages £17,900 to £51,460 Moderately severe
General psychiatric damages £5,500 to £17,900 Moderate
General psychiatric damages Up to £5,500 Less severe

It should be noted, however, that the Judicial College Guidelines are used in England and Wales. Claims made in Scotland may attract slightly different compensation figures. We can advise you on those figures if you get in touch with our data breach claims advisers. Simply call us on the number at the top of the page to find out more.

How Do I Choose The Right Solicitor?

If you’re a student or member of staff at the University of Edinburgh, you may have been issued with a data protection handbook that reveals what action you should take if you believe your data has been breached.

You can contact the ICO if you’re concerned about how a university handles your personal information. In the event of a data breach, the organisation should report it to them and investigate it. If you report a University of Edinburgh data breach and the response you get from the university is not acceptable, you could escalate your complaint to the ICO and ask them to investigate.

Requesting Compensation

You can request compensation for a data breach without a lawyer. However, there are certain benefits to having legal support on your side, which is why many claimants prefer the use of a lawyer. Benefits could include:

  • Your lawyer taking on all the legal legwork, meaning you don’t have the stress of going it alone.
  • The lawyer ensuring you take action within the relevant time limit – 6 years for data breaches and 1 year for human rights breaches.
  • Your lawyer’s assistance in working out and negotiating the highest payout possible for your case.

Choosing Your Lawyer

Here at Legal Expert, we can take the pain out of trying to find a lawyer to help you. We would listen to what has happened to you and offer a free eligibility check on your case to determine whether you could claim compensation. If we believe your case is valid, we could provide you with a data breach lawyer that could help you in your fight for compensation.

We have been providing such services for many years, and come highly recommended by our previous clients, as you can read on our reviews page. Our data breach solicitors are well-versed in fighting for the compensation our clients deserve. And they all work on a No Win No Fee basis, which means you don’t have to pay them upfront to begin your claim.

If you’d like to enquire about anything in our guide to possible data breach claims against the University of Edinburgh, get in touch today at no charge.

No Win No Fee Data Breach Compensation Claims Against The University of Edinburgh

If you were considering claiming for the harm you’ve suffered from a data breach, you might be interested to know that, with Legal Expert, as mentioned, you would not have to pay a solicitor upfront to begin your claim. All of our solicitors work under No Win No Fee payment terms. That means you’d only pay them if your case successfully resulted in a compensation payout.

This type of claim is documented under a Conditional Fee Agreement (the formal name for a No Win No Fee agreement). Your lawyer would send you the agreement document to sign and return to them at the start of your claim. Within the document, you’ll find details of the success fee you’d agree to pay your solicitor if they achieve a payout for you. This would be a small fee, and the law keeps it capped.

Once you return the signed agreement to your solicitor, they would be able to start working on your case. If your claim is successful, the success fee would be deducted from your settlement.

Should your case not result in a payout, you wouldn’t pay this fee; nor would you pay any of the costs incurred by the lawyer while they were fighting your data breach claim.

We understand you may have further questions about No Win No Fee claims. We have produced a guide that explains more about these terms, which you can take a look at here. Otherwise, feel free to call our expert advisors, as we’d be happy to answer questions over the phone too.

Talk To An Expert

It couldn’t be easier to get the help and support you are looking for. We offer a number of ways for you to contact us about your claim. You can:

We look forward to helping you.

Resources On Data Breach Claims

SAR  – Subject Access Request Information – The ICO website shows you how to make a subject access request from an organisation that has your data.

Information Compliance Reporting Information – The ICO also gives guidance on reporting non-compliance with data protection laws.

Worried About Your Personal Data? – If you have some concerns about how an organisation or someone is using your data, this guide could help you.

Data Loss Claims – A breach of data could result in data loss. Find out if you could claim for a loss of your personal data.

Data Breaches By Employers – This guide offers useful information for those who have had their data breached by their employer.

Data Breach Distress – This guide offers further insight into claiming for stress caused by a data breach.

Other Useful Guides

Thank you for reading our guide to potential data breach claims against the University of Edinburgh.

Written by Jeffries

Edited by Victorine