This guide about making potential data breach claims against the University of Suffolk aims to give information to help you. We will look at what data breaches are, how they happen, and the effect they can have on your life.
You will learn about the process of starting a claim for a breach of data protection, and how we could help you.
Whether an employee of the university exposed your data accidentally, it was accessed by cybercriminals, or any other reason for the breach, this guide could help.
Your claim, like all claims, would be based on its own unique set of circumstances. This means we may not answer all of your questions in this guide.
However, we do offer an alternative: our claims line is open 24 hours a day, 7 days a week. If you have evidence of a valid claim, you can talk to an advisor on 0800 073 8804 to have all of your questions answered. You can also use our live chat on this page to get instant guidance.
Select A Section:
- A Guide To Data Breach Claims Against The University Of Suffolk
- What Is A Data Breach Claim Against The University Of Suffolk?
- How The GDPR Applies To University Data Security
- Examples Of How Universities Have Been Affected By Breaches Of Data Protection
- Statistics About Breaches Of Data Protection
- Claims For Breaches In Cybersecurity
- What You Could Claim For A Breach Of Data Protection And Privacy
- Calculating Compensation For Data Breach Claims Against The University Of Suffolk
- Finding A Solicitor To Handle Your Cybersecurity Breach Claim
- No Win No Fee Claims Against The University Of Suffolk For Data Breaches
- Talk To Our Experts
- Related Services And Information
A Guide To Data Breach Claims Against The University Of Suffolk
The aim of this guide is to equip you with the knowledge that you need to make a claim for a data breach by a university.
We begin the guide with background information on data breaches. Including what they are, how they occur, and the effect that can have on your personal life. We also discuss the steps you may need to take to recover from a data breach.
Moving on, we cover the main data privacy and security laws in the UK, how a university should comply with them, and the rights they give you if your data is exposed. We back this up with information on previous university data breaches, with some statistics as well.
The last sections of this guide move on to look at information related to the claims process. We summarise the main reasons for making a claim and then go over some of the reasons why you might be able to seek data breach compensation.
You will find an example compensation table. It shows how, generally, the more harm you suffer psychologically, the more compensation you could claim for it. You will find some advice on how to start your claim, as well as a full overview of how a No Win No Fee claim works.
Claim Time Limits
Something you need to know is that there will be a time limit you must start your claim within. Time limits change depending on your circumstances. For example:
- If your claim involves a breach of human rights, you have 1 year from the date you obtained knowledge of the data breach.
- If it didn’t involve a breach of human rights, you have 6 years.
Call and talk to our team to find out which could apply based on your own unique situation.
More Help & Advice
We understand that you may prefer to talk through your specific case with an expert for free. Because of this, our advisors are available at any time, any day of the week. If you have evidence of a valid claim, reach out to us on the contact number at the top of the page for free legal advice at a time that is suitable for you.
What Is A Data Breach Claim Against The University Of Suffolk?
A data controller decides why and how your personal data will be processed. As such, a university could be seen as a data controller. The data controller has a responsibility to protect your personal data as well as ask your permission to process it.
Therefore, you could make a data breach claim against a university if you can prove the data breach caused you to suffer psychologically or financially.
What Is A Data Breach?
Personal data is any information that could be used on its own or alongside other information to identify you. Examples include:
- Names
- Addresses
- Email addresses
- Medical information
- Student ID numbers
A data breach happens when personal data that is processed by an organisation is destroyed, lost, altered, disclosed or accessed following a security breach. This can be done accidentally, deliberately or unlawfully.
At a university, personal data could include that of students, staff members, alumni or others affiliated with the university.
There are rules and regulations in place that are designed to minimise the chance of a data breach happening. However, sometimes compliance can slip and expose universities to a data breach.
How Does A Data Breach Happen?
There are many ways that a data breach can happen.
- An employee of the university might expose personal data in some way. For example, they may email it accidentally to somebody who is not supposed to have it.
- Lax practices related to computer security or network security could lead to a data breach if cybercriminals are able to exploit vulnerabilities and access personal data.
In either case, it could be the university that is liable for mental harm or financial loss that the data breach causes.
How The University Could Cause A Data Breach
There are many ways that a simple mistake on the part of a member of the university staff, for example, can lead to a data breach. Some examples include:
- Throwing away a storage device that your data was stored on, without first wiping the data. A USB stick or external hard drive, for example, could be accessed by an unauthorised person.
- Losing a laptop or other device that had your data stored on it could also mean that someone could access your data.
- A letter containing your personal information, such as your student number, could be sent to the incorrect address and accessed by an unauthorised recipient.
- Accidently placing your personal data somewhere that is accessible to the public. For example, putting it on an intranet site that is accessible to people who’re unauthorised to access your data.
A Data Breach Due To Bad Cybersecurity
The university has a responsibility, under the Data Protection Act 2018, to take steps to make sure that the data it stores is secure. This means they should follow data security best practices, and proactively identify and rectify security vulnerabilities. When this doesn’t happen, a data breach can occur. Breaches caused by poor cybersecurity can include:
- Man-in-the-middle attacks – sitting secretly between the connection of two parties (such as a university and a student) and intercepting personal details from victims.
- Phishing attacks – aimed at tricking the recipient into divulging personal information.
- Drive-by attacks – that try and trick a user into downloading malicious code that can leave them open to a cyber attack.
- A password hack – cracking passwords using various techniques.
- SQL injection – the insertion or injection of a SQL query that can read sensitive data.
- Packet sniffing – the practice of using packet sniffing software or hardware tool to read data being sent and received across a network.
The Effects Of A Data Breach
What happens if you become the victim of a university data breach in the UK? Well, it depends on what data was exposed and how you were affected. Some personal data that we share with organisations, institutions and companies can include:
- Your passport information.
- Credit and debit card details.
- Bank account details.
- Email, telephone number and postal address.
- Your National Insurance (NI) number.
Using certain data, it could be possible for a cybercriminal to steal your identity. If certain personal data is accessed, a criminal could use it to:
- Gain access to your savings and bank accounts.
- Use your cards to make purchases online.
- Apply for loans or credit.
- Hire a car.
- Book tickets.
Data Breach Recovery
If you have been the victim of a breach of data privacy, then it could be very stressful. It could cause you to suffer financially or psychologically. However, if you make a claim and can evidence these damages, you could recover data breach compensation. To find out more, get in touch with our team.
You could also call our advisors for advice about your justifications and evidence for making data breach claims against the University of Suffolk.
How The GDPR Applies To University Data Security
Before the UK left the EU, the General Data Protection Regulation was introduced. It was enacted into UK law through the Data Protection Act 2018.
This means any data controller’s data breach policy should be driven by these rules and regulations. Compliance with the UK GDPR is compulsory for data controllers and processors (parties that process data on the controller’s behalf).
If a university fails to meet its obligation to comply with data protection law, this may lead to a data breach. And if it does, a victim of the data breach, such as yourself, may be able to make a data breach claim providing you can evidence that you’ve suffered mental harm or financial loss.
The Information Commissioner’s Office
When it comes to reporting data breaches, there is a special body that takes responsibility for enforcing GDPR in the UK: the Information Commissioner’s Office (ICO). The ICO can take punitive actions, such as levying fines, against an organisation that fails to comply with GDPR.
As a data subject (someone whose data is processed), you can make a complaint about a data breach directly to the ICO. However, you should contact the university first. If you don’t get a satisfactory response, you could contact the ICO within 3 months of the university’s final response.
But it is important to note that you don’t necessarily have to make a complaint to the ICO in order to be able to make a data breach compensation claim. So, don’t worry if you didn’t make a complaint yourself, we can still help you. If you have evidence of a valid claim, give our team a call to learn how.
GDPR And Your Rights
For universities, part of complying with the GDPR is making sure they have an understanding of how to protect personal data. They should, for example, have an awareness of your individual rights. These are the right to:
- Deletion – enabling you to ask an organisation to delete some or all of the data they store about you.
- Access – you must be able to find out what data is held about you, and how it is used.
- Data portability – so that you can be sent a copy of the data held about you, in a file format you can open.
- Objection – if you feel your data is being used inappropriately.
- Be informed – you must be told how it will be used, for example.
- Restriction – so that you can stop your data from being used in certain ways.
- Correction – if an organisation is storing the wrong data about you, they should correct it if you ask.
You also have rights related to automated decision making and profiling.
If you have evidence of valid data breach claims against the University of Suffolk, call our advisors. They offer free legal advice.
Examples Of How Universities Have Been Affected By Breaches Of Data Protection
There have been multiple reports of data breaches affecting universities in the last decade or so. Perhaps the most widely known example is the Blackbaud breach that took place in 2020.
Blackbaud is a cloud software provider for universities, charities and other bodies such as nonprofits. In 2020, it became the victim of a cyberattack. This cyberattack allegedly exposed the data of over 120 clients, including a number of universities.
Back a bit further, in 2009, the University of Manchester was involved in a data breach. This was caused accidentally. A staff member emailed the personal data of 1,700 or more students to 469 recipients who were not authorised to have the data.
https://www.bbc.co.uk/news/technology-54370568
https://www.databreaches.net/uk-ico-takes-enforcement-action-against-manchester-university-for-data-breach/
Statistics About Breaches Of Data Protection
The statistics about university data security make for interesting reading. A Redscan report summarised findings from university answers to Freedom of Information requests in 2020.
- Only 54% of university staff have been trained in data security.
- One Russell Group university had only trained 12% of its staff in cyber security.
- 51% of universities proactively give security information and training to students.
- 37% offer security support to students who request it.
- 12% of universities don’t offer any security guidance to their students.
https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf
Claims For Breaches In Cybersecurity
In this section, we are going to summarise the reasons people could make data breach claims against the University of Suffolk.
If the university was responsible for protecting your data, but a breach occurred, they could be liable for your psychological and financial suffering. You could claim if you’ve endured either kind of suffering or both. You would, however, have to prove your claims.
For example, if the data breach led to theft from your bank account, you could use bills or statements as evidence.
If you suffered psychologically, you could use medical evidence. This could come in the form of a medical report that an independent professional creates during an assessment.
Other supporting evidence could include:
- Correspondence from the university that confirms you were the victim of a data breach
- Information you’ve received from the ICO about the breach
- Media reports regarding the breach
If you have evidence of a valid claim, call and speak to our team.
What You Could Claim For A Breach Of Data Protection And Privacy
After a data breach, there are many reasons you might seek compensation. Thanks to decisions made during the Vidal-Hall and others v Google Inc [2015] case, you could claim for psychological harm without having to claim for the financial loss too.
The Court of Appeal also held, during this case, that data breach compensation for psychological damage could be valued as it is for personal injury claims.
If your personal data was used to make nefarious financial transactions, you could be facing a high level of debt. In some cases, you might be able to claim some or all of this back.
If you have a valid claim, call and talk to an advisor to learn what you may be able to seek in compensation.
Calculating Compensation For Data Breach Claims Against The University Of Suffolk
Giving an average value for university data breach compensation can be unhelpful because each claim is unique. The compensation table below gives examples of some award ranges for psychological damage caused by a data breach.
We based the figures on those from the Judicial College Guidelines. This is a publication that solicitors may use to value injuries and conditions.
Injury | Severity | Range of Damages | More Info |
---|---|---|---|
Psychiatric Damage Generally | Severe | £51,460 – £108,620 | A bracket of psychological injuries that would be severe in nature. This would likely be caused by having to go through regular and repeated traumatic events. The psychological harm would have a very high impact on the life of the claimant. And it is unlikely a full recovery would ever be made, even after extended therapy. |
Psychiatric Damage Generally | Moderately | £17,900 – £51,460 | The psychological harm would have a significant impact on the life of the claimant. However, a full recovery could occur after long-term treatment. |
Psychiatric Damage Generally | Moderate | £5,500 – £17,900 | A bracket of psychological injuries that would be moderate in nature. The psychological harm would have a significant impact on the life of the claimant. However, in time, a full recovery could be expected to be made. |
Psychiatric Damage Generally | Less severe | Up to £5,500 | A bracket of psychological injuries that would be less severe in nature. The extent to which sleep and everyday activities are affected will be taken into account. |
To prove that the data breach caused or worsened your condition and to assess the severity of your injuries, you should attend a medical assessment as part of your claim. An independent expert would create a report based on their findings, which your solicitor (if you choose to use the services of one) could use as a valuing tool.
If you can’t see your condition in the compensation table above, get in touch. If you have evidence of a valid claim, our advisors could give you a free estimate of how much it could be worth.
Finding A Solicitor To Handle Your Cybersecurity Breach Claim
If you have the justifications and evidence to make data breach claims against the University of Suffolk, you may be considering using the services of a solicitor. You don’t have to use the services of a lawyer to make a data breach claim. However, some people choose to solicit their help because they want:
- Someone to take over the legal legwork.
- Help to break through the legal jargon.
- A professional to explain the process and give expert advice.
- Support in the unlikely event that the claim goes to court.
We can connect you with our solicitors to help you if you have evidence of a valid claim. They are experienced in data protection law and could ensure you have the best chance possible of winning your claim for a university data breach.
No Win No Fee Claims Against The University Of Suffolk For Data Breaches
Many people choose to use the services of a solicitor under a No Win No Fee agreement. Your solicitor would agree to charge you for their success fee only if the claim results in compensation. Other benefits include:
- No upfront solicitor fees,
- No ongoing solicitor fees during the claim.
- If your case does win, the success fee is small and legally limited. It can be taken straight out of the data breach compensation payment, meaning the balance benefits you.
All of our solicitors offer No Win No Fee agreements. If you have evidence of a valid claim, contact our advisors. They offer free legal advice and could also connect you with our solicitors.
Talk To Our Experts
You can contact our claims team by:
- Calling 0800 073 8804.
- Using our contact page.
- Using our live chatbox.
Explain your circumstances, and an advisor will let you know what your best course of action would be.
Related Services And Information
These links have some useful information:
Information About Personal Data Breaches
You may like to look over these other guides:
- University Of East London Data Breach Claims
- Understanding University Of Chester Data Breach Compensation Claims
- University Of Manchester Data Breach Compensation Claims
- University of Northampton Data Breach
- University of Portsmouth Data Breach
- University of Salford Data Breach
- University of Sheffield Data Breach
- University of Southampton Data Breach
- I Suffered Stress Due To A Data Breach, Am I Eligible To Claim Compensation?
- University of Surrey Data Breach
- University of Sussex Data Breach
- University of the Highlands And Islands Data Breach
- University of the West of England Data Breach
- University of Warwick Data Breach
- University of Westminster Data Breach
- University of Winchester Data Breach
- University of Wolverhampton Data Breach
- University of Worcester Data Breach
- Watford Community Housing Data Breach
- Whitbread Data Breach Compensation Claims
- Wiltshire Council Data Breach
- Wolverhampton Council Data Breach
- Wrexham County Borough Council Data Breach
- Lost and Stolen Devices Data Breach
- Virgin Media Data Breach Compensation Claims
Thank you for reading our guide examining the concept of data breach claims against the University Of Suffolk.
Written by Wheeler
Edited by Victorine