Can I Make A School Data Breach Claim For My Child?
By Mel Ryan. Last Updated 4th March 2024. If a teacher breached your child’s personal data, you may be wondering whether you’re eligible to seek compensation. In cases where the schools wrongful conduct caused your child’s personal data to be breached resulting in them suffering harm, you may be able to claim compensation on their behalf. This guide will help you understand the steps you can take to launch a data breach claim on behalf of your child.
Additionally, in this guide, we’ll help you understand what constitutes a valid claim and why your child may be eligible for data breach compensation. We have also aimed to answer the following questions throughout our guide:
- What is personal data in schools?
- What personal information do schools process and why do they need to keep it safe?
- What happens if a teacher breaches the UK GDPR?
- What is a common example of a personal data breach in schools?
- Who has access to a child’s personal information held in schools?
- Can you sue a school for leaking personal information?
You might already be eager to take action. If so, our advisors are on hand to offer free legal advice. Furthermore, we can provide a data breach solicitor to represent the claim on a No Win No Fee basis, provided it’s valid.
To get in touch, you can:
- Call us on 0800 073 8804
- Use our live chat function which is available 24/7
- Or fill in our online contact form
Select A Section
- Data Protection In Schools
- What Sensitive And Personal Data Could Teachers Have Access To?
- How Could A Teacher Have Breached Your Child’s Personal Data?
- Could Teachers Be Fined For Breaching A Child’s Data Privacy?
- A Teacher Breached My Child’s Personal Data – What Could Be Awarded?
- When Personal Data About Children Is Stolen Or Breached – How To Start A Claim
- Contact Us If A Teacher Breached Your Child’s Personal Data
Data Protection In Schools
There is legislation in place to protect your child’s personal data. As a data controller, schools have a responsibility to protect pupils’ personal data under the Data Protection Act 2018 (DPA). This piece of legislation was updated after the UK left the European Union and sits alongside the UK General Data Protection Regulation (UK GDPR).
A data controller decides how data is collected and used, whilst a data processor, usually an external party, processes data on behalf of the data controller. If a data controller or processor does not adhere to data protection laws, then you or your child is harmed because personal information is breached, under these laws you could be eligible to make a claim.
The Information Commissioner’s Office (ICO) enforces data protection law and issues fines as well as other enforcement actions to organisations that fail to adhere to the legislation in place.
The ICO defines a personal data breach as a security incident that impacts the availability, integrity or confidentiality of an individual’s personal data. An incident of this nature may lead to your personal data being unlawfully or accidentally accessed, destroyed, lost, altered or disclosed without authorisation.
Claiming for a data breach
If a school or teacher breached your data, you may be able to make a claim for data breach compensation. You must show that the school, as a data controller, failed under the UK GDPR to keep your, or your child’s, personal data safe.
If the school’s positive wrongful conduct resulted in you or your child suffering emotional distress or enduring financial loss as a result of a data breach, you could have grounds for an eligible claim. However, evidence must be provided that can demonstrate the harm experienced.
Continue reading to find out what data protection laws schools must abide by. Alternatively, if you have any questions, our advisors are available 24/7 and can give you free legal advice on how to claim following a school data breach.
UK GDPR Compliance For Teachers
There are several core principles of UK GDPR that schools must comply with, including:
- Using data lawfully, fairly and transparently
- Only processing data for the purpose that was originally intended
- Limiting the data you hold to what is necessary for the purpose of processing
- Keeping information updated, for example, home addresses and phone numbers
- Only holding personal data for as long as it’s needed
- Having security measures in place to protect personal data
- Taking responsibility for the personal data held and complying with the other principles
If a school failed to adhere to UK GDPR, it could risk a fine from the ICO. Furthermore, a data breach could lead to the child suffering psychological harm.
What Sensitive And Personal Data Could Teachers Have Access To?
The ICO defines personal data as information that can be used to identify someone, such as a student’s name, address, email address or phone number. However, some data requires more protection due to it being considered more sensitive. For example, data containing information on a student’s:
- Racial or ethnic origin
- Religious belief
- Medical data
- Sexual orientation
If a teacher breached your child’s personal data, speak to our team to find out how we could help. Otherwise, continue reading our guide.
How Could A Teacher Have Breached Your Child’s Personal Data?
Breaches of data may happen in schools for a number of reasons, including human error or failure to put procedures in place to reduce the chance of a personal data breach occurring. Examples might include:
- Wrong postal address: Although your correct address is on the school system, a teacher may have sent a letter containing personal information regarding your child to the wrong address.
- Lack of cyber security: The school’s database may not have up-to-date cyber security, resulting in hackers stealing your child’s personal data.
- Lack of data protection training: A teacher may have failed to store your child’s educational record securely, meaning it was accessed by someone who was not authorised. This may have resulted from the school failing to ensure their staff received adequate training on protecting pupils’ personal data.
What Happens If A Teacher Breaches the UK GDPR?
According to the latest data security incident trends published by the ICO, for the third fiscal quarter of 2021/22 the education and childcare sector is the second most affected by data security incidents. During this time 2,404 were reported to the ICO.
If a teacher breached your child’s personal data, it could impact them in various ways. For example, if sensitive information was breached, it could lead to your child being discriminated against or harassed.
This could cause them to experience emotional distress or other psychological harm such as depression. Additionally, you may suffer from financial loss as a result of taking time off work to care for your child.
For more information on the steps you could take following a personal data breach, our advisors are on hand 24/7. You can call on the number above.
Could Teachers Be Fined For Breaching A Child’s Data Privacy?
The ICO can investigate data breach incidents and may fine organisations that are found to be responsible, including schools. A school should report a data breach incident to the ICO when personal data has been breached and it affects rights and freedoms. It must do so within 72 hours and without undue delay inform those affected.
Back in 2018, a former headteacher was fined in court for processing students’ personal data without a lawful basis. There was no lawful reason to process the personal data, this meant he had breached data protection laws.
If you have evidence that a teacher breached your child’s personal data, call our team to find out about making a claim on behalf of your child.
A Teacher Breached My Child’s Personal Data – What Could Be Awarded?
If the school data breach claim is successful two Heads of Loss can be claimed for. These are:
- Material damages: These cover any financial losses or expenses incurred by the breach of your personal data. However, you must provide evidence to claim these losses back. For example, you could provide payslips to highlight any loss of earnings.
- Non-material damages: These provide compensation that accounts for psychological harm caused by the breach, for example anxiety.
Previously, you were only able to claim for psychological damages if you had suffered financial harm. However, following Vidal-Hall and others v Google Inc (2015), the Court of Appeal ruled that it is possible to claim for a psychiatric injury caused by a data breach without claiming financial losses.
In order to accurately value how much compensation is owed, solicitors may use a publication called the Judicial College Guidelines to help them. We have used figures from the guidelines to create the table below. Please only use these as a guide though, because the actual settlement you receive will differ.
Injury | Compensation Range | Notes |
---|---|---|
Severe Psychiatric Damage Generally (a) | £54,830 to £115,730 | The person will experience significant problems with different aspects of their life and have a very poor prognosis. |
Moderately Psychiatric Damage Generally (b) | £19,070 to £54,830 | The prognosis will be better than in more severe cases. |
Moderate Psychiatric Damage Generally (c) | £5,860 to £19,070 | The person will have a good prognosis and will have made a significant improvement. |
Less Severe Psychiatric Damage Generally (d) | £1,540 to £5,860 | Factors such as how long the person has been affected will be considered. |
Severe Post-Traumatic Stress Disorder (a) | £59,860 to £100,670 | The person may find all aspects of their life are affected, including their ability to work and sleep. |
Moderately Severe Post-Traumatic Stress Disorder (b) | £23,150 to £59,860 | Professional help may improve the prognosis. |
Moderate Post-Traumatic Stress Disorder (c) | £8,180 to £23,150 | The person will have mostly recovered with some moderate symptoms continuing. |
Less Severe Post-Traumatic Stress Disorder (d) | £3,950 to £8,180 | The person will have largely recovered within two years. |
Alternatively, you could use our data breach compensation calculator to get a rough estimate of what your claim is worth. However, if you would like a free and more accurate estimate, you can call our team on the number above.
When Personal Data About Children Is Stolen Or Breached – How To Start A Claim
As discussed above, legislation is in place to protect personal data. If you are wondering if you can sue a school for a data breach, the legislation also sets the compensation eligibility criteria to claim.
The eligibility to claim for a breach of your child’s personal data is as follows:
- You need to prove that the data controller or processor failed to comply with data protection legislation.
- This failure resulted in a data breach that was either accidental or deliberate.
- Your child’s personal data was compromised in the breach.
- They suffered harm, either mental or financial due to this.
It is possible that the school may offer compensation on behalf of your child. You may wish to seek legal advice before accepting an offer. Call our advisors for free advice about what steps you could take if your child’s personal data was compromised.
What Evidence Do I Need To Claim For A School Data Breach?
If you are looking to make a school data breach claim in the UK, it’s essential that you have evidence. Evidence can help prove that you or your child’s personal data was involved in the school data breach, and how this has affected you mentally and financially.
Some examples of evidence that you could collect to help strengthen your data breach compensation claim include:
- Correspondence with the ICO: If you report the data breach to the ICO, they may choose to investigate. If they do, their findings could be used as evidence in your claim. However, you must do this within 3 months of your last meaningful communication with the school about the data breach.
- Medical records: Medical records or other official documentation showcasing the way in which the breach has affected you or your child psychologically could be used as evidence.
- Correspondence with the school: If you received a letter or email of notification from the school, stating that you or your child’s personal data has been breached, this could be used as evidence. You could also ask them to clarify what data was compromised, and the steps they plan to take to avoid this situation happening again.
- Bank statements or invoices: Bank statements, invoices, or bills that showcase how the breach has affected you financially can help prove a claim for compensation.
To learn more about the evidence that could be used in personal data breach claims or to find out how one of our solicitors could help you strengthen your claim, contact our team.
Contact Us If A Teacher Breached Your Child’s Personal Data
If personal data about your children has been compromised in a data breach by a teacher, you may be thinking of making a personal data breach claim on their behalf. Our advisors are available now if you need some free advice. They can provide you with a free consultation to have the potential school data breach claim assessed for free. If they find that the claim has merits, they can offer to introduce you to a No Win No Fee data breach solicitor.
Our solicitors could work on your case on a No Win No Fee basis. To do this, they will generally ask you to enter into a Conditional Fee Agreement CFA with them. When working with a solicitor on this basis, it generally means:
- No solicitor fees to needed upfront
- No fee needed to pay for the solicitor’s service as the case progressors
- If the claim fails, then no fees for the service the solicitor has provided are ended.
If the claim is successful, a solicitor working under a CFA can take a legally capped success fee from the compensation that has been awarded.
To find out if you could work with one of our No Win No Fee data breach solicitors, please call our advisors using the contact details below.
To get in touch, you can:
- Call us on 0800 073 8804
- Use our live chat function, which is available 24/7
- Or fill in our online contact form
More Resources On What To Do If A Teacher Breached Your Child’s Personal Data
Here are some additional resources that you may find helpful:
- GOV- Guide to the General Data Protection Regulation
- ICO – Make a complaint
- NHS – Post-traumatic stress disorder
- Find out if you could make a claim if your ethnicity was disclosed in a data breach, and learn more about the data breach claims process.
- If devices being lost or stolen have resulted in a personal data breach, you may be able to claim. Contact our team today for more information.
- Our guide offers more information on whether sharing an email address is a breach of personal data, and provides further insight into the claims process.
- To learn all about the Norfolk And Suffolk Police data breach, head here. You can find information on making a compensation claim, how the breach happened, and who’s been impacted.
We hope this guide on what to do if a teacher breached your child’s personal data has helped. However, if you need any further information, call our team on the number above.