We've been featured in:

Birmingham City University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Birmingham City University Data Breach

How To Claim Damages For A Data Breach By Birmingham City University

If you have suffered psychological or financial harm due to a Birmingham City University data breach, this guide should tell you what you need to know about proving and making a data breach compensation claim. Universities, just like other controllers and processors of data, must abide by data protection laws, including the Data Protection Act 2018 and GDPR. If they breach these laws and it causes you material or non-material harm, you could be eligible to make a claim.

Birmingham City University data breach claims guide

Birmingham City University data breach claims guide

This guide has been put together to give you information and advice about how to prove a claim for a data breach by Birmingham City University. In the sections that follow, you can find out more about the data protection laws that are in place to protect your personal data, as well as reading about how universities are affected by GDPR.

We also explain what could constitute a data breach and what kind of compensation you could be eligible to claim.

If you’d like our help with making a data breach claim or want to ask us if you’d be eligible, please don’t hesitate to call our expert team on 0800 073 8804.

Select A Section

A Guide To Data Breach Claim Against Birmingham City University

This guide has been compiled to offer assistance to anyone seeking advice following a Birmingham City University data breach. Universities, just like any organisation that processes or holds personal data, has legal responsibilities to protect that data. If it doesn’t, and it breaches data protection laws, it could face investigations and fines from the Information Commissioner’s Office (ICO). It could also face having to pay victims of a data breach compensation for the financial and emotional harm caused by a data breach.

In the sections that follow, we explain the laws that protect your data in more detail and the responsibilities that Birmingham City University has towards the security of your personal data. We’ll also explain how Birmingham City University was affected by the Blackbaud hack, and explain how the victims of the data leak could claim compensation, either on their own or with the help of a lawyer.

If you have any questions about making such claims, we’d be happy to answer them. All you need to do is give us a call.

What Is A Data Breach Claim Against Birmingham City University?

If you are working for Birmingham City University, or you’ve studied there or are a current student, the organisation would more than likely have some of your personal data on file.

As an organisation that controls and processes personal data, a university must abide by the data protection laws in place, including GDPR and the Data Protection Act 2018. If your data is breached, and this violates data protection laws, whether as the result of employee mistakes, cyber attacks, phishing, a virus or other means, you could make a Birmingham City University data breach claim if you can prove that you’ve suffered emotional distress and financial harm because of the breach.

A data breach could have various unwanted consequences. It could lead to:

  • Physical theft – if someone has enough of your personal data they could access your bank accounts or make fraudulent purchases in your name
  • Identity theft – someone could assume your identity and apply for finance using your data
  • Loss of privacy – it could be possible for your sensitive personal data to be viewed by someone you didn’t want to see it
  • Emotional distress – a data breach could cause you to suffer distress, stress, anxiety or depression. You may lose sleep over it

How Could A Birmingham City University Data Breach Occur?

According to GDPR and the Data Protection Act, a data breach is an unlawful, accidental or unauthorised:

  • Access to data
  • Loss of data availability
  • Transmission of data
  • Alteration of data
  • Loss of data
  • Theft of data
  • Processing of data
  • Storage of data
  • Disclosure of data

It could happen in a number of ways, including:

  • Theft or loss of hard copy data – this could include a device theft or loss such as losing or having stolen a USB drive holding personal data, or the loss or theft of a computing device holding personal data
  • Criminal hacking – if someone were to hack into a computer system, they could access personal data
  • Malware – If a computer system is hacked, the hackers could install malware on systems that could include those that steal data by recording keystrokes, or they could install ransomware which means the organisation may have to pay a ransom to have the stolen information destroyed by the hacker
  • Employee mistakes – an employee could accidentally send your details to someone they shouldn’t have.
  • Viruses – Some viruses could include DDoS viruses, where there is a Distributed Denial of Service – this could lead to you being unable to access your data
  • Negligent maintenance of information security systems – if a cybersecurity program is not updated, it could render systems insecure, allowing for breaches of data to happen

Whatever the reason your data has been breached, if a Birmingham City University data breach has caused you to suffer financial or emotional harm, you could make a claim for it.

How Educational Organisations Are Bound By The GDPR

The world’s most strict information privacy and security law, GDPR, came into force in 2018. It protects the data privacy and security of any EU data subject, regardless of where in the world their data is being processed. Its 7 main principles are:

  • Storage limitation – the storage of data should be limited to the minimum amount of time it is needed for
  • Purpose limitation – the data processed should be only for the purpose it is meant for
  • Minimisation – the data processed must be the minimum amount needed for the purpose
  • Accuracy – data must be accurate and must be updated regularly to ensure this
  • Lawfulness, transparency and fairness – data controllers need to be transparent with data subjects about the data they are processing, and any processing/storage must be done lawfully and fairly
  • Accountability – organisations must be able to show compliance with GDPR
  • Confidentiality/integrity – the integrity and confidentiality of data must be protected

If an organisation isn’t operating according to the principles of GDPR, and your data is breached, you could seek compensation for the harm such a breach has caused.

How Has Birmingham City University Been Affected By A Data Breach?

In January 2012, personal details of undergraduates were breached due to an employee error at Birmingham City University. The employee responded to a Freedom of Information request. The details of thousands of applicants for the university were accessible on the website whatdotheyknow.com for around 6 months.

Source: https://thetab.com/2015/08/21/birmingham-city-uni-publishes-thousands-of-applicants-private-details-51050

Birmingham University isn’t the only university that has suffered a breach of data, however. In 2020, 8 UK universities were affected by the Blackbaud hack, a ransomware attack on the database provider that those universities used for data relating to alumni, staff and students.

Personal details including the address, contact details, full names, date of birth and gender were thought to be amongst the data that was subject to unauthorised access. While Blackbaud paid a ransom to the perpetrator of the hack and was confident that the stolen data had been destroyed, it was subject to unlawful access.

Source: https://www.bbc.com/news/technology-54370568

Another story of a university that has suffered a data breach is that of Greenwich University, which was fined £120,000 by the ICO due to a breach of nearly 20,000 people’s personal data.

Statistics On The Frequency Of Data Breaches Affecting Universities

A report issued by IT governance revealed that in 2018/19, 54% of UK universities reported a breach of data to the Information Commissioner’s Office. The report also stated that almost half of staff (46%) had not been given security awareness training; something that you might expect would be done as standard. It was also reported that just over half of universities provided security awareness training to students, which could leave their personal data insecure.

When it comes to network security, you may also be interested to learn that in tests conducted in 2019 by university ISP Jisc, over 50 universities had their data accessed in less than 2 hours.

Source: https://www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year

Claims For Stolen Information

Not only could a Birmingham City University data breach affect someone’s personal data, but it could also lead to loss of research material, something that could cost a person and a university a lot of time, effort and money.

The consequences of a breach of data relating to research and development of products within a university could lead to a loss of confidence in the university, and this could lead to a university losing funding. In addition to this, it could also lead to a loss of public confidence in the university, which could even affect enrolment.

Whatever the reason your data has been breached, if it has caused you to suffer harm, whether a loss of privacy, a loss of valuable research material, physical theft or emotional distress, we could assess your case and tell you whether you could be eligible for compensation.

What You Could Claim If Affected By A Data Breach

If you have suffered financially because of a university data breach in the UK, you could claim for the harm you’ve sustained because of the breach. You could also claim for loss of privacy.

You may be interested to learn that you could also claim for any psychological harm you’ve suffered because of the breach of your personal data. The reason that you could claim for psychological injuries is that legal precedent was set in a case that was heard in 2015, Vidal-Hall and others v Google Inc [2015] – Court of Appeal.

During this case, it was decided that claims for personal injuries that were sustained as a direct result of a data breach could be considered. What this means is that if you have suffered anxiety, loss of sleep, stress or depression due to a Birmingham City University data breach, you could claim compensation for it, provided you can prove the breach and the harm it caused.

Compensation Calculator For University Data Breach Claims

Calculating compensation for the material harm you’ve suffered from a Birmingham City University data breach could involve assessing the financial damages you’ve suffered already as well as those you could suffer in the future. Calculating the university data breach compensation that would be appropriate for psychological injuries would usually necessitate you visiting an independent medic so that your condition and prognosis could be assessed. The independent medical professional would write a medical report that could be used to come to an appropriate value for your claim.

Calculating such damages is something the Judicial College Guidelines could help with. This publication is used by solicitors and courts to come to appropriate settlements for personal injury claims. We have included some figures from the guidelines to give you an idea of what could be an appropriate level of compensation for your claim.

Edit
Psychological harm Further information Guidelines Compensation Bracket
Severe cases of psychiatric injury A significant impact on the injured person’s ability to effectively cope with life, education, work and relationships. If treatment has been sought, its impact would also be considered. £51,460 to £108,620
Moderately severe psychiatric injury There would be similar effects to the injured person to those in the above bracket. However, the person’s prognosis would be more positive than above. £17,900 to £51,460
Moderate psychiatric injury Again the impact would be similar initially to the above but there would have been some significant improvement in condition by the time the injured person’s claim was heard in court or negotiated. The prognosis for the injured person would be good. £5,500 to £17,900
Less severe psychiatric injury There would be an assessment on the impacts of the injury on the affected person’s sleep and their ability to cope with usual daily activities. Compensation payouts could be calculated based on how long they’d suffered and how severe the initial injury was. Up to £5,500
Severe PTSD Each aspect of the injured party’s life would have bene affected and they would not be able to live their life in the same manner as they did pre-trauma. £56,180 to £94,470
Moderately severe PTSD The affected person would have some hope of a better prognosis with professional help. In the most severe cases within this bracket, the effects would last into the foreseeable future. £21,730 to £56,180
Moderate PTSD For the most part, the affected person would have recovered. They may be some continuing symptoms but these would certainly not be disabling to any gross measure. £7,680 to £21,730
Less severe PTSD Almost a full recovery would have been effected within 1 to 2 years. Up to £7,680

We should also mention that you may be able to include within your claim expenses such as time off work, counselling/medical costs and travel expenses associated with your psychological injury. If you’d like to learn more about this, please do not hesitate to get in touch with our team.

Explaining The Data Breach Compensation Claim Process

In order to make a Birmingham City University data breach claim, you’d need to be able to evidence firstly that a breach occurred, and then you’d have to prove how you were affected by that breach.

You would have to make your claim within the applicable time limit (1 year for a human rights breach and 6 years for a data breach).

To make a complaint to the university without assistance, you could simply write them a letter, telling them how you believe your personal data was breached and letting them know how it has impacted you.

You could also ask them for compensation for a data breach under GDPR. If their response is unsatisfactory, you could escalate your complaint to the ICO. However, you would need to make sure you reported the data breach to the ICO within 3 months of the incident, as undue delays to reporting may mean the ICO wouldn’t investigate.

The Benefits Of Using Legal Services

Whether you follow the data breach reporting procedure on the ICO website or not, you could benefit from using a lawyer when you make a data breach claim against a university. The benefits of using a lawyer could include:

  • A lawyer could make sure they actioned your case before the limitation period was reached
  • They could ensure that all the legal documentation was in place to prove your claim
  • They could arrange for you to see an independent medical expert to evidence any psychological injuries
  • They could negotiate for the maximum compensation possible for your Birmingham City University data breach claim

No Win No Fee Data Breach Compensation Claims Against Birmingham City University

If you’d like to benefit from having a lawyer on your side when you make a Birmingham City University data breach claim, you may be interested to know that you wouldn’t have to pay a solicitor upfront. With No Win No Fee claims, you’d only pay your solicitor once your compensation had been paid out, and you wouldn’t pay them any legal fees if your claim didn’t result in a payout.

To begin a claim under these terms, you’d have to sign a Conditional Agreement. This document sets out the success fee that you’d pay your lawyer if they achieved a payout for you. You’d only pay this small, legally capped fee if your case was won. If it wasn’t, and no compensation was arranged for you, you wouldn’t pay your lawyer the success fee. Nor would you be required to cover their costs.

If you would like to learn more about proving a No Win No Fee Birmingham City University data breach claim, we’ve included a guide to such claims in our resources section. You could also call us if you’d like to chat with us over the phone about a No Win No Fee claim.

Finding A Lawyer To Help You

We could provide a solicitor to you who works under No Win No Fee terms. We could also answer any questions you might have about claiming and check your eligibility for free.

We have the knowledge and expertise to help claimants in a variety of situations claim the compensation they are entitled to. Our expert advisors are knowledgeable, friendly and happy to explain anything about making a claim in plain English, without complex and confusing legal jargon.

Our solicitors come highly recommended too, as you’ll be able to see if you check out our reviews page. We’d love to help you get the compensation you deserve.

Discuss Your Case

Ready to discuss your case with our expert advisors? Perhaps you have a few questions about making a Birmingham City University data breach claim? Or maybe you’re ready to begin a data breach claim for the harm that it has caused you?

Either way, we’re glad to help you. You can reach us via any of the following methods:

Related Data Breach Services

Data Breaches – A General Guide – This link takes you to our general guide to making data breach claims.

Claims Under No Win No Fee Terms – As promised, here are some more details of how No Win No Fee claims operate.

Breach By A Credit Card Provider – Has a credit card provider breached your personal data? This guide could help.

ICO Fines – Enforcement actions, including fines, are detailed on this page of the ICO website.

Compensation Advice From The ICO – This page details how you could take action against an organisation that has breached your personal data.

Data Breaches – ICO Information– The ICO has provided some information on what a data breach is and how you could be affected.

Other Useful Compensation Guides

Guide by Jeffries

Edited by Billing