Some educational establishments including universities need to retain personal information about their staff, students, supporters and alumni for various reasons. If that information ends up in the wrong hands because it is leaked in some way, the individuals concerned could be at risk and might suffer as a result. This article examines the concept of data breach compensation claims against Brunel University. We’ll consider how a university breach could happen, what harm it could cause and why you might receive compensation.
The laws regarding how data is stored, accessed and shared have changed over recent years when the General Data Protection Regulation (GDPR) was introduced. It was incorporated into the laws of this country in the Data Protection Act 2018. Following this introduction companies must store personal information securely. If a security breach happens and personal data is exposed, then the Information Commissioner’s Office (ICO) has the power to dish out huge financial penalties. Additionally, you might be able to claim compensation.
We have a team of data breach advisors here at Legal Expert. They provide free legal advice and can review your claim without any obligation for you to use or other services. If they believe you have a strong case, you’ll be referred to a specialist solicitor. Importantly they can offer you a No Win No Fee agreement if they take it on.
If you are ready to start a claim today, please contact us on 0800 073 8804. Alternatively, please continue reading to find out more about making a data breach claim against a university.
Select A Section
- A Guide To Data Breach Compensation Claims Against Brunel University
- What Is A Data Breach By UK Universities?
- What The GDPR Means For Universities
- How The Blackbaud Data Breach Affected Brunel University
- How Many Universities Have Suffered Data Breaches?
- Preventing Data Breaches Caused By Criminal Activity
- How You May Be Compensated?
- Claims Calculator For University Data Breaches
- Finding A Solicitor To Help With Your Case
- No Win No Fee Data Breach Claims Against Brunel University
- Talk To Our Team
- Need More Information?
A Guide To Data Breach Compensation Claims Against Brunel University
Data breaches are commonly associated with IT security issues like phishing, malware, ransomware, password attacks, as well as, denial of service attacks. While that is often the case, the GDPR also covers data breaches involving physical documentation. That means, as an example, universities that have any files containing personal information in an office should store them in locked cabinets. In addition, when they’re finished with the documents, they should securely destroy them. Importantly, they shouldn’t throw them away with normal rubbish where they could end up in the public domain.
As well as keeping personal information safe, universities and other organisations must let you know why they use your data. This can be done at the time you sign up where you’ll find a list of preferences on your application form.
If you are considering claiming compensation for a Brunel University data breach, then you will have to abide by the strict time limits. In many cases, you’ll have a 6-year limitation period. For some, though, the time limit will reduce to a single year if their claim relates to a human rights breach. Our solicitors usually advise that starting a claim early will often make it easier to obtain evidence to substantiate it. Additionally, you are likely to find it easier to recall the effects of the data breach.
We can help you start a claim today. Once you have finished reading please call our advice line if you’d like to start the claims process or if you would like us to answer any remaining questions.
What Is A Data Breach By UK Universities?
As mentioned in the previous section, university data breaches don’t always involve computer systems. That said, one cyber attack which had the potential to harm students, staff and supporters of Brunel University happened. A software firm that provides a database management system for the higher education sector (and other groups too) was the victim of a ransomware attack. Therefore, we’ll look at the Blackbaud hack later on.
A data breach is defined in the GDPR as a security problem that causes personal information to be lost, disclosed, destroyed, altered or accessed by unlawful means or accidental. In some cases.
Therefore, if a company finds out that they’ve been involved in any form of data breach, they need to assess if there is any risk to the individuals involved. They must also let them know what happened, how it happened, and what information was exposed. In many cases, they will also need to let the ICO know about the data breach.
To ask questions regarding this guide to data breach claims against Brunel University, please call our team today.
What The GDPR Means For Universities
The GDPR is a very good source of information regarding what responsibilities organisations have in relation to data protection. It defines roles like:
- A data subject.
- The data controller.
- The data processor.
The controller is the organisation that wants to process personal information. They can also be the data processor, or they could hire an external company to process the data on their behalf. The data subject is the person whose information is going to be processed and stored.
All data controllers are required to show compliance with the following principles:
- The processing method must be obvious to the data subject, fair and legal.
- Personal information can only be stored for as long as the controller requires it.
- The data controller should process a minimum set of data.
- They need to keep stored personal details up to date.
- The data processing method needs to be secure as well as confidential.
Personal information means any data that could be used to help identify a data subject directly or indirectly. It could include information about protected characteristics like disability, gender, ethnicity or age, as well as ID numbers, names, telephone numbers or email addresses.
If you would like our advice about what could justify a Brunel University data breach, why not ask for a free assessment of your case today?
How The Blackbaud Data Breach Affected Brunel University
We are now going to provide more information on the Blackbaud data breach which we mentioned briefly earlier. The company is a cloud computing provider to not-for-profit charities as well as the higher education sector. Many universities use the cloud-based software to manage relationships with alumni and supporters.
Between February 2020 and May 2020, an unknown cyber-attacker hacked Blackbaud and stole some of its data. Brunel University reported that the information may have included:
- Contact details.
- Professional details.
- Demographic and educational details.
- The individual’s relationship with the university.
- Fundraising activities.
They went on to state that the investigation found no evidence that the hacker accessed payment details or passwords. But, a later BBC report suggested that this could have been the case for some organisations. At the time of the news story, the Information Commissioner’s Office was aware of at least 166 UK organisations that the security breach had affected in some way.
Blackbaud decided to pay the ransom and received guarantees from the criminals that the information was now useless.
An investigation was undertaken and:
- Involved those individuals affected.
- Kept the ICO updated.
- Are discussing the case with Blackbaud to find out why there was a delay between the breach being spotted and the university being informed.
Sources:
- https://www.brunel.ac.uk/news-and-events/news/articles/Blackbaud-response
- https://www.bbc.co.uk/news/technology-54370568
If you think you’ve been affected by the cyberattack on Blackbaud and think you may have suffered a university data breach, please don’t hesitate to contact us. Our team will work with you to review your case and determine if you could be entitled to compensation.
How Many Universities Have Suffered Data Breaches?
As we have seen already, universities hold vast amounts of personal information. They hold information about their staff, alumni, fundraisers and students. In addition, many universities are involved in critical research which has the potential to involve sensitive personal information as well.
We have included some information about a study recently conducted. The study involving Freedom of Information requests relating to data security received 86 responses. The figures within the study reveal that:
- 54% of the responding universities contacted the ICO because of data breaches in the past 12 months.
- The average staff training budget is just £7,529 per year.
- Just 51% of universities provide proactive student training.
- The most common type of attack was phishing.
- Only29% of the respondents commissioned more than one third-party penetration test to look for security flaws.
Source: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf
Hopefully, now that the new GDPR rules have been implemented, training in data security should increase for university students and staff. Not only could that prevent further data breaches of sensitive information, but it could also stop the ICO from having to issue fines to universities.
Preventing Data Breaches Caused By Criminal Activity
So, how can universities improve their chances of not being the next victim of a data breach? Here are some potential steps that could help:
- Penetration testing: Using third-party security firms to highlight problems with network and computer services. In addition, they can spot physical problems like a lack of security in server rooms.
- Training: Staff and students can improve their understanding of their data protection responsibilities.
- Keeping up to date: Updating software and apps to the latest versions can remove the risk of known flaws causing problems.
- Reviewing policies: Regularly checking and updating data protection policies and procedures.
While these measures might be costly, as mentioned previously, they could help prevent a lot of harm and financial penalties in the future.
How You May Be Compensated?
If you end up starting a data breach claim, it will usually consist of two main parts: material and non-material damages. Material damages look to compensate you for any financial losses you have incurred following the data breach. Non-material damages compensate you for any psychological injuries that are a result of the breach.
You’re only allowed to make one claim so it is important that you consider any future losses or damages when lodging a claim. If you fail to claim for everything at once, you could find yourself struggling to deal with the effects of the data breach later on in life.
As an example, if your solicitor only claimed for the financial losses you’ve incurred already, you might find yourself in financial difficulty at a later date. That could be possible if someone sold your personal details to criminals and they continue to use them in future identity theft crimes. Therefore, you might need to consider this future suffering.
Similarly, a solicitor should consider any health issues you have but also look at the prognosis. They should ask an independent medical expert to assess whether anxiety, Post-Traumatic Stress Disorder (PTSD) or depression symptoms will affect your life, work or relationships in the future.
We advise that having a legal professional on your side could help you achieve the correct level of compensation for the harm a data breach can cause. If one of our solicitors takes on your case, they will review your claim thoroughly to try and make sure you have everything included.
To find out more about how Legal Expert could help you start a claim, please give us a call today.
Claims Calculator For University Data Breaches
You may assume that you can only claim compensation for psychological injuries if you’ve suffered a financial loss first. However, judges at the Court of Appeal decided that, for data breach claims, that’s not the case (Vidal-Hall and others v Google Inc [2015]). A compensation award for mental suffering should be made at the same rate as personal injury claims.
To demonstrate how much compensation could be awarded for injuries relating to a data breach, we’ve included the table below. It shows figures taken from a document, used by legal professionals and courts to help value injuries, called the Judicial College Guidelines.
Type of Claim | Severity Level | Settlement Range | Details |
---|---|---|---|
Psychiatric Injuries (general) | When settling cases of diagnosed psychiatric damage, 4 factors are considered: 1) How the claimant’s ability to cope with life in general or work are affected; 2) Whether treatment could help; 3) How the claimant’s personal and professional relationships are affected; 4) The claimant’s prognosis. | ||
Psychiatric Injuries | Severe | £51,460 – £108,620 | In this category, the claimant will have a very poor prognosis with serious problems relating to all factors. |
Psychiatric Injuries | Moderately Severe | £17,900 to £51,460 | In this category, the claimant will have a more optimistic prognosis with significant problems relating to all factors. |
Psychiatric Injuries | Moderate | £5,500 to £17,900 | In this category, the claimant will have suffered with all the factors listed but a good prognosis will be offered because there will already have been a good amount of recovery. |
Psychiatric Injuries | Less Severe | To £5,500 | This category will account for how long the claimant will have suffered and the amount of time that daily activities have been affected. |
You’ll notice that the value of the award links to how severe your injury is. That’s why, during your claim, you’ll need to attend a local medical assessment. A medical specialist will discuss your injuries and will potentially review your medical notes. After your meeting comes to an end, the professional will write a report which explains their findings. They’ll forward it to your data breach solicitor to help them value your claim
Finding A Solicitor To Help With Your Case
We hope you have found this guide to data breach claims against Brunel University useful. The next thing you might want to do is choose a data breach solicitor to help you. That might mean speaking to friends and asking for a recommendation, looking in your local area for a suitable law firm or turning to online reviews.
Alternatively, to make the whole process easier and faster, you could call Legal Expert’s advice line. You’ll have plenty of opportunities to discuss your claim and ask as many questions as you need. If the advisor believes the grounds for your claim are strong enough, they could connect you to a specialist solicitor.
If we take on your claim, your solicitor will explain any legal jargon and provide regular updates. They’ll be available to answer any questions that might arise. And, they will work tirelessly to try and achieve the maximum amount of compensation for your case.
Please let us know if you would like more information about how we could help you start a claim.
No Win No Fee Data Breach Claims Against Brunel University
We realise that many people delay making a claim because they are worried about the costs of a solicitor. Although it is not compulsory to have a solicitor on your side they do bring huge benefits to any case. Therefore, to remove a lot of the worry, stress and financial risk, our solicitors provide a No Win No Fee solution for all claims they take on.
Before accepting your case, a solicitor will need to review it carefully to assess its chances of success. Then Iif they believe your claim is suitable, they’ll give you a Conditional Fee Agreement (also referred to as a CFA) to sign. This contract explains what work your solicitor will carry out and that:
- They won’t require their fee payment before the claim begins.
- Also, you won’t have to pay any hidden charges or solicitor’s fees while the claim progresses.
- And, should the claim be unsuccessful, they won’t request their solicitor’s fees at all.
In the event that you win your claim, your solicitor will hold on to a small portion of any compensation settlement to cover their costs. In the CFA, this fee is called a success fee which is legally capped. To ensure there are no surprises once your claim is finalised, the percentage you will pay is clearly indicated in your contract.
Check whether you could qualify for our No Win No Fee service and discuss your claim with an advisor today.
Talk To Our Team
We hope that you have found the information in this guide to data breach claims against Brunel University useful. If you believe that you have the right to start a claim, why not contact Legal Expert by:
- Telephone: Call us on 0800 073 8804 to speak with a data breach advisor.
- Email: Send us details about how you’ve suffered to info@legalexpert.co.uk.
- Live Chat: Discuss your case and receive claims advice from an online advisor.
- Online: Begin your claim by completing this form and we will get back to you.
Finally, our claims process is quite straightforward, and we’ll always be honest about your chances. Our advisors will assess any claim for free and provide complimentary legal advice. Should you appear to have a strong enough claim, we could refer you to our specialist data breach solicitors. They’ll provide a No Win No Fee service for any claim they take on.
Need More Information?
To conclude, thank you for reading this article on data breach claims against Brunel University, it’s time for us to provide you with some additional useful resources. We’ve also provided links to other types of compensation claims that Legal Expert could help you with in the future. Please do feel free to contact us if there is any further information you require.
Be Data-Aware – A series of guides from the ICO explaining how you can control access to your personal information on a daily basis.
Mental Health Services – Advice from the NHS on how you can access their mental health support services.
Car Accident Compensation – Details on when you could be entitled to compensation for injuries sustained in a car accident that wasn’t your fault.
Spinal Injury Claims – A look at when a back injury caused by somebody else’s negligence could make you eligible to start a claim.
Care Home Negligence – An explanation of the types of negligence in a care home that could lead to a compensation claim.
Other Useful Compensation Guides
- University of Nottingham Data Breach
- Capital One Data Breach Compensation Claims
- St George’s Healthcare NHS Trust Data Breach
- Sunderland City Council Data Breach
- Abertay University Data Breach
- Aberystwyth University Data Breach
- Ashford Borough Council Data Breach
- Bangor University Data Breach
- Bath Spa University Data Breach
- Bedford Borough Council Data Breach
- Birmingham Council Data Breach
- Bishop Grosseteste University Data Breach
- Boots Advantage Card Data Breach
- Bournemouth Borough Council Data Breach
- Bradford Council Data Breach
- Brighton and Sussex University Hospitals NHS Trust Data Breach
- Can I Get Compensation For Loss of Medical Records?
- Buckinghamshire Council Data Breach
- Butlins Data Breach Compensation Claims
- Canterbury Christchurch University Data Breach
- Easyjet Data Breach Compensation Claims
Article by Hambridge
Edited by Victorine