We've been featured in:

Durham University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Durham University Data Breach

All universities need to store personal information about their staff and students. There’s no way around it because without that information it would be impossible to run the university effectively. However, the personal data they hold could cause a lot of harm if it ended up in the wrong hands following a data breach. While this article will examine data breach compensation claims against Durham University, it will also look at how data breaches could occur and what type of damage they could do.

Durham University data breach claims guide

Durham University data breach claims guide

While data privacy has always been important, the introduction of the General Data Protection Regulation (GDPR) along with The Data Protection Act 2018 has really tightened things up. Once the data has been processed, it needs to be stored securely.

Any failure to do so that results in a data breach could mean that the Information Commissioner’s Office (ICO) will investigate and fine the responsible organisation. Moreover, you might be entitled to claim compensation for the harm caused by a data breach.

Legal Expert can help you if you’re considering making a claim. We provide a telephone-based consultation (without obligation) along with free legal advice. If your claim is assessed as having a reasonable chance of success, you could be partnered with a specialist No Win No Fee solicitor.

To discuss your claim options right away, please call today on 0800 073 8804. To find out more about claiming for a data protection breach, please continue reading.

Select A Section

A Guide To Data Breach Claims Against Durham University

There are a lot more tick boxes and pop-up boxes in our lives these days! You’ll probably see them when you make a purchase, book an appointment, visit a website and even when you enrol on a university course. The reason they are there is that the organisation you are providing personal information to is abiding by the rules of the GDPR.

These checks, which sometimes feel annoying more than anything, are important. That’s because they give you the option to control how your personal data is used. In the first instance, organisations need to tell you exactly why they want to process information about you. Secondly, they have to obtain your authority to do so. But not always. Finally, any information that could help to identify you must be kept safe to prevent unauthorised access to it.

The ICO has the power to issue huge financial penalties to any organisation who breaks the new data protection laws. However, they can’t issue compensation to you even if you are harmed by the breach. The only way that will happen is if you make a compensation claim to the responsible organisation directly.

If you do wish to claim, you’ll need to do so within the relevant time limit. In the main, you will have 6-years to claim. But any claim based on human rights breaches only has 1-year. If you begin your claim as early as you can, you are likely to find it easier to discuss the impact of the data breach. Also, data breach solicitors often find it easier to gather supporting evidence the earlier the claim begins.

Once you have read this article, please call us if you have any queries or if you would like to begin a data breach claim.

What Is A Data Breach By A University?

When you hear the phrase ‘data breach’, do you automatically think of computer security issues like malware, phishing emails, viruses, hacking or ransomware? Well, that’s quite common but it’s important to point out that the GDPR doesn’t just cover digital information. Any personal information on physical documents is also covered by the new rules.

Within the GDPR document, a personal data breach is listed as a security issue that causes your personal information to be lost, disclosed, destroyed, altered or accessed either accidentally or deliberate.

If a data breach occurs, the data controller (the organisation who is responsible for the personal information) needs to inform the ICO. But not always.  They also need to inform any data subject if there is a potential for the breach of personal information.

Are you still unsure what a potential Durham University data breach could look like, please speak to a member of our team today.

How Is University Data Protected By The GDPR?

There are several principles defined in the GDPR which all data controllers need to prove that they adhere to. They include:

  • The act of data processing has to be fair, legal and obvious to the data subject.
  • Data must only be stored for as long as is necessary.
  • No more data than is required should be processed.
  • All personal information that has been processed and stored needs to be kept up to date.
  • Data processing should be carried out using methods that are secure and confidential.

Personally identifiable information is listed in the GDPR as any data which could lead to the identification of a data subject. For example, this could include student numbers, names, email addresses, home addresses, telephone numbers and also information relating to some characteristics. For example; disability, age, sexual orientation or ethnicity.

We could help you begin a data breach claim if you’re able to show that it has caused you some form of harm. That could be financial losses. Or it could be suffering such as anxiety, stress or depression. Why not call one of our specialist advisors if you would like to discuss beginning a claim today?

The Durham University Data Breach

In this section, we are going to look at a data breach involving Durham University. It is important to state that the ICO can issue fines to organisations responsible for data breaches even if they were caused accidentally. In this particular case, a data breach involving the personal information relating to some staff and students was leaked because of an oversight when uploading content to a website.

The incident took place because the university wanted to advertise how it used different systems on its website. As part of this process, photographs were taken of the software being used and uploaded into the news article which appeared online.

The problem was that the photographs contained the names, dates of birth and addresses of around 170 former staff and students. After the university realised what had happened, the images were removed and the ICO was informed.

An ICO statement said that although the university had online training relating to data protection issues, only one-fifth of non-manual staff had accessed it. Additionally, senior staff were supposed to pass on their training to other staff, but the university had not monitored whether this happened.

Following the breach, the university will make sure staff are trained full on how to follow the organisation’s data protection policies.

Source: https://www.zdnet.com/article/ico-raps-durham-university-over-online-data-breach/

What Percentage Of Universities Have Had Data Breaches?

We have just shown you how data breaches can happen. Some happen deliberately and some are caused by accidents. Here we have provided some statistics from a report issued by an IT company.

In the report, which was based on responses from 86 universities, it was found that:

  • In the past 12 months, a staggering 54% of respondents had needed to inform the ICO of a data breach.
  • The overall annual staff awareness training budget was only £7,529 on average per university.
  • 49% of universities offered no proactive training regarding data safety practices to students.
  • 27% admitted that their university had never employed ‘penetration testing’ firms to seek flaws in the IT infrastructure.
  • 46% of staff had not been trained in data safety principles in the past year.

Report URL: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf

Stopping Attacks Against Universities By Cyber Criminals

If nothing is done to stop cybercriminals, the scale of the problem will no doubt increase. So, what could universities do to mitigate the risks? Well, they could:

  • Make sure all computer hardware and software is kept up to date.
  • Train all staff, students and contractors about data safety.
  • Use encrypted devices so stored information can’t be accessed if they are stolen or lost.
  • Review data privacy policies regularly and keep them up to date.
  • Ask 3rd party security firms to try and spot potential problems so that they can be fixed before hackers identify them.

There’s no doubt that some of these steps might be costly but they could help universities to fulfil their legal obligation to keep data safe and prevent data subjects being harmed. In addition, the initial cost could easily be outweighed by an ICO fine if security measures aren’t increased.

Different Types Of Data Breach Compensation

Each and every compensation claim is different. Mainly that is because claimants suffer in different ways. This means that we can’t tell you what could be included in your claim until it has been reviewed properly. However, in this section, we are able to show you the different types of compensation that could be claimed.

In most cases, claims are split into material damages. These aim to compensate financial losses. Non-material damages. This is where psychological injuries are claimed for. As well as considering what suffering has already happened as a result of the data breach, your solicitor will also check if any future suffering might be caused.

As an example, if you have lost money because your details were sold to an identity thief, then those losses would be claimed for. Additionally, if your details are still circulating around the dark web, it might mean that a claim for future losses could be needed as well.

In the same way, if you have diagnosed mental health problems that have resulted from the data breach, you could claim compensation for them. An independent specialist could also be used to determine if those problems could have a longer-term effect. For example your ability to maintain relationships or whether you’re able to continue working.

Taking all aspects of your case into account is really important. You are only allowed one claim. If you realise years down the road that you have been affected in ways you hadn’t thought about, you are not able to request additional compensation if you have already settled in full. For that reason, we advise that you let one of our specialist solicitors review your case. They can try and make sure that the full impact of the data breach is considered before your claim is submitted.

Data Breach Compensation Calculator For Claims Against Durham University

It is now time to move on and look at what amount of compensation could be paid for the injuries that could be caused by a data breach. This section looks at figures in general not against a particular organisation. Importantly, a decision made in the Court of Appeal, (while reviewing the case of Vidal-Hall and others v Google Inc [2015]) means that psychological injuries can be claimed without having suffered financial losses. Payments for such injuries should be made in line with personal injury claim amounts.

The Judicial College Guidelines (JCG) is used by legal professionals to help work out how much compensation should be awarded for different injuries. Therefore, we have provided the table below. It contains some example amounts from the JCG that could be relevant to psychological suffering.

Edit
Type of Injury Severity Level Compensation Additional Details
Psychiatric Damage Severe £51,460 to £108,620 In this category, the victim will be vulnerable in the future. There will be a very poor prognosis.
Psychiatric Damage Moderately Severe £17,900 to £51,460 Significant problems will exist but a more optimistic prognosis will be offered.
Psychiatric Damage Less Severe Up to £5,500 The amount awarded in this category will assess how long daily activities were affected and how long the injury lasted.
Post-Traumatic Stress Disorder (PTSD) Moderately Severe £21,730 to £56,180 In this category, PTSD will cause significant problems for the foreseeable future but there will be hope of some recover with professional support.
Post-Traumatic Stress Disorder (PTSD) Less Severe Up to £7,680 This category covers cases where all major symptoms of PTSD have been resolved with one or two years.

As it is vital that you can show the nature of your suffering, you will need to visit a local specialist for a medical assessment. While you are at the meeting, the independent specialist will examine you by asking questions about your psychological injuries. They will also refer to any medical records available to them. After the appointment, a report will be created detailing the specialist’s findings and which could be sent to your solicitor if you are not representing yourself.

Why Should I Choose Legal Expert For My Case?

We understand that many people who are looking for a data breach solicitor might want to ask friends for a recommendation. In other cases, some people scour the web for online reviews and others just put a pin in the map and choose the closest law firm. There is another option you could use when picking a solicitor though, a simple call to Legal Expert.

We want you to be sure that you’re happy to use our services so when you call our advice line you can ask as many questions as you like. After your claim has been assessed, you could be connected to a specialist solicitor. If your claim is taken on, you will receive regular information from your solicitor about any progress. They’ll be available to you during your claim to answer any questions. You can rest assured that they’ll try hard to achieve the highest amount of compensation for your case.

No Win No Fee Data Breach Claims Against Durham University

We realise that the cost of hiring a solicitor is something that puts many people off of making a compensation claim. So that we are able to provide access to legal representation for as many people as possible, our solicitors provide a No Win No Fee service for any case they agree to work on. That means you will have less financial risk which, in turn, will result in a less stressful claim.

Before your case can be accepted, a solicitor will have to check that it has a reasonable chance of a successful outcome. If they agree to take your claim on, and you wish to proceed, you will receive a Conditional Fee Agreement (or CFA). This is the contract that will be used to fund your solicitor. It will clearly show you that:

  • No upfront charges to pay to have your solicitor start the case.
  • Your solicitor will not ask you to pay any of their fees during the claims process.
  • If the case doesn’t work out, no solicitor’s fees will be charged at all.

If your solicitor wins the claim, and you receive compensation, a small percentage will be retained to help cover their costs. The ‘success fee’ percentage is listed in the CFA so there aren’t any surprises. And it is capped by law.

To check your eligibility to claim on a No Win No Fee basis, please call our team today.

Speaking To Our Team

To determine what a potential Durham University data breach may look like for you, you can contact Legal Expert by:

  • Calling one of our specialist advisors on 0800 073 8804.
  • Using our live chat option to discuss your claim with an online advisor.
  • Sending us an email to info@legalexpert.co.uk with details of what has happened.
  • Starting your claim online so that a data breach specialist can contact you when it’s convenient.

Our team will do everything they can to make the claims process as smooth as possible. They won’t make any false promises. But they will review your claim with you to assess its chance of success. You will get free legal advice. If the claim appears strong enough, you could be referred to one of our solicitors. It’s worth reiterating that any claims they take on are handled using our No Win No Fee service.

Further Advice

We have now reached the end of this article about data breach claims against Durham University. During your claim, you might need to refer to some external resources, so we have listed a few here. Also, as we can help with other types of claims, we’ve included a few of our guides here too. If you think that you need any further information, please let us know how we can help.

Types Of Anxiety – A look at the different ways in which people can suffer from anxiety.

Right Of Access – Information from the ICO explaining how you can make a Subject Access Request (SAR) so that companies can tell you what information they hold on you.

Uninsured Driver Claims – Details of how we could help you claim for injuries in a car accident where the other driver had no insurance.

Minor Workplace Injuries – Information on how to claim for minor injuries sustained in workplace accidents.

Claim Time Limits – A detailed look at the different limitation periods that apply in personal injury claims.

Other Useful Compensation Guides