We've been featured in:

Edinburgh Napier University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Edinburgh Napier University Data Breach

My University Had A Data Breach, Could I Make A Claim?

Have you been financially or psychologically affected by an Edinburgh Napier University data breach? This guide aims to help you.

Your personal data may have been hacked, been part of a malware, password or ransomware attack or you may have been the victim of another cybersecurity problem. Consequently, if someone has breached data protection laws and you can prove you’ve suffered mentally or financially because of it, you could make a claim for compensation.

Edinburgh Napier University data breach

In this guide, we answer questions such as ‘what is a data breach?’ and explain how such a breach could happen. Additionally, we look at universities’ legal obligations when it comes to protecting the personal data they hold and process relating to students, staff and alumni.

Plus, we offer some examples of where data breaches have affected universities, such as the Blackbaud hack. We also explain how data breach compensation could be calculated for both psychological and financial expense suffered because of a data breach.

If you have evidence of a valid claim and would like to ask our advisors for free legal advice, simply call us on 0800 073 8804. We’d be happy to help you.

Select A Section

A Guide To Data Breach Claims Against Edinburgh Napier University

You may have been affected by the Blackbaud data security incident, or you suffered a privacy violation due to a data breach involving phishing, malware or an error by a member of staff at a university. If it has caused you harm, either emotionally or financially, you could be eligible to claim data breach compensation.

Some universities store and process the data of students, staff and alumni and, as such, they should protect that data under laws such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. However, if these laws are breached, and you can prove you suffered mentally or financially, you could claim compensation.

Additionally, the Information Commissioner’s Office (ICO) could investigate the breach and take action against the university.

This guide has been created to answer common questions about an Edinburgh Napier University data breach. In it, we explain what constitutes a data breach incident, and what could cause it. We also discuss how you could be affected by such a breach and the laws that allow you to claim compensation if you have suffered psychological or financial harm.

Finally, we introduce our services and show you how you could go ahead with a claim, providing it is valid and you have evidence.

What Is An Edinburgh Napier University Data Breach?

Before we explain what could potentially constitute an Edinburgh Napier data breach, we should first clarify what we mean by ‘personal data’. According to the Information Commissioner’s Office, personal data is information that could identify a person, either on its own or in combination with other information. Some examples of personal data include:

  • Name
  • Addresses
  • IP addresses
  • Phone numbers
  • Dates of birth

These are just a few examples. A breach of your personal data could mean it is:

  • Stolen
  • Made unavailable without your consent
  • Lost
  • Altered, stored, processed, accessed or disclosed without authorisation or a lawful reason

How Could An Edinburgh Napier University Data Breach Affect Me?

Exposed data could be very valuable in the wrong hands. For example, if someone has your financial information, they could steal money from you. Or, they could make purchases using your details.

Another way you could be affected by data breaches is if someone else manages to obtain enough of your personal information to fraudulently assume your identity (known as identity theft) and apply for finance in your name.

Victims of a data breach could also suffer mental harm. They may worry about their data being exposed, especially if it is sensitive data that relates to their medical records, financial information, or personal circumstances. Consequently, this could cause emotional distress and anxiety.

We should mention that victims of a data breach could claim compensation for both the financial harm they’ve suffered as well as the distress a breach has caused them. Alternatively, they could claim for either.

How Do Data Breaches Happen?

A data breach could be caused by someone inside or outside the university. It could happen because of a mistake, negligence, or malicious acts. Some causes of data breaches involve:

  • Hacking
  • Viruses
  • Malware
  • Ransomware
  • DDoS attacks
  • E-mails containing personal information being sent to an unauthorised recipient in error
  • Improper maintenance and upkeep of computer security systems
  • Theft of computer equipment that contains personal data
  • Loss of computer equipment that contains personal information

Data breaches can also involve physical documents. An example of a data breach in this instance could be letters that contain your personal data that are posted to an individual who isn’t authorised to see your personal information.

Whether you’ve suffered due to any of the incidents above or another type of data protection breach, if you endure psychological harm or financial loss because of it, you could be eligible to claim compensation.

What Does The GDPR Mean For Universities?

GDPR is arguably the strictest data privacy and security law in the modern world. It was created to protect the information of all EU data subjects. Data subjects are people whose data is processed.

The GDPR intended to protect their personal data whether it was held by organisations in the EU or across the world. The GDPR was enacted into UK law via the Data Protection Act 2018.

This means that UK universities that collect, store and process the personal data of their staff, students and alumni should abide by the law.

The overriding principles of the GDPR that universities should abide by are:

  • Minimisation
  • Limitation of storage
  • Limitation of purpose
  • Fairness, lawfulness and transparency
  • Confidentiality/Integrity
  • Accuracy
  • Accountability

Consequences Of A GDPR Breach

In the UK, the Information Commissioner’s Office enforces data protection laws, including the GDPR. GDPR enforcement actions could include heavy fines or action taken to change the way an organisation processes data.

As we mentioned, organisations that fail to prevent a data breach could face data breach compensation claims from those who suffer psychologically or financially because of it.

Which Universities Have Experienced Data Breaches?

In 2020, there was a Blackbaud data security incident that affected several UK universities. Blackbaud, a cloud computing service provider was the victim of a ransomware attack, which breached the personal data of alumni, students and staff of universities including Edinburgh Napier University.

Blackbaud Hack Details

When Blackbaud was hacked, a ransom was demanded by the perpetrator. It was subsequently paid by the company in return for the perpetrator destroying the data that was stolen. The information that may have been exposed included:

  • Basic details including names, titles, genders and dates of birth
  • Addresses/contact details
  • Course details, and attainment details
  • Professional details
  • Records of engagement with the university

The ICO was informed about the breach.

Source: https://www.napier.ac.uk/alumni/alumni-news/latest-news/blackbaud-data-security-incident

Other University Data Breach Incidents

There have also been other breaches of personal data affecting university students, staff and alumni including:

  • The University of Greenwich being fined £120,000 for breaching the personal data of nearly 20,000 people.
  • Personal details of 191 students at the University of East Anglia being sent in error to nearly 300 people, leading to the insurers of the university paying out over £140,000 in compensation (Source: https://www.bbc.co.uk/news/uk-england-norfolk-51284352)

Whether the data breach you’ve been affected by was caused by an email error, hacking or another type of computer security issue, if you have evidence of a valid claim, we could assess it.

What Percentage Of Universities Have Had A Data Breach?

There are some interesting statistics relating to UK universities and data security. These include:

  • 54% of UK universities reported breaches to the ICO in the 12 months before July 2020.
  • 54% of university staff had received security training.
  • Only 51% of universities proactively offered students security training.
  • In tests by Jisc, a university internet service provider, they were able to access over 50 universities’ systems within two hours.

Source: https://www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year

This guide about potential Edinburgh Napier University data breach claims aims to help you. However, if you need our advisors at any point, use our live chat or call us.

Cybercrimes And Thefts Of Data

You might have taken steps to manage your personal data and keep it safe. For example, you might regularly change your passwords and ensure the sites you input your data into are secure.

Any organisation that holds and processes data should take steps to protect your data too. There are some common risks that universities face that they must address when it comes to data security, including:

  • Information theft – Information such as research material or personal data of students, staff or alumni could be valuable in the wrong hands.
  • Ransomware – A hacker could demand a ransom for data it has hacked, just like the Blackbaud hack.
  • Viruses and malware – Computer viruses and malware could cause a data breach.
  • Phishing – If users input their login details on a fake site due to phishing, an unauthorised user could gain access to their accounts.
  • Password attack– Password guessing software could allow an unauthorised user to use an authorised user’s details to access computer systems.
  • Keystroke recording attack – If keystroke recording software is inserted onto someone’s system, this could allow a third party to find out their login details.
  • Denial of service – This could lead to data being made unavailable.

No matter what threats universities face, they should take all reasonable action to protect your personal data. If they do not, and you suffer psychologically or financially because of a data breach, you could claim compensation.

Types Of Compensation That May Be Awarded For A Breach Of Data Privacy

When it comes to claiming data breach compensation, there are two types to consider: compensation for mental harm, and compensation for financial harm.

What Are Material Damages?

Material damages compensate you for financial losses and costs caused by the data breach. For example, someone may have made fraudulent purchases in your name or taken money from your bank account.

You would need to be able to evidence such expenses in order to claim for them. You could use bank statements and credit card statements, for example, to evidence the financial impact of the breach.

What Are Non-Material Damages?

Non-material damages compensate you for what can be more difficult to quantify. If you endure emotional distress or other psychological harm because of a data breach, you could seek compensation. You could include anxiety and depression within a claim for non-material damages.

Can Psychological Harm Really Be Included In A Data Breach Claim?

The reason it could be possible to claim for psychological harm (without having also suffered financial loss) is because of Vidal-Hall and others v Google Inc [2015]. In this case, the Court of Appeal held that compensation for psychological injuries alone could be considered in a data breach claim. So, you could claim for financial loss, mental harm or both.

During this case, the Court also held that compensation for psychological harm from a data breach could be valued as it would be in a personal injury claim.

Therefore, if you can prove you have suffered psychological harm as a direct result of a university data breach, you could claim.

Calculating Data Breach Compensation Claims Against Edinburgh Napier University

While calculating the data breach compensation payout you could receive for financial loss would involve assessing what losses and expenses you’ve encountered, calculating compensation for psychological injuries could be a little more complex.

As part of a claim for psychological damages, you would need to attend a medical appointment with an independent expert. This is so that the expert can complete a medical report. The purpose of the report is twofold:

  1. It gives information about the level of injury you have received, and details of your prognosis. This is what a solicitor could use to calculate your compensation.
  2. You could use it to prove that the breach caused or worsened the mental harm you’ve suffered.

To give you some insight into levels of compensation for psychiatric damage, we have provided a compensation table. It includes figures from a publication called the Judicial College Guidelines. This could be used by lawyers and courts to determine appropriate settlements for such claims.

Edit
Injury Compensation Bracket Severity
General psychiatric damages £51,460 to £108,620 Severe
General psychiatric damages £17,900 to £51,460 Moderately severe
General psychiatric damages £5,500 to £17,900 Moderate
General psychiatric damages Up to £5,500 Less severe
PTSD £56,180 to £94,470 Severe
PTSD £21,730 to £56,180 Moderately severe
PTSD £7,680 to £21,730 Moderate
PTSD Up to £7,680 Less severe

It’s important to note that compensation payouts may vary in Scotland. But, if you’d like to find out how your claim could be valued, get in touch with our advisors. They offer free estimates.

How To Make A Breach Of Data Protection Claim

If you’re looking to make a data breach claim, you may be surprised to learn that you do not need legal support to do so. You could complain directly to the university about the data breach and how it has affected you. You could also request data breach compensation directly from the university.

If the university did not respond in a manner that you felt was satisfactory, you could escalate your complaint to the ICO. You would have three months to do so from the university’s final response. Contacting the ICO later than this could affect their decisions.

Why Use A Solicitor?

Many claimants prefer to use legal support when making data breach claims, however. This is because there could be several benefits for them to take advantage of. These benefits could include:

  • Not having to take on the hard work of proving the claim themselves
  • Not having to negotiate compensation themselves
  • Having support with filing a claim before the limitation period is up. (This is generally 1 year from the date you obtained knowledge of the breach for a breach of human rights or 6 years for a data breach).
  • Being sure they could claim everything they were eligible for.

How To Find A Solicitor To Help You

In order to find a solicitor to help you with a data breach claim, you might ask friends and family for recommendations or have a look online. However, since there are many law firms to choose from, how could you be sure you’re making an appropriate choice?

Here at Legal Expert, we could help make that choice easier for you. One call to our friendly, knowledgeable advisors could help answer any questions you might have about claiming compensation.

We could offer you free, no-obligation advice about making a claim, and we could assess your eligibility too. If our advisors can see that you can prove you have a valid claim, they could connect you with a No Win No Fee lawyer from our team. They could help you claim without requiring any solicitor fees upfront.

We believe our reviews speak for themselves when it comes to the services we provide, and we have helped many different claimants in a variety of situations. Why not allow us to help you?

No Win No Fee Data Breach Compensation Claims Against Edinburgh Napier University

If you have evidence of a valid data breach claim and would like legal assistance, you may be glad to learn that we could connect you with a No Win No Fee solicitor. This would mean there would be no need for you to pay any solicitor fees upfront to begin your claim.

If you’re not familiar with how these claims work, we have provided some guidance below:

  • Your solicitor would send you a document to sign and return to them. This is what is known as a Conditional Fee Agreement (the formal term for No Win No Fee agreement). The document would explain how much of a success fee you would be required to pay your lawyer if they successfully obtained you a compensation payout. The fee would be capped and would represent a small percentage of your total payout.
  • Once you have signed and returned the document, your lawyer would start to put together your case for compensation to the liable party. They would help you gather the evidence and negotiate compensation on your behalf.
  • If a compensation payout was arranged for you, the success fee would be deducted from it.
  • If your claim failed to result in a payout, the success fee would not be payable.

We recognise that you may have some questions about No Win No Fee claims. We have put together a detailed No Win No Fee guide that explains the process in more detail. If you have further questions, please do not hesitate to call our friendly, helpful advisors. We will be glad to explain more to you over the phone.

Speak With An Expert About Your Case

If you can prove you have a valid data breach claim and would like advice, you can get in touch with us in a number of ways:

However you prefer to contact us, we’re ready to help.

Claims Resources

Right Of Access – The Information Commissioner’s Office offers guidance on requesting information about your data.

Information Compliance: Report A Breach Guidance – Find out how to report non-compliance as an organisation if you believe you may have had a data breach.

I’m Raising Concerns About My Data – The ICO also offer guidance to individuals who may have concerns about their data.

My Data Was Lost – Could I Claim? – A data breach could include your data being lost. In this guide, we explain claims for such breaches.

Employee Breach Claims – If your employer breaches your data, this guide could provide you with useful information on making a claim.

Claiming For Data Breach Stress – We have produced a guide that offers further insight on claiming for stress.

Other Compensation Guides

Thank you for reading our guide on what to do following a potential Edinburgh Napier University data breach.

Written by Jeffries

Edited by Victorine