Could I Claim For A Breach Of Data Protection At A University?
This guide looks at what you could do following a Glasgow Caledonian University data breach.
If you’ve been affected by a data breach, you may have suffered financial loss, or you may be suffering from emotional distress. You may be worried about what someone could do with your personal data. Consequently, you may be eligible for compensation for both your financial expenses and psychological suffering.
This guide has been created to offer you information on making data breach claims against universities.
All universities have a legal duty to protect your personal data, whether you are a member of staff, a student or have graduated from the university. If they breach data protection laws, they could face investigation by the Information Commissioner’s Office and heavy fines too.
Legislation could also allow you to claim compensation for a data breach if you’ve suffered financial loss or psychological harm. We explain more about this later in the guide.
Additionally, we explore how a data breach could happen and how it could affect you. As well as this, we give you useful information about how to make a claim for data breach distress and financial expenses you can prove were caused by a data breach.
If you would like to ask us anything about the information contained in this guide or would like to begin a claim, please don’t hesitate to call our expert advisors for free on 0800 073 8804.
Select A Section
- A Guide To Data Breach Claims Against Glasgow Caledonian University
- What Is A Glasgow Caledonian University Data Breach?
- Data Privacy And GDPR Compliance
- University Data Protection And Security Breach Examples
- Statistics On Data Breaches At Universities
- Cyber Crime Compensation Claims
- How You Could Be Compensated After A Personal Data Breach
- Calculating Claims For A Data Breach By Glasgow Caledonian University
- Why Claim With Our Data Breach Claim Experts?
- No Win No Fee Data Breach Claims Against Glasgow Caledonian University
- Start A Claim
- Further Advice And Resources
A Guide To Data Breach Claims Against Glasgow Caledonian University
If you’re reading this guide, you may be doing so as someone who has experienced a Glasgow Caledonian University data breach. If you’ve been affected either financially or emotionally by a data breach, you may be wondering whether you could claim compensation for it. This guide has been put together to offer you some useful insight into making such claims.
All organisations, including universities, have certain data protection laws they must abide by if they use personal data. This includes the Data Protection Act 2018, which enacted the General Data Protection Regulation (GDPR) into UK law. The GDPR is arguably the world’s strongest data security and privacy law.
If organisations or institutions that process personal data breach these laws and you suffer financial or psychological harm, you could be eligible to claim compensation. It may be important for you to act quickly, however.
Although you may have up to 6 years to claim for a data breach, if it breaches your human rights, you may only have a year to claim. These time limits begin from the date you gained knowledge of the breach. In addition to this, acting quickly may mean the evidence is easier to collate, which may make it easier for you to make your claim.
In this guide, we provide useful information on the major types of data breach and offer some data breach examples that have affected universities in the past, such as the Blackbaud hack.
We also explain how compensation could be calculated if you can prove you’ve suffered mentally or financially because of a data breach.
We hope you find this guide useful. If you have any questions about making a claim or would like to check your eligibility for free, you can contact us at any time.
What Is A Glasgow Caledonian University Data Breach?
As an organisation that decides how and why data relating to its students, staff and alumni will be used, Glasgow Caledonian University should adhere to data protection laws. It could be seen as a data controller.
Laws such as the GDPR and the Data Protection Act 2018 are in place to protect the privacy of the personal data held and processed by data controllers. If they breach these laws, and it causes victims to suffer mental or financial harm, they could be eligible to claim compensation.
But what type of data could be breached, how could it happen, and what types of harm could it cause?
Personal Data Explained
The ICO describes personal data as the information that relates to a person who could be identified by it, either on its own or in combination with other information. Examples of personal data could include:
- Online identifiers, such as IP addresses
- Names
- Addresses
- Telephone numbers
- Email addresses
These are just a few examples.
What Is A Data Breach?
Data breaches are incidents where a breach in security leads to the unlawful destruction, loss or alteration of personal data. The data could also be disclosed or accessed without authorisation.
There are several ways in which a data breach could happen. It could happen due to someone inside or outside the institution. It could be malicious or may be accidental. Some examples could include:
- A cyber attack, such as a hacking
- A ransomware attack
- An error by a university employee
- A lack of maintenance to computer security or network security
- A password attack
- Loss of computer equipment that contains personal information (for example a USB stick or laptop)
- Phishing
How You Could Be Affected By Different Types of Personal Data Breaches
Depending on the type and severity of the data breach, you could suffer harm in a variety of ways, including:
- Financial theft. Exposed data could be very valuable to a cyber criminal. They could, if they have enough of your personal information, gain access to your financial accounts and could withdraw money from your account. If they are able to access your card details, they could make purchases in your name.
- Identity theft. If someone has enough of your personal information, they could attempt to assume your identity to get credit or apply for loans in your name.
- Privacy violation. If sensitive personal data is hacked and exposed, people might find out things about you that you did not want them to know.
- Data distress. Having your personal data hacked could cause you to suffer anxiety over how it could be used. You may lose sleep over it, or it could lead to other harmful effects on your mental health.
While university data breach compensation may not solve all of the issues that have been caused by a data breach, it could go some way towards helping you to move forward from it.
Data Privacy And GDPR Compliance
GDPR is arguably the most stringent law relating to data security and protection in the world. It came into force to protect the personal information of all EU data subjects, no matter what countries their data is processed or stored in. A data subject is a person whose data is processed. At universities, a data subject might be a student or employee, for example.
Universities should abide by GDPR’s 7 principles, which are:
- Accountability
- Confidentiality and integrity of data
- Limitation of storage
- Transparency, fairness and lawfulness
- Limitation of purpose
- Accuracy
- Minimisation of data
There are many ways in which a university could go about protecting your personal data. They may use two-factor authorisation to verify your identity before you are allowed to access data, for example, and they may have a robust data protection policy too.
If they fail to comply with the GDPR, however, they could face investigation by the Information Commissioner’s Office (ICO), which enforces the GDPR in the UK. If they have breached the GDPR, they could face large fines.
The GDPR also allows for victims of data breaches that can prove they have suffered mental or financial damage to claim compensation. If you have evidence of a valid claim following a Glasgow Caledonian University data breach, why not get in touch today?
University Data Protection And Security Breach Examples
There have been a number of different types of university data breaches in the UK that have been reported in the press. One of the largest of these is the Blackbaud hack, which occurred early in 2020.
What Is The Blackbaud Hack?
A cloud software provider, Blackbaud, had data hacked in a ransomware attack. The cyber criminals that perpetrated the attack demanded a ransom for the destruction of the data they had stolen.
While Blackbaud paid the ransom and believed that the data had been destroyed, the fact that the data had been accessed and stolen meant there had been a data breach.
Initially, it was thought that only some universities in the UK had been affected. However, as time went on, it was found that a number of educational institutions and charities across multiple countries had been impacted too.
Source: https://www.bbc.co.uk/news/technology-53528329
Other Types Of Data Breaches
As well as the Blackbaud hack, there have been several other data breach incidents that have been reported to have affected UK universities. These include:
- The University of Greenwich. The university received a fine of £120,000 from the ICO when a microsite created by a student led to a data breach affecting almost 20,000 people.
- The University of East Anglia – The university’s insurer had to pay out £140,000 in damages to students whose sensitive data was sent to nearly 300 people in error.
Whether the data breach you can prove you’ve suffered harm from is similar to any of the incidents above or happened in another way, we could help assess your case to see if you could be eligible for data breach compensation.
Source: https://www.bbc.co.uk/news/uk-england-norfolk-51284352
Statistics On Data Breaches At Universities
While you might assume a data protection breach would be a rare occurrence at universities, a report created using the answers from Freedom of Information Requests may prove otherwise. It revealed that over half of UK universities that responded had reported a breach of data to the ICO in the 12 months before July 2020.
The same FOI request results showed that only 54% of university staff members had taken security training. Additionally, only 51% of universities proactively gave students security training.
In 2019, university ISP, Jisc, carried out cybersecurity tests. Shockingly, they were able to access over 50 university systems in fewer than 2 hours.
Source: https://www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year
Cyber Crime Compensation Claims
There are some cybercrimes that could affect universities and could cause a data breach. These include criminal acts such as:
- Personal data theft. A cyber criminal could steal personal data in order to sell it, or use it to commit fraud or financial theft.
- Password attacks. A cyber criminal could effectively guess the password of an authorised user and use their details to access systems.
- Malware/viruses. If malware or viruses are put onto computer systems, this could cause the loss, theft, alteration, or disclosure of personal information.
- Keystroke recording. This is another method used by cyber criminals to learn the login credentials of authorised users so that they can access computer systems.
- Phishing. Another method of learning authorised user’s account details. Users are directed to fake sites that they believe to be genuine. Once the login details are input by the authorised user, the cyber criminal has them. They can also use phishing attacks to access bank details or other personal information.
- DDoS attacks. A cyber criminal could hack into a system and deny authorised users access to their own information.
- Ransomware attacks. As we described with the Blackbaud hack, a cyber criminal could demand a ransom for information they’ve hacked.
It is vital that universities take action to protect students, staff members and alumni from these threats.
Types Of Data Breach You Must Report
If an organisation believes it has breached personal data, the data protection officer (or other appropriate members of the organisation) should be informed.
Organisations should report data breaches to the ICO if they pose a risk to an individual’s freedoms and rights. They should also inform the data subjects affected in these circumstances.
How You Could Be Compensated After A Personal Data Breach
Legislation allows you to claim for material and non-material damages that have been sustained as a result of a data breach. But what could constitute material and non-material damage?
Material Damage: This is the quantifiable financial expense incurred from a data breach. It could include monies taken from bank accounts or the costs of fraudulent purchases for example.
Non-Material Damage: This relates to the psychological harm suffered by someone who has experienced a data breach.
Could I Really Claim For Psychological Harm Caused By A Glasgow Caledonian University Data Breach?
You could claim for psychological injuries the data breach caused, without having suffered financial loss too, thanks to a certain case. In Vidal-Hall and others v Google Inc [2015], the Court of Appeal heard the issue of personal injury relating to a data breach and held that it could be considered.
This means that if victims of a data breach experience mental harm such as anxiety, stress or depression due to the breach, they could be eligible to claim compensation for it. Before this case, you had to suffer financial damage following a data breach if you wanted to seek compensation at all.
The Court also held that psychiatric damage could be valued for data breach claims as it is for personal injury claims.
Calculating Claims For A Data Breach By Glasgow Caledonian University
When it comes to working out how much material damage you’ve suffered due to a data breach, it could be useful to collect bank or credit card statements so you can assess the extent of the damage. Such statements could be used to evidence your claim.
Assessing the non-material harm could be more complicated, however. You would need to go and see an independent medical expert in order to evidence your psychological injuries. They would assess the extent of your injuries, how they affect you and what they believe your prognosis to be.
The expert would write a report that could be used to evidence your claim and work out an appropriate settlement for your injuries. The report could also be used to prove that the data breach caused or worsened your mental condition.
How Much Could Be Appropriate For My Claim?
Calculating psychological injury compensation is something that is done on a case by case basis. Moreover, since all claims are different, it may not be possible for you to get an accurate value for your claim before all the evidence is assessed.
What we can do, however, is give you figures from the Judicial College Guidelines (JCG) pertaining to different levels of psychological injuries. (The JCG is a publication that solicitors may use to value injuries.)
We’ve put the recommended figures in the compensation table below. This could give you a rough idea of how your injuries could be valued. However, it’s important to understand that compensation values may differ in Scotland. To get a more accurate estimate tailored to your circumstances, get in touch.
Type of psychological injury | Judicial College Guidelines Amount | Severity |
---|---|---|
Psychiatric injuries (General) | £51,460 to £108,620 | Severe |
Psychiatric injuries (General) | £17,900 to £51,460 | Moderately severe |
Psychiatric injuries (General) | £5,500 to £17,900 | Moderate |
Psychiatric injuries (General) | Up to £5,500 | Less severe |
Post-traumatic stress disorder (PTSD) | £56,180 to £94,470 | Severe |
Post-traumatic stress disorder (PTSD) | £21,730 to £56,180 | Moderately severe |
Post-traumatic stress disorder (PTSD) | £7,680 to £21,730 | Moderate |
Post-traumatic stress disorder (PTSD) | Up to £7,680 | Less severe |
If you can’t see the harm you’ve suffered in the compensation table above, get in touch. Our advisors could offer a free estimate of your claim.
Why Claim With Our Data Breach Claim Experts?
We should mention at this point that it is not a legal requirement to use a lawyer when you make a data breach claim. You can write and complain about data breaches directly to the university. And in your complaint, you could ask for them to investigate and pay you compensation. The ICO has given guidance on what information you might want to include in such a request.
If the university doesn’t give you a satisfactory response, you could escalate your complaint to the ICO. You would need to do this within three months of the final response from the university.
Why Use A Lawyer?
When it comes to claiming compensation for a data breach, many people prefer to use a lawyer. Their reasons for preferring to work with a lawyer on their claim could include:
- The process can be less stressful as the lawyer takes on all the legal legwork
- They don’t want to miss out on any of the compensation they could be eligible for
- A lawyer could negotiate for the highest compensation possible
Finding A Lawyer To Help You
When it comes to finding a solicitor to help with a data breach claim, we recognise that you could have lots of options. Here at Legal Expert, we believe we could be a great option. We could provide you with great customer service, including answering any questions you may have. And we could provide you with a free eligibility check to see if you could claim compensation.
If you have evidence of a valid claim and it is favourable, we could connect you with one of our expert solicitors. They could negotiate for the maximum compensation possible for your data breach claim.
Our solicitors would keep you updated throughout the process. And, as you can see from our reviews, we’ve helped many people successfully claim compensation for a range of different claims.
In addition to all this, our solicitors don’t require payment upfront to start your claim. They all work under No Win No Fee terms, which means you’d only pay their fee if they secured a compensation payout for you.
No Win No Fee Data Breach Claims Against Glasgow Caledonian University
Making a data breach claim under No Win No Fee terms is easy when you choose to work with Legal Expert. The process usually works as follows:
- Your lawyer would send you a document called a Conditional Fee Agreement (the formal term for No Win No Fee agreement). This is something you would be asked to read, sign and return to your lawyer. It details what level of ‘success fee’ you’d pay your lawyer if they secure your payout. The success fee is subject to a cap and represents only a small percentage of your total settlement.
- Once you’d returned the signed agreement, your lawyer would start to build your case and negotiate compensation on your behalf.
- Once a settlement had been secured, the success fee would be taken from it, leaving the rest for you.
- If your lawyer failed to negotiate a settlement for you, you would not pay the success fee.
We appreciate that you might want to learn more about making a claim under these terms. therefore, we’ve produced a guide to help you understand more about No Win No Fee claims.
Start A Claim
We would be delighted to answer any questions you might still have about making a Glasgow Caledonian data breach claim. Why not get in touch with us today?
- By phone: 0800 073 8804
- Via E-mail: info@legalexpert.co.uk
- By filling in the contact form
- Or by using our live messaging service.
Further Advice And Resources
Subject Access Request Information/Right Of Access: Do you want to see what information an organisation has on you? The ICO shows you how to request this.
Report A Breach: If you’ve experienced one of the types of data breaches that a data controller must report, the ICO has information on how organisations should report such breaches.
Legislation Enforced By The ICO: Here, you can find information on the legislation enforced by the ICO.
Types Of Data Breaches In Healthcare: If your data has been breached by a healthcare provider, we have produced a guide to help you.
Stressed Due To A Data Breach?: Data breach stress claims information can be found in this guide.
My Personal Data Has Been Lost: This guide has been created to explain what could justify a compensation claim for lost personal data.
Other Useful Compensation Guides
- Rochdale Council Data Breach
- Bracknell Council Data Breach
- Derbyshire County Council Data Breach
- Derbyshire Dales District Council Data Breach
- Durham County Council Data Breach
- Durham University Data Breach
- Easyleads Limited Data Breach
- Edinburgh Napier University Data Breach
- EE Data Breach Compensation Claims
- Falmouth University Data Breach
- Fatface Data Breach
- Flagship Group Data Breach Compensation Claims
- Employer Personal Data Breach Compensation Claims
- Go Compare Data Breach Compensation Claims
- Gordons Chemist Pharmacy Data Breach
- Greater London Authority Data Breach
- Greater Manchester Combined Authority Data Breach
- Halton Borough Council Data Breach
- Harlow District Council Data Breach
- Harper Adams University Data Breach
- Medical Data Breach Compensation Claims
Thank you for reading our guide on what to potentially do following a Glasgow Caledonian University data breach.
Written by Jeffries
Edited by Victorine