We've been featured in:

Oxford Brookes University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Oxford Brookes University Data Breach

There’s a very high chance that if you’re a student or member of staff at a university, they will hold a lot of personal information about you. Sometimes that information may be classed as sensitive too. While the university will need the data about you for legitimate purposes, if a personal data breach were to happen you might be worried if your information ended up in the wrong hands. In this article, we are going to explain if you would be able to make data breach compensation claims against Oxford Brookes University if your data was exposed. We will also look at the problems such a breach could cause and when you might be compensated for any harm that results.

Oxford Brookes University data breach claims guide

Oxford Brookes University data breach claims guide

There’s no avoiding that the General Data Protection Regulation (GDPR) was introduced in recent years. It became UK law after The Data Protection Act 2018 was enacted. Together, these pieces of legislation offer you more security and control over when and how your information is used. Furthermore, organisations that hold personal data (data controllers) about individuals (data subjects) need to implement safety measures and procedures to try and keep such information secure. Failure to do so could result in the data controller being fined by the Information Commissioner’s Office (ICO). Also, you may have the right to seek damages for any harm caused.

Legal Expert is happy to help anybody considering a claim. We provide free legal advice along with a no-obligation consultation about your case. If it has a reasonable chance of success, a specialist solicitor could be appointed to represent you. If that happens, your case will be processed using a No Win No Fee agreement.

Why not call us today on 0800 073 8804 to enquire about starting a claim?

Select A Section

A Guide To Data Breach Claims Against Oxford Brookes University

No matter what you do these days, there is a likelihood that a GDPR interaction will occur. Consider what happens when you make an online purchase, register for a new dentist, hire a car, or sign up for an evening class. In most cases, the application process will have been extended because there will be extra information to read about how information about you will be used. You’ll also have to tick some boxes or click on a pop-up message or two to confirm you’re happy to continue.

Those steps are there because data controllers now need to tell you why personal information is required, how it will be used and when it might be shared. After providing all of that information, they may ask you to consent as well. However, consent is not always needed. Additionally, processes and procedures should be implemented to keep your data safe.

While an ICO investigation could result in a fine for any data controller found to have broken the rules, they do not specifically award compensation. For that to happen, you’ll need to begin your own legal proceedings within the allowed time limits. Mostly, that is a 6-year period but, in some cases where human rights breaches have occurred, you’ll only have 1-year to claim.

Our team of specialist data breach lawyers would usually suggest that you start proceedings as soon as possible. That’s because it can be easier to find the evidence you need to support the case. Also, you might also find it easier to remember how you’ve suffered when discussing the case with a solicitor.

Please call if you have any questions or if you’d like to begin a claim today.

What Is A Data Breach At Universities?

There have been many data breaches in the news since the GDPR was introduced. As a lot of personal data is stored electronically, many breaches centre around cybersecurity problems like hacking, malware, viruses, ransomware, phishing emails and denial of service attacks. Importantly, though, the GDPR covers all types of personally identifiable data, not just records that are stored electronically.

The way in which a personal data breach is described in the GDPR is something that occurs following a security problem that allows personal data to be accessed, altered, lost, destroyed or disclosed in ways that the data subject has not agreed to.

The ICO are able to investigate any type of data breach whether it was caused by illegal, accidental or deliberate actions. At the time a breach is noticed, as well as telling the ICO about it, data controllers need to start their own investigation. Any data subject that is identified as being at risk following the breach must be told about it. They should be informed of what data was leaked, the time the event took place and how it happened.

If you’d like Legal Expert to review if you have a valid data breach claim, why not make a call to our advice centre today?

General Data Protection Regulations And Higher Education

If you have ever read a piece of legislation, you might be put off from doing so again! That’s because they can be very technical and wordy. However, even though the GDPR is 88-pages long, it is written in plain English and provides definitions that are easy to understand.

One section of the GDPR explains that data controllers must be able to demonstrate that they comply with some data processing principles. The rules say that they must:

  • Not collect any more personal information than is actually required.
  • Process data in a legal manner that is completely transparent and fair.
  • Only keep personal data for as long as needed (no strict time limit is defined here though).
  • Process all data in a confidential and secure way.
  • Take steps to ensure personal data is kept up to date.

There are certain types of information that the GDPR covers. Generally, anything that might be used to identify a data subject is protected. For example, information like names, email addresses, telephone number, staff numbers, home addresses or enrolment numbers are protected as they could directly identify an individual. Furthermore, information about disabilities, sexual orientation, age or ethnicity (along with other protected characteristics) is also covered as it could indirectly identify somebody.

Has Oxford Brookes Been Affected By A Breach In Data Protection?

Oxford Brookes University was affected by a data breach that had the potential to cause problems for many universities up and down the country. The problem occurred when a company that supplies a cloud-based database to some higher education establishment was hacked.

Blackbaud’s database solution is used by many universities. In May 2020, the company found that their systems had been hacked and some data downloaded illegally. Later on, a ransom demand was issued by hackers. As per the GDPR protocol, the company let its customers know if they were affected. The universities involved then issued statements to alumni, students and staff who might be at risk.

In an unusual turn of events, Blackbaud made contact with the hackers and paid the ransom demand in return for an assurance that the stolen data had been destroyed.

News article: https://www.bbc.co.uk/news/technology-53516413

Rates Of Breaches In Data Security At Universities

We are now going to show how one study has identified some quite worrying figures relating to data security in universities. The report was based on 86 Freedom of Information responses from British universities. It found that:

  • Over half of the participating universities (54%) had self-referred themselves to the ICO following data breaches in the past 12-months.
  • Nationwide, 54% of staff at universities have received security training.
  • 51% of students get proactive data security training.
  • Annually, the average data safety training budget, per university, worked out to be just £7,529.

Detailed report: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf

Criminal Information Security Breaches

If you have ever read about a data breach in a newspaper or online, it is highly likely that it will have involved some form or criminal activity. That’s because some personal information is highly valuable and very desirable. So, how can organisations prevent hacking from happening in the future? Well, we can’t provide comprehensive advice as we’re not IT experts but some measures that might help include:

  • Offering training to staff, students and contractors on data safety techniques.
  • Ensuring data protection policies are reviewed and updated where necessary.
  • Use encryption on disk drives so that they can’t be accessed if stolen.
  • Hire third-party security consultants to inspect security measures and fix any problems they identify before cybercriminals exploit them.
  • Having a policy that prohibits old or unsupported devices from accessing the IT network.
  • Checking that any suppliers have adequate data protection measures in place.

Looking at that list might seem daunting, especially for those responsible for the IT budget. However, without investment, it is possible that future data breaches could lead to personal harm as well as large financial penalties.

What Could You Claim For?

We are going to move on now and look at what you could claim compensation following a university data breach. It’s worth explaining at this point that you don’t just tell the defendant how much money you would like to settle the matter. Any claim needs to be backed up with supporting evidence. On top of that, you’ll need to consider any suffering you might need to claim for in the future. Claims can’t be revisited once settled in full.

There are two main elements that makeup data breach claims. The first is called material damages. These are claimed to try and recover any money you have lost. This is quite a simple calculation based on actual losses plus any expenses you’ve incurred. On top of that calculation, though, you may need to look at what could be lost going forward. For example, if your credit report has been damaged by cybercriminals carrying out financial transactions in your name. There may a period of time where you incur increased fees on any new mortgage, credit card or loan application.

The next part of your claim, non-material damages. These aim to compensate for any pain, suffering or loss of amenity that you have suffered because of the breach. Additionally, an independent medical specialist will provide a report that examines your suffering and also your prognosis. This would need to be considered before your claim is submitted.

The complexity of data breach claims is why we’d advise you to have suitable legal representation. If one of our solicitors takes on your claim, they will work hard to consider every element of your case so nothing is left out before it is filed with the third party.

Calculating Data Breach Claims Against Oxford Brookes University

Now it is time to review what amount of compensation could be awarded for injuries sustained due to a data breach. As every claim is different, we can’t provide personalised compensation assessments until your case has been properly assessed. However, the information we’ll supply in this section should give you some understanding of compensation figures. We have not included a compensation calculator more of a table with bracket figures taken from a publication solicitors may use to value personal injury claims.

The Court of Appeal made some crucial decisions relating to data breach claims when hearing the case of Vidal-Hall and others v Google Inc [2015]. The most important were:

  1. Claims for psychiatric injuries that result from a personal data breach are able to be claimed for without the need for any financial losses.
  2. The level of compensation award should be paid using the same calculations as in personal injury cases.

With that in mind, we’ve listed some example figures for relevant injuries in the compensation table below. These figures come from the Judicial College Guidelines which are used in cases to help determine compensation levels. They do not include any financial losses you may have incurred.

Edit
Injury Type Severity Level Settlement Bracket Additional Comments
Psychiatric Damage – General Severe £51,460 to £108,620 Claimants in this category will have very serious problems managing relationships, coping with daily life and working. As they will be vulnerable in the future and treatment won’t help, a very poor prognosis will be offered.
Psychiatric Damage – General Moderately Severe £17,900 to £51,460 The claimant will have serious symptoms which are very similar to above. However, their medical prognosis will be more optimistic.
Post-Traumatic Stress Disorder (PTSD) Severe £56,180 to £94,470 Flashbacks, hyperarousal, nightmares, suicidal ideation and other PTSD symptoms will be permanent. This will mean that is impossible to return to pre-trauma levels or attend work.
Post-Traumatic Stress Disorder (PTSD) Moderately Severe £21,730 to £56,180 While the immediate future will hold very serious problems like those above, claims in this category should mean that some level of recovery could be achieved with specialist support.

You’ll see that determining the severity of your injuries is important when settling claims. For that reason, you will need to visit a local independent specialist for a medical assessment during your claim. At the appointment, you will be asked several questions to help work out the impact of the data breach. Furthermore, your medical records may be referred to. Following the meeting, the specialist will detail their findings in a report that will later be sent to your solicitor.

We should point out that as these medical reports provide valuable information about your suffering, we must insist on medical assessments in all cases.

How Does A Data Protection Breach Claim Work?

We have shown you when data breach claims against universities might be possible, but what do you need to do start one? Well, the first step you might take is to find a suitable solicitor to represent you. This could be done by looking at local law firms, reading solicitor reviews online or asking for a recommendation. Or you could call the Legal Expert free advice centre.

We have a team of specialists who will answer all of your claim-related questions. If your case appears strong enough, they may refer it to one of our specialist lawyers. If the case is taken on, your solicitor will be there if you need to ask any questions. They will also update you regularly and explain any legal jargon if needed. Their main aim, though, will be to do all they can to try and achieve the most compensation possible in your case.

Why not get in touch today if you’re considering a claim? Any advice we provide is free and without obligation.

No Win No Fee Data Breach Claims Against Oxford Brookes University

We know, from experience, that many people are worried about the fees a solicitor may charge. We can mitigate that worry by offering a No Win No Fee solicitor to reduce your financial risk.

When you contact us, we will need to review your case’s viability before it is accepted. Should a solicitor decide to work on your claim, they will prepare a contract called a Conditional Fee Agreement (or CFA) to fund their work. The CFA will clearly outline how the case will be handled as well as showing that:

  • Payment is not needed for the solicitor to begin the case.
  • You won’t be billed for any solicitor’s fees as the case is being processed.
  • If the claim doesn’t work out in your favour, there won’t be any solicitor’s fees payable.

In the event that your claim is won, a success fee will be charged to cover your solicitors time and effort. Rather than you having to send a payment, the fee is a fixed percentage of your compensation. Success fees are capped by law and yours will be clearly shown in the CFA so you’ll know how much will be paid before you sign the CFA.

If you would like an advisor to check if you can claim using a No Win No Fee service, please get in touch today.

Get In Contact With Our Team

If you’ve decided that the harm you’ve suffered following a university data breach warrants a compensation claim, you may wish to discuss how Legal Expert can help. To do so, you can:

  • Make a call to our advice line (available 24-7) on 0800 073 8804.
  • Ask for free advice from one of our online advisors via live chat.
  • Claim online so that we can call you at a convenient time.
  • Send details of your case in an email to info@legalexpert.co.uk.

We would never want to provide false hope about the chances of you being paid compensation. That’s why our advisors will offer honest and open advice during your free telephone consultation. If your claim does appear to have good grounds, you could be referred to a solicitor on our team. If they agree to take your claim on, they will operate on a No Win No Fee basis.

Related Guides

As this is the last section of our guide about whether you could make data breach claims against Oxford Brookes University, we have decided to link out to some useful resources which could help you when making a claim.

ICO Complaints – Details on the different ways of complaining to the Information Commissioner’s Office.

Anxiety Self Care – Advice from a UK charity on managing the effects of anxiety.

As Legal Expert is able to support you with other types of compensation claims, we have added some more of our helpful guides below:

Train Station Accident Claims – Information about claiming for injuries sustained at a train station.

Assault At Work Claims – This guide looks at what compensation could be claimed if you’re injured after being assaulted at work.

Hit And Run Claims – How our solicitors could help you claim for injuries that result from a hit and run accident.

Other Useful Compensation Guides

Written By Hambridge

Edited By Melissa.