We've been featured in:

University Of Central Lancashire Data Breach Compensation Claims Guide

In this article, we set out to show you when data breach claims against the University of Central Lancashire (UCLan) could be made. It is true that all universities have to process a lot of personal information about their students, alumni, staff and donors to help them function correctly. However, under new legislation, that personal information must only be used with permission and it must be kept as safe as possible. Therefore, we’ll look at what harm could result from data breaches as well as explaining when you could claim data breach compensation for that harm.

University Of Central Lancashire data breach claims guide

University Of Central Lancashire data breach claims guide

The new legislation we’ve just mentioned is commonly called the GDPR. Its full name is the General Data Protection Regulation which passed into UK law when The Data Protection Act 2018 was enacted. Together these laws mean that individuals (or data subjects) need to be told when their data will be used. The organisation (or data controller) who wants to use it must seek permission. If a data controller is found to have broken data protection laws, they could be fined by the Information Commissioner’s Office (ICO).

If you want to start a university data breach claim, Legal Expert could help. We provide a no-obligation analysis of any case along with free advice about your right to claim. Should your case appear feasible, you could have one of our specialist solicitors appointed to it. Any claim that we take on will always be handled on a No Win No Fee basis.

Please call 0800 073 8804 and speak to an advisor if you’re ready to start a claim. Otherwise, please read on for more information on how we could help.

Select A Section

A Guide On Data Breach Claims Against The University Of Central Lancashire

GDPR doesn’t just affect universities of course. It has made the way we do a lot of things different in recent years. You’ll see GDPR interactions when you shop online, use a website, make a medical appointment or even book your car into a garage. In the main, these interactions will take the form of pop-up boxes, tick boxes or addendums relating to how your data will be used. They exist because organisations now need to tell you when your personal information will be used, stored or shared with others. More importantly, you have to permit them to do so.

After your preferences have been collected, they must be adhered to. That means, just because, for example, you gave your mobile number to let your hairdresser send you appointment confirmations, it doesn’t mean they can use the number to send marketing messages.

Additionally, any stored personal information must be kept as securely as possible. If it’s not, and a personal data breach occurs, as well as the ICO starting an investigation, you could start legal proceedings if you’ve been harmed in any way.

As with other types of claims, there is a data breach claims time limit. In most cases it is 6-years, but it can be as little as 1-year if the claim is about a human rights breach. Generally, our solicitors advise that starting your claim is the best thing to do. It allows time for investigations to be carried out, evidence to be obtained and presented, and negotiations to take place.

When you have completed this guide, please call if you need any questions answering or if you wish to start a claim.

What Are Data Breaches By The University Of Central Lancashire?

If you ask many people about data breaches, they’ll often mention phishing emails, viruses, ransomware, malware, keyloggers and similar issues relating to cybersecurity. But, did you know that the GDPR covers non-digital data as well? For example, if a business property was broken into and documents containing personally identifiable information about its staff were taken from an unlocked cabinet, then a personal data breach would have happened.

There is a definition listed in the GDPR which explains that a data protection breach is something which happens when a security problem means that your personally identifiable information is destroyed, altered, lost, accessed or disclosed using methods that you have not authorised. Whether any harm has been caused or not, the ICO can investigate data security breaches regardless of whether the act which caused it was accidental, illegal or deliberate.

Data controllers are legally obliged to start an investigation when security breaches are identified. They need to look at what happened, when it took place, and what data was exposed. Any data subject who could be at risk from the data leak must be informed.

We can review whether your case could entitle you to claim compensation so please get in touch with our advice centre today.

Does The GDPR Apply To Universities?

The GDPR documentation is 88-pages long. It is very well written and quite easy to follow as it defines responsibilities and roles very clearly. Any university identified as a data controller must be able to demonstrate that they comply with the following principles:

  • Telling data subjects why their personal information is required.
  • Making sure the data processing methods used are legal, fair and obvious.
  • Providing methods of updating personally identifiable information which has been stored.
  • To only collect the data that is required and nothing more.
  • Not keeping personally identifiable information for any longer than required.
  • Ensuring processing methods are confidential and secure.

When discussing personally identifiable information, the GDPR explains that this is data which could be used to help identify data subjects directly or indirectly. Information that could be used directly includes student enrolment numbers, staff ID numbers, names, email addresses, home addressed and telephone numbers. Indirect information could include details of some protected characteristics like race, age, disability or sexual orientation.

To check whether you have a valid university data breach claim, why not call the number at the top of the page today?

What Happens If A University Suffered A Data Protection Breach?

In this part of our guide, we are going to show how the University of Greenwich received a £120,000 fine following a breach involving personal data relating to around 20,000 people.

In 2004, to support a training event, a student and academic created a new website. The personal information detailed above was uploaded to the site. In most cases, the information included names, addresses and telephone numbers relating to alumni, staff and students. However, more sensitive data was included in some records such as details of learning difficulties and sickness records.

After the training event had ended, no effort was made to remove the website or to secure it. 9-years later, the webserver was compromised and 3-years after that the site was exploited by a number of hackers. The exploit allowed the criminals access to other parts of the webserver as well.

While the university was not aware that the website had been created, the ICO decided to fine it because there were insufficient management and security procedures in place to try and prevent (as much as possible) such instances from happening again.

Fines issued by the ICO are paid to the government’s Consolidated Fund rather than directly to the ICO.

For free support on data breach claims against the University of Central Lancashire (or any other university), please call our advice line today. Provided you have clear evidence of the breach and the harm it’s caused you, we could help.

Statistics On The Impact Of Data Breaches In Universities

In this section, we are going to show you the results of a recent study relating to university data breaches. While you might not realise how common they are, this report shows that they are becoming more prevalent. The study, based on 86 responses, found that:

  • Over a quarter of the universities (27%) had never conducted a penetration test on their IT infrastructure using an external security firm.
  • 54% of respondents had been in touch with the ICO in the past 12-months to report a personal data breach.
  • 46% of university staff had not received any data awareness training within the previous year.
  • Amazingly, only 51% of students are proactively trained on the security of the data they use.
  • On average, the training budget set each year for staff data awareness was only £7,529 per university.

It’s worth remembering that while universities hold a lot of personal information about their staff and students, many also hold sensitive information relating to research projects they are conducting.

Source: https://www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year

Criminal Offences Under The Data Protection Act

The Data Protection Act 2018 criminalises a number of behaviours relating to the GDPR. We won’t review them all here, but you can see a list on the CPS website. They relate to unlawfully obtaining personal data and destroying, altering or selling it.

To try and prevent criminal acts against them, universities could tighten security by taking steps like:

  • Encrypting data so devices become unreadable if lost or stolen.
  • Training all staff on data security awareness.
  • Using external security experts to try and identify security flaws before they are spotted by criminals.
  • Ensuring all devices receive the latest security patches as soon as they are available.
  • Conducting regular data protection policy reviews.

Although these measures might seem costly, they could prevent a lot of harm and also stop the university being fined by the ICO.

What Are My Rights To Compensation?

In this part of our article, we are going to look at what you could claim compensation for following a UCLan data breach. Unfortunately, you can’t just specify the amount of compensation you wish to be paid! You have to justify any claim and provide substantiating evidence. What makes claims more complex is the fact that you need to consider future suffering as well.

Your claim will usually consist of material damages and non-material damages. The first is used to try and resolve the financial harm you may have suffered. The second aims to compensate you for the pain and suffering caused by psychiatric injuries like stress and anxiety.

Material damages calculations will usually start with the money that you have already lost. Then you might need to consider if you could continue to lose money in the future. For example, if an identity thief has used your information to obtain finance, you might find that the rate you pay for mortgages or loans could go up if your credit record has been damaged.

Similarly, non-material damages calculations will usually start with any diagnosed psychiatric injuries that have been caused by the data breach. Then an independent medical expert could identify that some of your sufferings might continue in the long-term. For instance, Post-Traumatic Stress Disorder (PTSD) could make it difficult for you to return to work for a long time.

It is important to get everything right when submitting your compensation request because you are only able to file a single claim. That’s where our experienced solicitors might be able to help. They could review your case with you thoroughly to try and make sure every aspect of harm has been considered.

Why not call our free advice line today to see if you could be entitled to seek compensation for a university data breach?

Calculating The Amount You Could Claim For Data Breaches By A University

If you’ve read this article about claiming for University of Central Lancashire data breach, you might now be wondering how much compensation could be paid. Obviously, we can only provide a personalised estimate when your claim has been properly assessed. However, we have included a table below of compensation amounts for some relevant injuries.

In the case of Vidal-Hall and others v Google Inc [2015], heard in the Court of Appeal, it was decided that you are allowed to seek compensation for psychological injuries even when the data breach didn’t cause you any financial harm. Also, the court instructed that awards should be made to the same level as personal injury claims. The amounts listed in the table have been extracted from the Judicial College Guidelines which is a document that legal professionals usually refer to when settling such claims.

Edit
Psychiatric Injury Type Severity Settlement Range Further Comments
Psychiatric Damage (General) Severe £51,460 – £108,620 The effect of any treatment will be minimal which will leave the victim vulnerable meaning they will receive a very poor prognosis.
Psychiatric Damage (General) Moderate £5,500 to £17,900 The victim will have significant problems dealing with relationships, work and life in general. However, they will have more optimistic prognosis than above.
Psychiatric Damage (General) Minor Up to £5,500 Mild symptoms that resolve in a short space of time.
PTSD Moderately Severe £21,730 to £56,180 There will be a period of significant suffering but cases in this category will mean the victim has some chance of improving with professional support.
PTSD Moderate £7,680 to £21,730 The more serious PTSD symptoms will have resolved and any which continue won’t be majorly disabling.

The amount of compensation paid is generally based on the severity of your injury. To help prove that, you will be asked to attend a local medical assessment during the claims process. An independent specialist will check over your medical records and assess you by asking several questions relating to your suffering. After the meeting has concluded, the specialist will document their findings and send their report to your solicitor.

Learn More About Your Rights With A Specialist Solicitor

Now that we have explained why you might be able to claim for a UCLan data breach, you might be at the point where you want to find a solicitor to help you. In some cases, you may wish to read solicitor reviews online, ask for a recommendation or look for your nearest law firm to help you. But those steps could take a while.

Alternatively, you could take the easier option and call the Legal Expert free advice line. By doing so, you’re able to ask as many questions about claiming as you like. We can also assess your case for free and without obligation. If your claim is strong enough, it could be accepted by one of our solicitors.

If it is, they will provide you with regular updates, answer any queries throughout your case, and explain legal terminology for you. Of course, our solicitor’s main aim is to try and achieve the highest compensation payment possible in your case.

So, why not call and speak to a specialist advisor for free advice today? You can also check out some of our own reviews from past clients to get an idea of our level of service.

No Win No Fee Data Breach Claims Against The University Of Central Lancashire

We understand that the potential costs in pursuing legal action can put some people off starting a compensation claim. So that we can provide our services to as many people as possible, we offer a No Win No Fee agreement in all claims that we accept. Not only does our service make your claim less stressful, but it also lowers your financial risk as well.

At the beginning of the process, your claim will need to be assessed by a solicitor. If they are happy that it appears feasible, you’ll be provided with a Conditional Fee Agreement (CFA) to sign. The CFA will show how your claim will be handled and it will also explain that:

  • No fees or charges need to be paid upfront.
  • There will be no solicitor’s fees billed to you during the claim.
  • Should the claim fail, you won’t need to pay any of your solicitor’s fees whatsoever.

If your claim is won, your solicitor will deduct a ‘success fee’ from the compensation. This fee is a small percentage of your settlement that’s detailed in the CFA so you’ll understand how much will be deducted before you start the claim. For your peace of mind, we should let you know that success fees are legally capped.

To check if you could be eligible to claim on a No Win No Fee basis, please call our advice line today.

Tell Us About How You Have Been Impacted By A Data Breach

We are approaching the end of this guide about data breach claims against the University of Central Lancashire. We do hope that the information supplied has helped you decide whether you have a valid claim. If you want to contact us to discuss your case, you can:

So that we don’t waste anybody’s time, our advisors will always provide honest advice about your chances of claiming successfully. In a no-obligation telephone consultation, your claim will be assessed, and you’ll be given free legal advice. If the claim appears to be feasible, it could be passed to one of our specialist solicitors. If it is accepted, your case will be managed on a No Win No Fee basis.

References And Information

This final part of our article about data breach claims against the University of Central Lancashire is where we’re going to provide more resources that may be useful during your claim. If you require further information, please contact our specialist advisors today. Additionally, as Legal Expert can help with many different types of claims, we have included some more of our guides here too.

Data Protection Policy – Details of how the University of Central Lancashire processes personal information.

The UK GDPR – Advice provided by the ICO that outlines the responsibilities of data protection officers.

Complex Post-Traumatic Stress Disorder – Information from the NHS website about the treatment, symptoms and diagnosis of complex PTSD.

Peanut Allergy Claims – Advice on how we could help you claim for suffering caused by inadequate food labelling leading to an allergic reaction.

NHS Hospital Negligence – Details on when you could claim for suffering caused by hospital negligence.

Hearing Loss Claims – Information about claiming for the loss of hearing following an accident that was not your fault.

Other Useful Compensation Guides

Guide by Hambridge

Edited by Billing