We've been featured in:

University Of Greenwich Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For University Of Greenwich Data Breach

By Mark Armstrong. Last Updated 11th March 2024. Welcome to our Greenwich University data breach guide. It goes without saying that universities need to retain personal information about their staff and students to help the establishment function correctly. However, due to the sensitivity of that information, they need to take steps to prevent it from reaching the wrong hands. If personal information is leaked or compromised due to a data breach then those affected may have cause to claim compensation.

In this article, we are going to explain why data protection breach claims against the University of Greenwich might be possible. We’ll review the harm they could cause, consider new legislation and look at data breach compensation amounts.

University Of Greenwich data breach claims guide

University Of Greenwich data breach claims guide

Since the General Data Protection Regulation (GDPR) was introduced, individuals (or data subjects) have great control over how their personal data is handled. Any establishment that wants to use your personal information for any reason must first tell you why and then wait for your approval. On top of that, they need to introduce processes, procedures or systems to help keep your data safe. Any organisation found to have breached The Data Protection Act 2018 could face having a huge financial penalty issued by the Information Commissioner’s Office (ICO).

If you would like to make a data breach claim, Legal Expert can support you. Without any obligation, we will review your claim for you. An advisor will provide you with free legal advice. If your claim appears strong enough, could introduce you to one of our solicitors. Any claim that is accepted will be conducted using our No Win No Fee service.

If you’re ready to start a claim today, please call our advice line on 0800 073 8804. Otherwise, please carry on reading to find out more about the harm that data breaches could cause.

Select A Section

A Guide To Data Protection Breach Claims Against The University Of Greenwich

You may have noticed over recent years that any forms you fill in, whether online or on paper, are a lot longer than before. In many cases that’s because the form will contain sections relating to how your personal information will be used. As mentioned in the first section, firms must now tell you a) why they want to use your data and b) how they will use it. That’s why most forms will have tick boxes for your approval or websites will have pop-up boxes relating to the GDPR. However, they do not always need your consent.

Once you have given your GDPR preferences, the organisation that have asked to use your data (the data controller) must adhere to them. Data security is another key factor with regard to the GDPR. All data needs to be securely stored and kept confidentially. When data protection breaches do occur, they could result in the organisation being investigated by the ICO. On top of that, you may be entitled to claim for any harm caused.

We should inform you that there is a 6-year limitation period for making data breach claims. Cases relating to human rights breaches only have 1-year so please do bear that in mind when considering a claim. When you begin your claim early, you may well find it’s easier to remember how you were affected. Also, the solicitor you work with may find that they can obtain evidence to support your claim more easily.

To begin your claim with Legal Expert, please get in touch with us today.

What Is A Data Breach By A University?

Importantly, data breaches do not only involve computer and network security issues. A breach could occur simply because a filing cabinet containing personal records was left unlocked and accessed by an unauthorised individual.

Within the GDPR personal data breaches are listed as a security problem that allows personally identifiable information to be disclosed, destroyed, altered, lost or accessed by unapproved parties. The cause of the breach may be deliberate, accidental or illegal. Whatever the reason, the ICO could launch an investigation and fine those responsible.

The data controller must investigate any potential breaches. If they find that a data subject might be put at risk because of the data breach, they need to inform them about what happened, the type of information that was accessed and when the breach took place. The ICO may need to be kept informed regarding the steps a company is taking to investigate the breach.

If you have decided that you would like to claim compensation following a data protection breach that has harmed you, please let us know by calling the number above today.

Examples Of How The GDPR Could Be Breached By A University

There are a set of data processing principles listed within the GDPR to help protect data subjects. They include:

  • Processing of the personal data must be legal, obvious and fair.
  • Any data which is to be retained must not be kept any longer than it is required.
  • Information of a personal nature should be kept up to date.
  • A minimum data set should be processed to achieve the objectives of the operation.
  • All data should be processed in a confidential and secure fashion.

If you’ve read the list of principles and believe a Greenwich University data breach occurred because they weren’t followed, why not check with one of our specialists to see if you could receive compensation?

What Happened In The Greenwich University Data Breach?

In this section, we’re going to review a data security breach which meant the University of Greenwich was fined £120,000 by the ICO.

As with many breaches, the act that led to this case was not deliberate. It happened because a microsite was created in 2004 to help run a training course. The website had personal information relating to around 20,000 people uploaded to it. The problem was that after an event, the website was never closed down or secured.

In 2013, the website was compromised. Three years later, hackers visited the site and gained access due to its vulnerability. It meant that they could access the personal information including names, telephone numbers, addresses, and in some cases more sensitive information relating to staff sickness and student’s learning difficulties.

The ICO issued a fine due to the fact that there weren’t adequate measures in place to try and prevent such a breach.

If you believe you have been affected by this University of Greenwich data breach and would like to discuss a compensation claim, please reach out to our team today.

How Many UK Universities Have Been Impacted By Data Protection Breaches?

Even though we have shown real-life examples of university data breaches, you might be a little sceptical about how often they occur. We have provided some statistics from a recent report written by a cybersecurity firm. The data in their report was compiled using responses from 86 UK universities:

  • A massive 46% of university employees had not been trained in data security within the last year.
  • Only 51% of the respondents said their university proactively trained students in relation to data safety.
  • 27% informed the study that they had not used external penetration testers to check the security of their IT systems if the past year.
  • Over half of the universities questioned (54%) had needed to inform the ICO about data breaches in the past year.
  • On average, the annual training budget for staff was just £7,529.

Some of those figures are quite alarming when you consider the amount of sensitive data held by our universities. Not only do they hold personal information about staff and students, but they may also hold vast amounts of data relating to research projects. In the next part of our guide, we’ll look at preventative measures which could help stem the number of breaches that occur.

Source; https://www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year

Criminal Breaches Of Data Security And Privacy

How do we prevent data breaches from occurring? Well, we’re certainly not IT security gurus but there are some standard industry recommendations that could help. Here are a few:

  • Encrypting hard drives on portable devices so that if they are lost or stolen the data is not accessible.
  • Using external companies to conduct a penetration test of the university’s security to spot problems before criminals do.
  • Making sure all hardware has the latest software patches applied.
  • Reviewing and rewriting data privacy policies regularly.
  • Training contractors, students and staff on data safety measures.

These actions might seem like the expensive option but they’re not if they prevent future data protection breaches. For instance, these measures could stop students or staff from having to deal with the consequences of a data leak. In addition, they could also prevent the university from receiving a large fine from the ICO.

What Types Of Compensation Could I Be Eligible To Claim?

When you ask to be compensated for the harm caused by a data breach, you can’t just state how much money you would like to be paid. Instead, you need to justify your claim by providing evidence of the suffering you have sustained. The process of calculating your compensation is important as you can only make a single claim. Therefore, you need to also look at any additional suffering that could happen in the future. And this would apply to a scenario where you suffer from a hypothetical Greenwich University data breach.

Claims generally are split into material damages and non-material damages. The first aims to compensate you for any money that you have lost. The second is used to claim for any suffering caused by psychiatric injuries like anxiety, Post-Traumatic Stress Disorder and depression.

So, in regard to financial losses, you would first look at how much money you have already lost following the data breach. Then you would need to consider if you might lose additional funds later on. This might be the case if your personal information has been sold on the dark web to multiple identity thieves.

In a similar fashion, you could claim for the psychiatric injuries that have already been diagnosed. Additionally, an independent medical expert might be hired to look at whether you’ll suffer in the long-term. They could look at your ability to deal with everyday life, how your relationships might suffer and if you’re likely to be able to work.

As it is so important to get your claim right, we’d always advise having a solicitor on your side. If you work with us, we’ll appoint a solicitor (if your claim is accepted) who will review all aspects of your claim with you. Please call today if you would like to let Legal Expert represent you during your data breach claim.

Compensation Calculator For A Data Breach

OK, now that we have explained why a data breach claim might be possible, let’s look at compensation amounts. In an important legal case (Vidal-Hall and others v Google Inc [2015]), the Court of Appeal decided that it is OK to claim compensation for any psychiatric damage caused by a data breach even if you haven’t lost any money. In addition, they stated that any such award should be paid at the same level as personal injury claims.

To demonstrate what amount could be paid, we’ve listed some relevant psychiatric injuries in the table below. Its contents have been taken from the latest version of the Judicial College Guidelines which is commonly used to help determine what level of compensation to award. This is just a sample of the injuries that could be claimed for. Once your case has been reviewed, we should be able to provide you with a more detailed compensation estimate.

Edit
Injury Type Severity Compensation Bracket Notes
Psychiatric Damage Severe £51,460 – £108,620 The victim in this category will have serious problems coping with life, relationships and work. These severe cases will mean the victim will be vulnerable in the future and treatment will not help.
Psychiatric Damage Moderately Severe £17,900 to £51,460 There will be significant issues similar to those listed above but the prognosis will be more optimistic.
Post-Traumatic Stress Disorder (PTSD) Moderately Severe £21,730 to £56,180 The victim will suffer significantly for the immediate future but, with professional help, things should become better.
Post-Traumatic Stress Disorder (PTSD) Less Severe To £7,680 Cases where symptoms have been resolved within around 1-2 years

You’ll no doubt notice that compensation amounts are linked to the severity of your injuries. For that reason, you will need to attend a local medical assessment as part of your claim. An independent specialist will review your symptoms, ask questions and refer to your medical records. After the appointment has ended, the specialist will write down their findings and send a report to your solicitor if you have decided to appoint one.

How Do I Know If I Could Claim Against My University?

If you have read this article on data protection breach claims against the University of Greenwich and decided that claiming might be an option for you, then you might want to know whether a solicitor will take your case on or not. Rather than wasting time scouring the web or asking friends about your case, a simple call to Legal Expert’s advice line should make things clearer.

We have a group of specialist advisors who will assess any claim without obligation. If the case is strong enough, you’ll be paired with one of our data breach specialists. They will advise you of the claims process, provide regular updates and ensure you understand any complex legal jargon. The main job of our solicitors is to work hard to try and ensure you are compensated fairly.

Please call us today and let an advisor review your case, for free, today.

No Win No Fee Data Protection Breach Claims Against The University Of Greenwich

From our decades of experience handling different types of compensation claims, we know that many claimants are worried about losing money to solicitors in unsuccessful claims. To reduce that worry, Legal Expert offers a No Win No Fee service for any claim taken on. This means you can have a legal representative pursue your case on your behalf without paying an upfront fee.

At the beginning of the process, a solicitor will need to assess the viability of your claim. If they believe your case is strong enough to proceed, you’ll receive a Conditional Fee Agreement (CFA) to sign. The CFA, your contract, will outline the claims process and let you know that:

  • Claims can start without any upfront payments.
  • There are no charges or solicitor’s fees to pay while the claim is ongoing.
  • You won’t be asked to pay the solicitor’s fees if the claim is lost.

To cover your solicitor’s costs, a success fee will be deducted from your compensation if the claim is won. This fee (which is capped legally) is clearly listed in the CFA as a fixed percentage of your compensation so you’ll know how much will be deducted before you agree to work with us.

To check your eligibility to use our No Win No Fee service, call the number at the top of the page today. And by speaking to us, we could handle your potential Greenwich University data breach claim.

Speak To Our Team For Advice On Data Breach Claims Against The University of Greenwich

We are approaching the end of this guide relating to data protection breach claims against the University of Greenwich. If you have found the information helpful and you have decided to commence a claim with Legal Expert, here’s how to get in touch about how to claim:

We don’t want to waste anybody’s time. That’s why we’ll always be completely honest about your chances of receiving compensation. When you contact our advice centre, the feasibility of your case will be reviewed by an advisor. They will offer free legal advice and could connect you with a specialist if your claim appears strong enough. So that your financial risk is reduced, any claim we accept will be funded by a No Win No Fee agreement.

Additional Resources For Data Breach Claims

We have now completed this guide about data protection breach claims against the University of Greenwich. Hopefully, you have found the information we have provided both useful and helpful. To finish the guide, we have added some links to resources that might be required during your claim. On top of those links, we’ve added details of some more of our guides to show what other types of claim Legal Expert can help with.

Getting Data Corrected – An ICO article that explains how you can request incorrect data about you to be corrected.

Types Of Anxiety – Information on the known types of anxiety from a UK charity.

Back Injury Compensation – Details of how Legal Expert could help you claim back injuries sustained during an accident.

Work Illness Claims – Information on when you could be compensated for an illness caused by your work.

How No Win No Fee Works – A more comprehensive explanation of how No Win No Fee claims are processed.

Other Useful Compensation Guides

Greenwich University Data Breach FAQs

When did the Greenwich University data breach happen?

It took place in 2016, though the circumstances would arise in 2013.

What was the original issue?

A microsite for the university would receive a compromise in 2013.

So, what happened next?

Several hackers would attack the microsite and control the server of the page in 2016.

How many people were affected?

There was personal data of over 19,500 people included on the microsite.

Then what happened?

Sensitive data for around 3,500 of those people would be published online.

What did the university do?

The university would handle the situation with the help of security experts while also reporting the breach to the ICO.

What was the ICO’s punishment for the university?

The college would receive a fine of £120,000 in May 2018.

And why was this significant?

This made Greenwich University the first UK university to be fined under the modern Data Protection Act of 1998.

Thank you for reading our Greenwich University data breach guide.

Written By Hambridge

Edited By Melissa.