If you sit down and think about it, universities wouldn’t be able to function if they didn’t store personal information about their staff and students. Organisations should tell you when your data is going to be used and take steps to keep it safe. This guide is going to examine what is meant by data breach compensation claims against the University of Kent. We’ll also discuss the type of harm that could result from a data breach as well.
The recent privacy laws that have given individuals (data subjects) more control over recent years are the General Data Protection Regulation (GDPR) and The Data Protection Act 2018. Both examine data processing. Looking at what control data subjects have over their personal information that is collected. The organisation that holds the information (the data controller) must also seek permission to use it. But not always. Any organisation who fails to follow these laws could be investigated and fined by the Information Commissioner’s Office (ICO). In addition, you could ask to be compensated if you are harmed by a data breach in any way.
Legal Expert could help you if you decide to begin a claim. We provide free legal advice, and your claim can be assessed without obligation. If one of our advisors decides your claim is strong enough, you could have a solicitor from our team appointed. Any claim that is accepted will be managed on a No Win No Fee basis.
If you’d like to begin your claim straight away, please call 0800 073 8804 today. To find out more about data security breaches before calling, please continue reading.
Select A Section
- A Guide To Data Breach Claims Against the University Of Kent
- What Is A Data Breach By A University?
- How The GDPR Regulations Impact Universities
- What Happens When A University’s Data Is Breached?
- How Many Universities Have Suffered A Data Breach?
- Preventing Criminal Thefts And Attacks
- Your Rights To Different Types Of Data Breach Compensation
- Calculating Compensation For Data Breach Claims Against The University Of Kent
- How A Solicitor Could Help You Understand Your Rights
- No Win No Fee Claims For Data Breaches By The University Of Kent
- Talk To One Of Our Experts
- Resources And How To Report A Breach
A Guide To Data Breach Claims Against the University Of Kent
When you sign up for a university course, the amount of paperwork (or online forms) that needs filling in might seem daunting. A lot of the information presented to you will be about how your data will be used. That’s because, the GDPR stipulates that data controllers need to a) tell you about why they need your data, b) how they will use it and c) usually request your permission to do so. There are circumstances when an organisation will not need to provide you with privacy information, though
The same is true for just about anything you do these days. Whether it’s making an online purchase, booking a medical appointment, hiring a car or renting a property. In all cases, you’ll see tick boxes or pop-up boxes on the booking or application form. These are used to help the data controller meet their GDPR obligations. Additionally, to prevent an ICO fine, they must implement measures to prevent data breaches from occurring. If they do happen, you might be able to request compensation for any harm caused.
When starting a claim, you need to be aware of the time limits. Usually, the limitation period for data privacy breach claims is 6-years. If the claim centres around a breach of human rights, though, you’ll only get 1-year to claim. Our experienced solicitors usually advise that starting as early as possible will make it easier for you to remember the facts of the case. They could also find it easier to obtain the evidence required to back up your claim.
Please call our team if you have any questions at all.
What Is A Data Breach By A University?
In this digital era, you might automatically think of cybersecurity problems like phishing attacks, malware, ransomware, viruses or key loggers when you hear the term ‘data breach’. While they are common causes of breaches, the GDPR also covers other types of data. For instance, if we consider a company that disposes of physical documents containing identifiable information about its customers with the general waste. If those documents got into the public domain, a data breach could have occurred.
The GDPR defines personal data breaches as occurrences that happen when a security flaw means personal information is accessed, destroyed, lost, altered or disclosed without permission. Acts that lead to such a breach might be illegal, deliberate or completely accidental.
When breaches are identified, the data controller needs to start an internal investigation. Also, inform the ICO. If there is a risk to any data subject, they need to be told what happened, As well as, how it happened and what personal information was exposed.
If you would like help with starting a claim for a university data breach that has caused you to suffer, please let us know today and we will review your case for free.
How The GDPR Regulations Impact Universities
The GDPR is a very well written legal document. It uses definitions and roles to make it easy for organisations to understand their data protection responsibilities. Any organisation that takes on the data controller role must show that they comply with the following principles:
- Telling all data subjects the reason why their information is required.
- Ensuring data processing is carried out in a fair, obvious and legal fashion.
- Only keeping personal information for as long as necessary (there is no actual time limit defined by the GDPR).
- Making sure that personal information is stored securely and confidentially.
- Ensuring that only a minimum amount of information is handled to complete the objects of the processing.
- Providing methods to allow all personal information to be kept up to date.
When discussing personal information, the GDPR explains that it is any data that could help identify a data subject directly or indirectly. Examples could include employee number, student number, name, email, telephone or address. Additionally, information relating to race, gender, age, disability and other protected characteristics could also be included.
For help with claims for the harm caused by a data breach, why not speak to a member of our team today?
What Happens When A University’s Data Is Breached?
In this part of our guide, we’re going to look at the consequences of an actual university data breach. In this example, the University of Greenwich had a £120,000 penalty imposed by the ICO.
During 2004, a website was created and published to temporarily support a training conference. After the event had finished, the website was left open. The problem was that personal information relating to around 19,500 people had been uploaded to the website. In 2013, the website sill remained in place and was subsequently exploited.
During 2016, the website was accessed by several hackers who used the previous exploit to access different parts of the webserver. That meant, potentially, the hackers had access to the previously uploaded personal information. In the main, that information contained names, emails and telephone numbers. However, some 3,500 records also contained more sensitive details such as learning difficulties and staff absence records.
The ICO issued a statement to say that although the website had not been created with the university’s knowledge, it is responsible for the data.
How Many Universities Have Suffered A Data Breach?
Even after reading this guide on whether you can make data breach claims against the University of Kent – you might be wondering how common university data breaches are. Well, according to one network security company, they are more common than you may think. In a recent study, based on answers from 86 British universities, it was found that:
- 12% of universities do not provide training or guidance for data security. Only 51% of universities proactively provide training and 37% only offer it to students who ask for support.
- 46% of staff had not been trained in data protection matters in the last year.
- 27% of universities said that they had never had an external penetration test conducted on their infrastructure.
- Annual budgets for staff data awareness training were just £7,529 on average per establishment.
- Amazingly, more than half of the respondents (54%) said they’d informed the ICO about data breaches in the last 12-months.
Study Report: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf
In the digital age that we live in, it seems clear that the investment in data security within our universities may need to increase for many years to eradicate the risk of further data protection breaches.
Preventing Criminal Thefts And Attacks
In this section, we’re going to look at some general data protection guidelines that might help prevent data breaches in the future. They include:
- Conducting regular reviews of data protection notices.
- Keeping all IT equipment up to date and patched with the latest security releases.
- Providing all contractors, staff and students with adequate safety training.
- Encrypting disks on portable devices so their data can’t be accessed if stolen or lost.
- Making use of IT compliance firms to check for flaws in the university’s security before criminals find them.
In the short-term, these actions might be costly. However, they could go some way to stopping a university from receiving a large financial penalty from the ICO.
Your Rights To Different Types Of Data Breach Compensation
When claiming for the harm that results from a data breach, you don’t just make an amount of money up! You need to justify any money you ask for by supplying substantiating evidence. Also, because you’re only allowed to make a single compensation claim, you need to consider any future suffering as well.
Your claim will usually consist of two distinct elements. Material damages claims are used to cover the money you have lost following a data breach (if any). Non-material damages cover psychiatric injuries that have been caused as a direct result of the data protection breach.
When considering the financial side of the claim, you will, of course, list any losses you’ve already incurred. However, you may need to add an amount for money that could be lost in the future. For instance, this may be the case if your personal information has been sold online to criminal gangs who could continue to carry out identity thefts against you for some time.
In a similar fashion, when claiming for injuries, your claim will begin with conditions that have already been diagnosed and attributed to the data breach. Then your ability to function, manage relationships or deal with work in the longer term could be added on.
It is vitally important that you consider all aspects of your claim before submitting it. Once you have agreed to settle your case, it’s not possible to request further funds for something you hadn’t realised would affect you. If you work with Legal Expert, one of our experienced solicitors could review your case carefully with you to try and ensure no element of your suffering is left out of the claim. Please speak to an advisor for more information on how we could help.
Calculating Compensation For Data Breach Claims Against The University Of Kent
We have now examined if data breach claims against the University of Kent are possible. We are now going to move on and look at compensation amounts. Please use this section for information only as we’ll only be able to provide a personalised compensation estimate once your claim has been properly assessed. The information we provide is for psychological suffering. We have not included any figures for financial loss. The figures are based on amounts used in personal injury claims.
In the case of Vidal-Hall and others v Google Inc [2015] heard at the Court of Appeal, it was agreed that compensation for psychiatric injuries caused by a data breach is possible in cases where there have been no financial losses. In addition, it was stated that compensation should be awarded in the same way as personal injury claims.
The table which follows shows potential compensation figures for some relevant injuries. The data has been taken from the Judicial College Guidelines which is used by legal professionals when deciding compensation amounts.
Injury Type | Severity | Compensation Bracket | Further Details |
---|---|---|---|
General Psychiatric Damage | Severe | £51,460 – £108,620 | In this category, a very poor prognosis will be provided because the victim is unlikely to respond well to treatment and will be vulnerable in the future. Factors such as their ability to function, work or manage relationships will be considered. |
General Psychiatric Damage | Moderate | £5,500 to £17,900 | In this category, the same factor as above will be used to determine the compensation amount. The prognosis will be more optimistic though. |
Post-Traumatic Stress Disorder | Moderately Severe | £21,730 to £56,180 | The victim will suffer significant PTSD symptoms in this category (for the immediate future). However, there will be a good chance of professional support making things better. |
Post-Traumatic Stress Disorder | Moderate | £7,680 to £21,730 | Any continuing symptoms won’t be massively disabling and the victim will have largely recovered. |
To try and ensure any compensation is awarded at the right level, you will need to attend a medical assessment (held locally) during the claims process. An independent expert will review your medical notes and ask questions about the impact of the personal data breach. When they have finished the assessment, their findings will be recorded, and a report sent to your solicitor.
How A Solicitor Could Help You Understand Your Rights
When you have decided that you want to claim for a university data breach, the next thing you may do is hire a solicitor to help you. Who do you turn to, though? You could ask for recommendations, read solicitor reviews online or simply look at the map to find a local firm. Alternatively, you could take an easier route and call Legal Expert’s free advice line.
We have a team of specialists who are happy to explain your rights, review your case and supply free legal advice too. If your case is accepted, you’ll be coupled with a specialist solicitor from our team. They’ll clearly explain any legal complexities, answer any queries and provide updates as things progress. The main job our solicitors have, though, is to try and achieve the highest amount of compensation possible in your case.
Why not start the ball rolling by contacting our advice centre today?
No Win No Fee Claims For Data Breaches By The University Of Kent
It is quite normal for potential claimants to delay their case because they are concerned about how much a solicitor may costs. To remove a lot of that worry, we offer No Win No Fee solicitors for any claim we accept. By reducing your financial risk, our service makes the claim much less stressful.
When you first contact us, a solicitor will have to check the feasibility of your claim. If they agree to work for you, they will supply you with a Conditional Fee Agreement (CFA). This contract explains how your claim will be processed. It will also show you that:
- No payments are required to start the claim.
- We won’t ask you to pay solicitor’s fees during the claim.
- If your claim is lost, you won’t need to pay solicitor’s fees at all.
If there is a positive result in your case, your solicitor will keep a small percentage of your compensation to pay for their costs and time. In the CFA, you will see this listed as a ‘success fee’. So that you know the exact percentage you’ll pay (which is legally capped), the success fee will be prominently in the CFA.
We offer a No Win No Fee service for any data breach claims that we take on. Please call to check if you’re case is eligible.
Talk To One Of Our Experts
We’ve now covered all of the information set out at the start of this article. If you are unsure if you can make data breach claims against the University of Kent call us for free advice. If you have found the guide helpful and would like to instruct Legal Expert to start a claim on your behalf, you can contact us by:
- Telephone – call 0800 073 8804 to speak with a specialist advisor.
- Email – send details of your claim in a message to info@legalexpert.co.uk.
- Live Chat – discuss your case with an online advisor day or night.
- Online – Complete this form to begin your claim and an advisor will contact you when it is convenient.
We don’t want to waste anybody’s time so our team will be honest about the chances of winning your case from the start. During your no-obligation consultation, an advisor will review your suffering and supply free legal advice. If they believe that compensation could be won, they might refer you to a specialist solicitor from our team. Any claims accepted by Legal Expert are handled on a No Win No Fee basis.
Resources And How To Report A Breach
We have now reached the final section of this guide about the potential criteria for making data breach claims against the University of Kent. Hopefully, the information we have included will prove useful. To provide extra support, we have linked to some resources below which may help you during your claim. Additionally, you’ll find some more Legal Expert articles that show some other claims we could help you make. Please call a member of our team if there is any further information required.
Your Data Matters – A collection of guides from the ICO about how to protect your personal information.
Help With Anxiety – NHS information about services they offer to help you with anxiety.
Employee Injury Claims – Information on how our lawyers could help you claim for an injury at work.
Birth Injury Claims – Advice on claiming compensation if mother or baby suffer avoidable injuries during childbirth.
Criminal Injury Compensation – Details about the CICA scheme which could compensate you for criminal injuries.
Other Useful Compensation Guides
- Teesside University Data Breach
- The Arts University Bournemouth Data Breach
- The Open University Data Breach
- Transform Hospital Group Data Breach
- University of Aberdeen Data Breach
- University of Bedfordshire Data Breach
- University of Bradford Data Breach
- University of Brighton Data Breach
- University of Buckingham Data Breach
- University of Cambridge Data Breach
- University of Central Lancashire Data Breach
- University of Cumbria Data Breach
- University of East Anglia Data Breach
- University of Edinburgh Data Breach
- University of Glasgow Data Breach
- University of Gloucestershire Data Breach
- University of Huddersfield Data Breach
- University of Hull Data Breach
- Can I Get Compensation For Loss of Medical Records?
- University of Lincoln Data Breach
- Data Breach Solicitors
Written By Hambridge
Edited By Melissa.