By Danielle Jordan. Last Updated 3rd February 2023. In this guide, we are going to examine the concept of data breach claims against the University of Portsmouth.
Personal data protection should be taken seriously by every organisation that collects or processes personal information. This guide aims to show how, despite best intentions, your data can be exposed through multiple causes.
For example, a data breach could be caused by the failings of an organisation that was supposed to protect personal information. If your personal data is affected in a breach, you could suffer financial loss and psychological damage. Consequently, if this is due to the positive wrongful conduct of an organisation or institution that was supposed to protect your personal data, you could claim.
Unfortunately, we might not be able to answer every question that you have in this guide. That’s partly because no two claims are the same. Each has its own unique aspects.
However, our advisors can give free legal advice. They’re available 24/7 on 0800 073 8804 and they can answer any specific questions that you have.
Additionally, if you have solid grounds for a valid claim, they could connect you with our solicitors. However, you’ll be under no obligation to proceed with these services if you don’t want to.
Select A Section:
- A Guide On Data Breach Claims Against The University Of Portsmouth
- What Is A Data Breach At The University Of Portsmouth?
- Breaches Of The GDPR In Higher Education
- Action Taken By The ICO For Higher Education Data Breaches
- University Data Breach – Do I Need Evidence?
- What Your Compensation Settlement Could Include
- Calculating Claims For Data Breaches By The University Of Portsmouth
- How A Data Breach Compensation Expert Could Help You
- No Win No Fee Data Breach Claims Against The University Of Portsmouth
- Contact One Of Our Experts
- Related Guides
A Guide On Data Breach Claims Against The University Of Portsmouth
Every organisation that keeps your personal data, or processes it, should comply with the UK General Data Protection Regulation (GDPR). The UK GDPR sits alongside the Data Protection Act 2018. The EU GDPR was enacted into UK law via the Data Protection Act.
Data protection law is created with the intention of keeping your personal data safe. But what happens when a failure in data protection compliance leads to a data breach involving your personal information? This guide explores the answer.
We start off by providing background information. We examine what a data breach is, and the specific problems faced by higher education providers in relation to storing personal data. You will also find some information about past data breaches in this educational sector.
Once this background has been laid, we move on to look at some information related to the claims process itself. You will find that we have listed some of the reasons why you might receive compensation for a data breach. We have also provided an example compensation table for your information.
In addition, we explain No Win No Fee: how it works and what the benefits can include.
Claim Time Limits
Something you might already understand is that there will be a time limit for starting your claim. The circumstances of your claim will decide the time limit. In general, you will have six years. Although this might only be one year if the claim involves human rights breaches.
Why not get in touch with our advisors to find out how long you have left to claim? They can tell you which time limit will apply.
Get More Help And Advice
Our advisors are here to help you. You can use the contact number at the end of this guide to get in touch with them. They’re ready to help 24 hours a day, 7 days a week. What’s more, their expert advice is free and they could connect you with our solicitors. But remember, you’ll be under no obligation to proceed with their services.
What Is A Data Breach At The University Of Portsmouth?
Personal data or personal information is anything that can identify you directly or in combination with other information. For example, your name, address and phone number would be examples of personal data.
A personal data breach begins with a security breach. This then leads to personal data being lost, destroyed, disclosed, accessed or altered without permission or unlawfully. It can happen through accidents or be deliberate. In addition, it can occur with personal information on physical documents or stored digitally.
Some digital data breaches are caused by cyberattacks. This is where cybercriminals make deliberate efforts to unlawfully attack online systems. Cyberattacks can take many forms, such as:
- Phishing – tricking somebody into exposing your data by impersonating an entity that has valid access to it.
- Man in the Middle (MitM) – where an unauthorised intruder intercepts communications between two parties.
- Drive-by download attacks – unintentionally downloading malicious code, leaving you vulnerable to a cyberattack.
- SQL injection – inserting malicious SQL statements into an entry field for action.
- Eavesdropping – gaining access to data by accessing it in transit across an unsecured network.
The Reality Of Cyber Attacks
A successful cyber attack will exploit a vulnerability in hardware, software or security to gain unlawful access to personal data. It is important to understand that it may not be the university itself that caused the breach to happen. It could be a data processor. Data processors are third parties (such as organisations) that process personal information at the request of data controllers.
A data controller is an organisation or institution that decides how and why they’ll process personal data. They may process this data themselves or get a data processor to do it.
A good example of this is the Blackbaud data breach that happened in 2020. Blackbaud is a cloud computing provider and suffered a cyberattack. Over 120 organisations, including several universities that used the Blackbaud platform, experienced personal data incidents relating to the Blackbaud data breach.
Source: https://www.bbc.co.uk/news/technology-53567699
How A Data Breach Can Affect You
Some data breaches are trivial in nature, and won’t have any consequences. Others are serious and could cause you problems. For example:
- Identity theft – someone is able to take enough personal information from you to be able to act as you. For example, they may be able to take out new loans in your name, for which you suffer financially.
- Resale – your personal data might be resold to another criminal.
- Theft – a criminal may steal from your bank account if they’re able to access that personal data.
- Psychological – you could suffer mentally due to the stress of the data breach or the prospects of what it could lead to.
If a university’s positive wrongful conduct caused a data breach that involved your personal information, and you were affected mentally or financially as a result, you could claim.
For information about this guide exploring what could justify potential data breach claims against the University of Portsmouth, why not call us?
Breaches Of The GDPR In Higher Education
University data protection policies should be robust. The purpose of compliance with the UK GDPR is, in part, to reduce the likelihood of a data breach, whether caused by accident or through malicious action.
The UK GDPR outlines 7 main principles for processing personal data:
- Lawfulness, fairness and transparency – the university should be open about how your personal data will be used.
- Purpose limitation – the type of data collected should be limited to the purposes of its use.
- Data minimisation – the university should keep the bare minimum data that is needed to fulfil its needs.
- Accuracy – personal data should be accurate and kept up to date.
- Storage limitation – data should not be stored indefinitely. It should be stored only as long as required for the pre-agreed purposes.
- Integrity and confidentiality – the university must make sure that it keeps your personal data secure.
- Accountability principle – the university must show that it complies with data protection law, and be ready to demonstrate compliance if called upon.
Your Rights Under The UK GDPR
UK GDPR provides you with a number of rights to help you to take control of the way that an organisation, such as a university, handles your personal data. There are eight individual rights that UK GDPR gives you. These are as below.
- Access – you can ask to be provided with a copy of the data stored.
- Erasure – you can ask to have your data deleted completely.
- Be informed – you can ask about how your data is used.
- Restriction of processing – to stop your data from being used in a specific way.
- Rectification – to have your data corrected.
- Portability – to obtain your personal data and re-use it.
- Objection – you can object to its use.
- Rights relating to automated decision-making
Action Taken By The ICO For Higher Education Data Breaches
The Information Commissioner’s Office (ICO) helps enforce compliance with data protection laws. If an organisation fails to follow data protection laws, the ICO could investigate and issue a fine.
For example, in 2018, the ICO fined the University of Greenwich £120,000. The University’s security breach involved the personal information of almost 20,000 people including students and employees.
An unsecured university microsite, built in 2004, had left the Univerity’s system vulnerable to hackers. Therefore the hackers used this vulnerability to access personal information.
University Data Breach – Do I Need Evidence?
Before we examine data breach compensation, you will need evidence that shows your personal data was compromised in a data breach at a university due to a failure to adhere to data protection legislation. You must also submit proof of the harm you suffered, whether this was financial or psychiatric, such as post traumatic stress disorder (PTSD).
Evidence that could help prove your personal data was compromised in a university data breach includes:
- A letter or an email from the data controller that confirms your personal data was compromised. For example, they could have emailed you stating that a breach occurred, or you could have suspected a breach and they responded to your query with confirmation that a breach compromised your personal data.
- Any correspondence between yourself and ICO concerning the data breach. Additionally, if the ICO investigated the data breach, details of this could also be submitted.
- Your financial records if you lost money or your credit rating due to the data breach.
- Details of your mental health condition if you suffered psychologically due to the data breach. This may include an independent medical evaluation.
If you have evidence that a Portsmouth University cyber attack compromised your personal data, call our advisors for free advice about what steps you could take next.
What Your Compensation Settlement Could Include
If you do make a data breach claim against a university, you could use the services of a solicitor to help. If you do, your lawyer can tell you about the two different types of damages you might be able to claim.
After a data breach, you may suffer financial loss, especially if you have been the victim of identity theft. Compensation that covers this falls under material damages.
To claim material damages, you need to prove your financial losses caused by the breach. This could be through financial documentation such as bills or credit scores.
And then there is the psychological harm that the data breach could cause. Compensation that covers this falls under non-material damages.
To prove material damages, you’d attend a medical assessment as part of the claims process. During this assessment, an independent medical professional would check your condition to:
- Assess whether your psychological injuries were caused or worsened by the data breach (or whether there is no link). If it’s found that your injuries aren’t linked to the data breach, it may be difficult to claim.
- Assess the severity of the injuries.
The professional would then create a report, which your solicitor would use to help them with a valuation of the psychological harm done.
Calculating Claims For Data Breaches By The University Of Portsmouth
The compensation table below gives examples of recommended compensation ranges for the psychological harm a personal data breach causes. We used the guidelines produced by the Judicial College to make this table. These guidelines are used by legal professionals to help them value injuries.
Type of Injury | How Severe? | More Information | Compensation Range |
---|---|---|---|
Psychological damage | Severe (a) | The claimant would struggle with everyday life. The prognosis for this claimant would be very poor. | £54,830 to £115,730 |
Psychological damage | Moderately severe (b) | The prognosis would be much better than the claimant above. | £19,070 to £54,830 |
Psychological damage | Moderate (c) | There is a significant improvement and the prognosis will be positive. | £5,860 to £19,070 |
Psychological damage | Less severe (d) | The award will take into account sleeplessness and how everyday activities are affected. | £1,540 to £5,860 |
PTSD | Severe (a) | The claimant will suffer permanent effects. | £59,860 to £100,670 |
PTSD | Moderately Severe (b) | The claimant has a better prognosis with professional help than in more severe cases. However, they will likely suffer a significant disability into the foreseeable future. | £23,150 to £59,860 |
PTSD | Moderate (c) | The claimant has largely recovered, although they still experience some symptoms that are not grossly disabling. | £8,180 to £23,150 |
PTSD | Less severe (d) | The claimant will make an almost full recovery within 2 years. | £3,950 to £8,180 |
The case of Vidal-Hall and others v Google Inc [2015] was heard by the Court of Appeal. During the case, it was decided that:
- Claimants could seek compensation for psychological damage even if they hadn’t suffered financial loss because of the data breach.
- Psychological harm can be valued as it is in personal injury claims.
If you can’t see your injury in the compensation table above, or you’re unsure of where your injury would fall, why not get in touch for a free, no-obligation estimate?
How A Data Breach Compensation Expert Could Help You
If you need to make a data breach claim against a university, you could do so with the support of a legal professional. Help from a solicitor that is familiar with the UK GDPR and data protection law could be beneficial.
Our solicitors can work for you from anywhere in the country. Therefore you won’t be restricted to the services of lawyers in your area. In addition, our solicitors offer their services on a No Win No Fee basis.
So here’s what you could do:
- Call our claims team on the number at the bottom of the page. Explain your situation and get your questions answered for free.
- An expert advisor will evaluate your claim, tell you what your legal options are, and whether we could help you further.
- You could be connected with our solicitors who could begin processing your claim for you under a No Win No Fee agreement.
This guide about the concept of data breach claims against the University of Portsmouth aims to give information to help you. But if you have unanswered questions, why not reach out?
No Win No Fee Data Breach Claims Against The University Of Portsmouth
You may be able to make your claim for university data breach compensation under a No Win No Fee agreement. Another term for a No Win No Fee agreement is a Conditional Fee Agreement (CFA). As this term suggests, the solicitor’s fee is conditional on the claim being won.
Essentially, this means that:
- You won’t pay any ongoing solicitor fees during the claim.
- Additionally, you won’t pay solicitor fees upfront.
- If the claim is not a success, the lawyer will not take their solicitor fee.
If the claim is won, a success fee will be due. However, it’s taken from the compensation once it comes through so that you’re not left out-of-pocket. Plus, it’s a small percentage and is legally limited.
We understand that you might need a fuller explanation of how No Win No Fee works. Therefore, you can call the number below any time of the day or night, 7 days a week. When you do, one of our expert advisors will answer any questions you have.
Contact One Of Our Experts
Do you have evidence of a justifiable claim? Then we could help. Please speak to one of our advisors.
- Contact us online so we can get back to you.
- Call us on 0800 073 8804.
- Use our live chat to get instant answers.
Our advisors give free legal advice. Additionally, they’re available 24 hours a day, 7 days a week. And you’ll be under no obligation to proceed with our services.
Related Guides
You can read some other guides we have published on this site. They may have more useful information for you.
- Microsoft Data Breach Compensation Claims
- Bank Data Breach Compensation Claims
- Local Authority Data Breach Compensation Claims
- University of Northampton Data Breach
- I Suffered Stress Due To A Data Breach, Am I Eligible To Claim Compensation?
- University of Salford Data Breach
- University of Sheffield Data Breach
- University of Southampton Data Breach
- University of Suffolk Data Breach
- University of Surrey Data Breach
- University of Sussex Data Breach
- University of the Highlands And Islands Data Breach
- University of the West of England Data Breach
- University of Warwick Data Breach
- University of Westminster Data Breach
- University of Winchester Data Breach
- University of Wolverhampton Data Breach
- University of Worcester Data Breach
- Watford Community Housing Data Breach
- Whitbread Data Breach Compensation Claims
- Wiltshire Council Data Breach
- Wolverhampton Council Data Breach
- Wrexham County Borough Council Data Breach
- Lost and Stolen Devices Data Breach
- Virgin Media Data Breach Compensation Claims
You may also like to check these external links. Each of them has additional information.
Data Protection: a Government guide
Thank you for reading our guide that considers what evidence could justify potential data breach claims against the University of Portsmouth.
Written by Wheeler
Edited by Victorine