We've been featured in:

University Of Surrey Data Breach Compensation Claims Guide

Welcome to our guide to data breach claims against the University of Surrey. If your personal information has been subject to a privacy breach and you’ve suffered damage to your finances or mental health as a result, you could seek compensation—provided you can prove it was the fault of the university.

Universities collect, process, and store the personal data of all the people connected to the facility. They are, therefore, data controllers and must abide by the law. In short, a university must be compliant with the law.

Below, we’ll take a look at circumstances in which the law could be violated and what your rights are to seek redress.

How to Claim If Your Personal Data Was Compromised In A Surrey University Data Breach

University Of Surrey data breach claims guide

University Of Surrey data breach claims guide

Our guide to making data breach claims against the University of Surrey provides essential information on the laws that protect your personal data.

We explain how breaches at a university could occur and the negative impact the breach could have on you. Furthermore, we cover the sort of compensation you could claim in a successful case, and how one of our No Win No Fee solicitors could be of assistance in securing a fair compensation payout.

Our guide explains how No Win No Fee agreements work, and how a solicitor could represent you on these terms. To find out more about data breach claims against a university, please continue reading our guide.

Alternatively, you can reach a member of the Legal Expert team on the following freephone number 0800 073 8804.

Select A Section

A Guide To Data Breach Claims Against The University Of Surrey

We have produced this guide to provide information on the laws that protect your personal information, and how organisations must be compliant. In short, any organisation, which includes universities in the UK, must abide by the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

A university data breach could have occurred for a number of reasons. This includes when a university is the victim of phishing attacks, ransomware or because of a malicious act. However, a breach could also occur due to human error or negligence. No matter how a data breach happens, the consequences can be devastating.

In the sections below, you will read about the laws that protect your personal information and how data must be kept secure. This applies to personal information kept on computers or in physical files.

We offer advice on the legal justifications behind data breach claims against the University of Surrey and explain how our No Win No Fee solicitors could help. Furthermore, we explain how No Win No Fee agreements work and how you could benefit from these terms.

Our guide provides a rough idea of how much a data breach claim might be worth based on the Judicial College Guidelines. In addition to this, we explain the type of compensation you could claim in a successful data breach case against the University of Surrey.

Time Limits for Making a Data Breach Claim

The time limit to making a data breach claim is as follows:

  • 6 years from the date you were made aware of a data breach
  • 1 year if your human rights are affected by a data breach

Because data breach claims can be notoriously complex, it is far wiser to begin a claim sooner rather than later.

To speak to a member of the Legal Expert team about making a data breach compensation claim, please call the freephone number shown at the top of the page.

What Is A Breach Of Data Protection At The University Of Surrey?

There are laws to protect personal information that organisations collect, process, and store. Universities gather your information, process it, and store it. A university is a data controller and therefore, must adhere to the law.

However, some universities contract the processing of data to third parties, such as Blackbaud, a case we’ll examine below.

In short, it means that a university must protect your personal information to ensure it is not compromised. If it is not secure, the Information Commissioner’s Office (ICO) has the power to issue substantial fines.

The type of personal information a university may collect from you could include the following:

  • Name
  • Address which includes a personal email address or an IP address
  • Medical information
  • Financial details

A university could collect other types of personal data for students, staff, donors, alumni, and companies as well as people connected to them.

Data Breaches Involving Universities

The Information Commissioner’s Office (ICO) defines a data breach as follows:

  • An incident that affects the availability, integrity, and confidentiality of personal data

A breach in data security could occur because of the following:

  • A breach in cybersecurity
  • Breaches in network security
  • Computer security breaches
  • Physical file breaches

Personal data breaches could result in the following:

  • Loss of personal data
  • It is stolen, made inaccessible
  • Unauthorised transmission
  • Disclosed without permission
  • Accessed without authorisation
  • Destroyed, corrupted, altered

How Your Personal Data Could be Compromised in a Beach

Your personal information could be compromised due to a university staff member making a mistake. The incident might happen due to an act of negligence, or even a malicious event. A breach could also happen because the following occurs:

  • Personal data is sent to the wrong person
  • A virus
  • Hackers
  • Malware, spyware, phishing, or ransomware
  • Distributed Denial of Service (DDoS)
  • Theft of devices/computers
  • Unlocked filing cabinets
  • Failure to have robust cybersecurity

If your personal data is compromised, the effects can be long lasting. As such, you could seek compensation. Legal Expert can help you by providing free legal advice on whether you have grounds to sue. We can also offer advice on why data breach claims against the University of Surrey could be justified.

To discuss your case with a member of our team, please call an adviser on the number at the top of the page. We offer all claimants a no-obligation, initial consultation that is free of charge.

Does The GDPR Apply To A University?

The General Data Protection Regulation (GDPR) came into effect in 2018 and is an EU law that was ratified into UK law by the Data Protection Act 2018 (DPA 2018). The legislation provides data subjects with more control over how their personal information is collected, processed, and stored.

All businesses that collect data must abide by the law and are known as ‘data controllers’. The ‘data subject’ is the person whose personal information is collected, processed, and stored.

Under the General Data Protection Regulation, there are 7 key principles that all data controllers and processors must follow. These are:

  • Personal data collected, processed, and stored should be limited to what is necessary
  • Personal data must not be used for other purposes
  • Data collectors have to abide by the law, be fair, and transparent
  • All personal data must be protected and secure
  • The minimum amount of personal data should be collected
  • Personal information has to be accurate and up to date
  • Data controllers have accountability

If the University of Surrey does not keep your personal information secure and you suffer damage to your finances or mental health, you could seek compensation if it can be proven the breach was the fault of the organisation.

Please speak to a member of the Legal Expert team to find out if you have grounds to sue. An adviser will provide free legal advice on how best to pursue a claim against the university if your case is valid.

How Have Universities Been Affected By Breaches In Data Protection?

The Information Commissioner’s Office (ICO) has the power to begin an investigation following a GDPR breach and can issue a hefty fine for non-compliance, though these are often researved for the more serious offences. It is worth noting that the GDPR can issue fines of up to £17.5 million or 4% of the global turnover of an organisation whichever is the greater.

Some Examples of Data Breaches Involving UK Universities

Universities in the UK have been targeted by cybercriminals mainly due to the fact they hold sensitive information. Incidents of university data breaches are more common than many people realise.

Some examples of these breaches include:

The University of Greenwich Data Breach

The University of Greenwich data breach involved a £120, 000 fine being levied against them by the Information Commissioner’s Office (ICO). The university was found to be in breach of the Data Protection Act 1998—before the new legislation came into law.

The fine was issued because a microsite, that contained the data of thousands of people, was not closed down securely. Cybercriminals took advantage of the system’s vulnerabilities which allowed them to access the private data. Around 19,500 people were affected, with 3,500 particularly sensitive records unlawfully accessed by the cybercriminal

The Blackbaud Data Breach

The Blackbaud ransomware attack happened in 2020 when the database cloud service provider fell victim to cybercriminals. The company paid an unknown ransom amount and were confident that stolen data was destroyed

The Blackbaud breach affected a number of UK universities which included the following:

Source: https://www.bbc.co.uk/news/technology-53528329

University Data Breaches – Accidental Incidents

Data breaches can happen accidentally and not because of a cyber-attack. One example being as follows:

  • The University of East Anglia was the subject of an accidental data breach in 2017. The incident happened when a member of the university’s staff sent a spreadsheet by mistake to approximately 300 wrong recipients. Insurers had to pay out over £140,000 in compensation payouts because of the accidental breach

Source: https://www.bbc.co.uk/news/uk-england-norfolk-51284352

Rates Of Breaches In Data Protection At Universities

Redscan, a cybersecurity firm conducted research into education data breaches and produced  a report which found the following:

  • Over half of the UK universities that responded to a Freedom of Information request Redscan sent out said they had contacted the Information Commissioner’s Office (ICO) to report a data breachin the preceding 12 months.
  • The report concluded that every university that responded to the request had sent 2 data breach reports to the ICO over a 12 month period
  • Investment in training and data security awareness was found to be quite limited.

Were you the victim of a data breach? Did the university fail to protect your personal information which led to it being compromised? If so, Legal Expert can help by assessing whether you have grounds to sue for compensation in a no-obligation, free, initial consultation.

Source: https://www.redscan.com/news/state-of-cybersecurity-uk-universities-foi-report/

Cybercrime Attacks Against Universities

Many universities in the UK carry out essential research and therefore hold sensitive data. As such, having robust cybersecurity is essential to prevent data breaches from occurring.

That said, breaches do happen and if your personal data is compromised, you could sue for compensation if you suffer damage to your finances or mental health, such as suffering stress.

Cybercrimes against universities are more prolific than many people imagine. Criminal acts involving cybercrime against a university can include:

  • Incidents involving phishing attacks are the most common and most dangerous threats to a university’s cybersecurity
  • Attacks involving ransomware, malware, and spyware
  • Information theft
  • DDoS attacks – Distributed Denial of Service

Was your personal data compromised in a criminal act? If so, please get in touch with a member of the Legal Expert team today and benefit from free legal advice.

How You Could Be Compensated If Your Data Privacy Is Compromised

Many claimants wonder what compensation payout could be awarded in a successful data breach claim. Thanks to a precedent set in the Court of Appeal, you can now claim for financial harm and psychiatric harm when you are the victim of a data breach.

The Data Protection Act 2018 and the General Data Protection Regulation allows you to seek compensation for two forms of damage—material and non-material.

Material Damages

Material damages are awarded as a way of reimbursing any expenses and financial losses you incurred due to a data breach, such as through identity theft, stolen money or harm to your credit rating.

Non-material Damages

You would receive non-material damages to compensate you for the psychiatric harm caused by the incident, such as depression, anxiety, stress or post-traumatic stress disorder.

You may not be aware of the full impact of the incident straight away. You could have to deal with identity theft, and the problem could be a long-term issue or even permanent.

If you would like to benefit from free legal advice, please get in touch with a member of our team on the freephone number at the top of the page.

Surrey University Data Breach Compensation Settlements

When calculating the value of a data breach claim, there are many aspects to consider. Firstly, you must provide proof of financial harm/losses, and secondly, you have to show evidence of mental harm.

A medical examination carried out by an independent doctor can be carried out to establish any mental damage caused by the breach. Your solicitor would review the evidence and together with compensation payouts recommended by the Judicial College Guidelines, would then place a value on a claim.

We have included a table that offers information on the amount of compensation awarded for specific harm/injuries caused by a data breach.

Edit
Type of psychiatric harm/injury Severity Estimated General Damage Awards Judicial College Guidelines (JCG) Details
Psychiatric/psychological harm/injury suffered as a result of a data breach Severe £51,460 to £108,620 Prognosis is poor with claimants suffering symptoms which could be permanent. Vulnerability, anxiety and anguish are some of the symptoms which prevent victims of a data breach from working or living a normal life
Psychiatric/psychological harm/injury suffered as a result of a data breach Moderately Severe £17,900 to £51,460 Claimants experience similar symptoms as above but the prognosis is more positive
Psychiatric/psychological harm/injury suffered as a result of a data breach Moderate £5,500 to £17,900 Claimants suffer the same symptoms as those detailed above. However, the prognosis is more positive with improvements occurring as time goes by
Psychiatric/psychological harm/injury suffered as a result of a data breach Less Severe Up to £5,500 Mild symptoms of anxiety, stress or depression which resolve in full within a short period of time.
PTSD – Post-Traumatic Stress Disorder suffered as a result of a data breach Severe £56,180 to £94,470 Claimant’s ability to work is seriously impacted and the chance of leading a normal life as they did prior to being the victim of
of a data breach is slim

Please speak to a member of the Legal Expert team for a more accurate estimate on how much your own data breach claim could be worth.

Finding A Solicitor To Handle Your Data Breach Claim

Having a specialist data breach solicitor act on your behalf can help secure a successful outcome. That said, the Information Commissioner’s Office (ICO) recommends that you first try to resolve the issue with the university first.

You should report your concerns to a data protection officer at the organisation. If you do not receive a satisfactory response, you can then contact the ICO yourself asking them to investigate the incident.

It is important that you contact the ICO as soon as you are able to if you do not get the response you wanted from the university. If you wait too long, the ICO may not want to start an investigation.

You do not have to report a data breach incident to the ICO if you want to take legal action. If after three months, you have not received a ‘meaningful’ response from the university, you can contact a specialist data breach solicitor. This is where Legal Expert can be of assistance.

The Benefits of Having a Data Breach Solicitor Act on Your Behalf

Data breach claims can be complex and there are many legal pitfalls to avoid. This is where an experienced data breach lawyer can be of assistance. The benefits of seeking legal representation are numerous and include the following:

  • A solicitor would gather the evidence required to build a case
  • Working with a solicitor familiar with the legal processes and jargon can help massively
  • Knowing a solicitor will work hard to get you the maximum compensation payout

To find out how Legal Expert can help you make a data breach claim against a university, please get in touch with an adviser today.

No Win No Fee Data Breach Claims Against The University Of Surrey

You may be worried about the cost of legal representation which is why our solicitors offer claimants with grounds to sue for compensation No Win No Fee terms.

When you sign a No Win No Fee agreement, a solicitor can immediately start work on your claim, and you do not have to pay an upfront fee. You don’t pay any ongoing fees either.

You pay the No Win No Fee solicitor a ‘success fee’ when you win your case. The amount is a small percentage of the money awarded in successful data breach claims.

If you lose your claim, a No Win No Fee solicitor will not take a ‘success fee’ and there are no other legal costs to pay either. In short, a No Win No Fee agreement allows claimants to pursue data breach claims against the University of Surrey without financial risk.

To find out if a solicitor from the Legal Expert panel can act on your behalf on a No Win No Fee basis, please call the number shown below.

Talk To An Expert

You can reach out to Legal Expert to discuss a data breach claim against the University of Surrey in a number of ways. A member of our team is available to take your call or to discuss your case today.

  • Call our freephone number – 0800 073 8804
  • Complete our online contact form by clicking here
  • Email us at – info@legalexpert.co.uk
  • Use our Live Chat

Data Protection Claim Resources

Before we leave you, we wanted to provide you with some further reading which you may find insightful.

The Legal Expert guide to psychological harm compensation:

Claiming Compensation For Psychological Injury Claims

Guide to loss of data compensation:

Lost Data Compensation Guide

How to claim data breach compensation if you are an employee:

Employer Data Breach Compensation Claims Guide

Advice on VPN data Transfer protection:

Encryption and Data Transfer Protection Advice

An ICO guide to Data Protection:

Guide To Data Protection

How to report a data breach to the ICO:

Report A Breach

Other Useful Guides

Thanks for reading our guide to data breach claims against the University of Surrey.

Guide by Wood

Edited by Billing