This article is about potential data breach claims against the University of the Highlands and Islands, but the information we will present could relate to any other university as well. We will look at what could cause a personal data breach, the harm that might be caused and when you might be compensated for the harm.
To help them function properly, universities need to keep a large amount of personal information about their staff and students. That’s all well and good if the data is stored securely, but it can create a lot of harm if it gets into criminal hands.
Data protection laws have existed for decades now but they have been tightened relatively recently by the General Data Protection Regulation (GDPR) along with the Data Protection Act 2018. These new laws have given individuals (data subjects) more control over how their personal information is used by organisations (data controllers).
In addition, data controllers need to take steps to try and ensure the security of any personal data they store. Failure to do so might mean they are investigated and fined by the Information Commissioner’s Office (ICO). On top of that, when a data security breach causes you mental or financial suffering, you could seek data breach compensation too.
Legal Expert provides free legal advice on data breach claims. Also, our specialists can assess your case on a no-obligation basis. If your case appears viable, you may be connected with a specialist No Win No Fee solicitor from our team.
Why not call our advice line on 0800 073 8804 today for a free review of your case? Alternatively, you can find out more about university data breaches within the rest of this guide.
Select A Section
- A Guide To Data Breach Claims Against The University Of The Highlands And Islands
- What Is A Data Protection Breach Claim Against The University Of The Highlands And Islands?
- GDPR Compliance For Universities
- Case Study: Email Data Breach By The University Of The Highlands And Islands
- Rates Of Breaches In Data Protection And Security By Universities
- Reducing The Chances Of Criminal Attack Data Breaches
- Types Of Compensation Awarded For Data Breaches
- The University Of The Highlands And Islands Data Protection Breach Compensation Calculator
- How To Choose A Data Protection Lawyer
- No Win No Fee Data Breach Claims Against The University Of The Highlands And Islands
- Contact Legal Expert
- Data Protection Breach Resources
A Guide To Data Breach Claims Against The University Of The Highlands And Islands
When you make appointments, shop online, register for websites or sign up for a university course, you’ll notice that application forms are thorough. That’s because there should be statements explaining how your personal information will be used. There may also be tick boxes or pop-up boxes asking you to confirm that you’re happy to continue.
That’s due to the fact that, since the GDPR was implemented, data controllers need to tell you:
- The reason your data will be used.
- How it will be stored.
- Whether it will be shared with anybody else.
Also, and very importantly, they should get your express permission to do so. (However, they don’t always need your consent to process your data.)
After they have obtained your data sharing preferences, they should make sure that they don’t use your data for any other purposes than those you have permitted.
Finally, any information that is held that could identify you must be stored securely. If data breaches occur, the ICO might issue a fine to the data controller. And you might want to start legal proceedings against them if you’ve endured financial loss or mental harm.
Data Breach Claims Time Limits
As with all compensation claims, time limits apply. In the case of general data breaches, you have 6 years to begin from the date you obtained knowledge of the data breach. Claims for human rights breaches are limited to a single year so you should take this into account if you’re considering a claim.
In our experience, starting a claim early could make it easier for you to remember how you were affected. Similarly, your solicitor might have more luck tracking down substantiating evidence to support your case.
When you have completed this guide, please feel free to contact our advisors if you have any questions. Remember, if they believe your claim has good grounds, they could connect you with our solicitors. They could take your claim on using our No Win No Fee service.
What Is A Data Protection Breach Claim Against The University Of The Highlands And Islands?
When we explain that we’re looking at data breach claims against the University of the Highlands and Islands, it’s quite common for readers to think about cybersecurity issues like viruses, key loggers, ransomware and malware. However, physical documents holding personal information are also covered by the GDPR. That means data breaches could just as easily involve documents in filing cabinets.
Personal data breaches are defined as a security breach that allows your personal data to be accessed, destroyed, altered, lost or disclosed using methods that you have not approved or are unlawful.
If a personal data breach happens, the data controller is obliged to begin an investigation. They then need to work out if any data subjects’ rights and freedoms are at risk. If they are, they need to be told about what data was leaked, when it happened and how it took place without undue delay. The ICO also needs to be informed within 72 hours.
It’s quite important to point out that even though the ICO might have the power to investigate and fine an organisation that has broken data protection laws, they can’t award you data breach compensation. If a security breach has caused you mental or financial harm, you would have to seek compensation for yourself or with the help of a solicitor.
If you have evidence of a valid claim and have been mentally harmed or suffered financial loss because of a personal data breach, and you’d like to have your case reviewed for free, please call Legal Expert today.
GDPR Compliance For Universities
The GDPR document is a very long piece of legislation. However, it defines data security roles and responsibilities very well. For instance, here is a list of principles relating to data processing that must be adhered to:
- When processing personal information, the data subject must be told why.
- All forms of data processing must be clear, legal and fair.
- Data processors should only collect the information required to fulfil their objectives and no more.
- Personal information must not be retained for any longer than required.
- All personal information needs to be kept up to date.
- Personal data should be collected securely and confidentially.
- Data controllers and processors (those that process personal data on behalf of the controller) should take responsibility for what they do with personal data.
If a university, or any other organisation, fails to follow the principles listed, then you could seek a data breach compensation settlement for any financial or mental harm caused by a subsequent data breach. To find out more about your options, why not discuss your case with our team today?
Case Study: Email Data Breach By The University Of The Highlands And Islands
Now we are going to review a personal data breach that led to the University of the Highlands and Islands reporting a personal data breach to the ICO. The incident occurred when a member of staff at the university sent an email relating to evening classes. When the message was prepared, the member of staff didn’t put the 132 email addresses into the BCC field.
That meant that when the email was sent, each recipient could see the email addresses of all of the other recipients. Following the mistake, a recall was sent but this also identified all of the email addresses once again. As required by law, the university confirmed it would let the ICO know about the breach.
The university later emailed all recipients and asked them to delete the original and apologised for any inconvenience.
Source: https://www.pressandjournal.co.uk/fp/news/highlands/1576609/uhi-data-breach-affects-132-email-addresses-in-evening-classes-email/
Although you might not think this is a serious breach, some email addresses could be used to identify an individual directly or indirectly. This is one of the criteria listed in the GDPR document that means a breach has happened.
While more serious breaches do occur, all occurrences do need to be investigated to find out what mistake led to the breach and whether anybody affected could be at risk. If any of the data subjects’ rights and freedoms are at risk, the ICO must also be informed of the breach within 72 hours. The data subjects should also be informed without undue delay.
If you have evidence of a valid claim and would like our advice about what could justify potential data breach claims against the University of the Highlands and Islands, why not ask for a free assessment of your case today?
Rates Of Breaches In Data Protection And Security By Universities
It’s likely that many people don’t realise how often data breaches in universities occur. However, a recent study by a cybersecurity company has revealed a number of worrying statistics. Based on answers provided by 86 British universities, the study reported that:
- In the past year, over half of the universities (54%) had told the ICO about data breaches.
- Only 51% of universities offer data security training to students proactively.
- Just over a quarter (27%) admitted to never having conducted 3rd party penetration testing of their IT infrastructure.
- In the last 12 months, 46% of university staff had not been provided with any cybersecurity training.
- Finally, on average, universities only spend £7,529 on data awareness training for their staff per year.
Report Address: https://www.redscan.com
As well as personal information about university students and staff, it’s worth considering the fact that sensitive information might also be held for the purposes of research. In the next part of this article, we’ll provide details of steps that could help stop personal data breaches in the future.
Reducing The Chances Of Criminal Attack Data Breaches
So, as we have demonstrated in the previous sections of this article, data breaches against universities are real and not uncommon. While we aren’t experts in IT security, there are a few common actions data controllers could take to prevent future breaches, including:
- Encrypting disks on portable devices to prevent data from being accessed if stolen or lost.
- Training anybody who handles information on data security techniques.
- Checking and, if appropriate, amending data protection policies regularly.
- Only allowing devices that have the latest patches applied to use the IT infrastructure.
- Using 3rd party security firms to check for vulnerabilities in the university before criminals exploit them.
The cost of these measures might seem expensive, but they might help prevent staff and students from suffering harm due to a data breach in the future. Moreover, they could stop the university from being issued a heavy fine from the ICO.
Types Of Compensation Awarded For Data Breaches
Let’s now take a look at what you could seek data breach compensation for as part of your claim. Importantly, no two cases are the same so we will only be able to provide a personalised compensation estimate once your case has been assessed properly.
That said, in general, claims can be made up of two main parts: material damages and non-material damages. The first part is used to compensate you for financial losses. The next looks to cover any pain and suffering the data breach has caused you.
What’s important is that your current losses and injuries are considered as well as any potential harm that could result in the future. That’s because claims can only be made once. After you have agreed to settle a claim, you cannot ask for more compensation at a later date for something you hadn’t considered in your first claim.
Material Damages
Therefore, when claiming for financial losses, you’ll start with any money that you’ve already lost. You then may need to factor in any potential losses that could happen later on. For example, if cybercriminals have sold your information to others, there’s a risk that you’ll continue to suffer later on.
Non-Material Damages
Similarly, if you have already been diagnosed with psychiatric injuries like stress, anxiety or depression, your claim should take them into account. Also, an independent specialist might determine that some of that suffering might continue long-term or even be permanent. If these longer-term symptoms have an effect on whether you’re able to work, cope with life or manage relationships, they could also be claimed for.
For more information about valid data breach claims against the University of the Highlands and Islands, please call our advisors today. If you have evidence that your claim is valid and it is taken on, our solicitors could review it with you. They’d try and ensure all aspects of your mental and financial suffering are considered.
The University Of The Highlands And Islands Data Protection Breach Compensation Calculator
As we have shown why personal data breach claims might be made, we are now going to consider possible data breach compensation amounts. Awards for psychiatric injuries can be made at the same level as a personal injury claim.
That was decided when the Court of Appeal settled the case of Vidal-Hall and others v Google Inc [2015]. The Court also held that it is possible to claim for such injuries even if you have not suffered financially. Before this case, claimants couldn’t seek compensation for psychological harm unless they’d also suffered financially. Now, you could claim for both or either.
To help you see what amount of compensation might be paid, we have listed some figures in the table below. The data in the table comes from the Judicial College Guidelines – a publication used by legal professionals to help ascertain compensation levels.
Injury / Illness | Severity | Compensation Range | Detailed Notes |
---|---|---|---|
Psychiatric Damage | Severe | £51,460 – £108,620 | In this bracket, treatment will not help enough and the claimant will remain vulnerable. They will receive a very poor prognosis and have serious issues with working, coping with life and maintaining relationships |
Psychiatric Damage | Moderate | £5,500 to £17,900 | While similar symptoms to above may have occurred, this category is for claimants who have already seen marked improvements and have a good prognosis. |
Post-Traumatic Stress Disorder (PTSD) | Moderately Severe | £21,730 to £56,180 | The claimant will have significant symptoms of PTSD for the immediate future but, with professional help, things will improve. |
Post-Traumatic Stress Disorder (PTSD) | Less Severe | Up to £7,680 | PTSD cases in which most serious symptoms have been resolved in around 1 to 2 years. |
Medical Assessment
It’s important to note that compensation awards may differ in Scotland. The figures in the compensation table above are for illustrative purposes only.
It’s important that you can supply evidence that proves your mental suffering was caused or worsened by the data breach. It should also demonstrate your level of suffering. That means that, as part of the claims process, you should visit an independent medical specialist. They’ll have your symptoms assessed.
During your meeting, the specialist would discuss the effects of the data breach with you. They would also read your medical records too. Once the appointment comes to an end, they’d write a report containing their findings. This would be forwarded to your solicitor. Your solicitor would use this report to value your injuries and as evidence.
If you have evidence of a valid claim but can’t see your injuries in the compensation table above, give us a call. Our advisors offer free estimates.
How To Choose A Data Protection Lawyer
If you have enough valid evidence to start a claim against a university following a data breach, the first thing you might want to do is choose a solicitor to support you. Where do you start though? Rather than wasting time reading online reviews, asking friends to recommend a solicitor or searching the high street for a local law firm, why not simply call Legal Expert?
Our advisors offer free legal advice and you are able to ask as many questions as required. After a no-obligation consultation, you might be connected with our data breach solicitors if your case has strong grounds and you have evidence of a valid claim.
Our solicitors are there to provide regular updates. They can answer any questions and explain any complex legal terms which crop up throughout the case. On top of that, you can rest assured that our solicitors will always try to seek the highest amount of data breach compensation for you in your case.
No Win No Fee Data Breach Claims Against The University Of The Highlands And Islands
You may be concerned about the risks of losing money to solicitor fees if your university data breach claim doesn’t succeed. That’s perfectly natural and something that puts many people off claiming.
To ease that worry, though, we should tell you that all claims our solicitors take on are dealt with on a No Win No Fee basis. That means you’ll get access to an expert legal advisor, but the financial risk of funding them will be lowered.
Our solicitors will need to review your case before taking it on. If a solicitor can see that you have evidence of a valid claim and is willing to work on it, a Conditional Fee Agreement (CFA—the formal term for No Win No Fee) will be drawn up. The CFA will show you how your claim will be handled, and it will state that:
- You will not be asked for any upfront solicitor fees.
- No solicitor’s fees will be requested while your case proceeds.
- If your solicitor is unable to win your claim, you won’t have to cover their fees.
If there is a positive outcome to your case, a small portion of your data breach compensation will be kept to cover your solicitor’s work. This is called a success fee. The percentage you’d pay is legally capped. Additionally, it’d be clearly stated in the CFA so you’d know how much you’d pay before signing the agreement.
To check your eligibility to claim using our No Win No Fee service, please speak to an advisor today.
Contact Legal Expert
We’ve almost come to the end of this article about potential data breach claims against universities. If you have found this article helpful and would now like more advice, you can:
- Call our advisors on 0800 073 8804 for free legal advice.
- Speak to an online advisor through our live chat channel.
- Email an explanation of your case to info@legalexpert.co.uk.
- Begin an online claim so that we can call you back when it is convenient.
So that we don’t waste your time, our advisors will be completely open about the chances of winning your case. They will happily review your claim without any obligation and offer free advice about your next steps. If you have evidence of a valid claim and it appears that it is favourable, we could connect you with our solicitors. Please remember, if your case is accepted, it will be conducted on a No Win No Fee basis.
Data Protection Breach Resources
We have already provided lots of information about claiming. So, in this section, we’re going to leave you with some additional resources you might need to refer to during your claim. We’ve also added a few more of our guides. If you need any further information, please call our advisors and speak with a specialist.
ICO Enforcement – The latest fines issued by the Information Commissioner’s Office.
Clinical Depression – Details from the NHS on how depression can be diagnosed and treated.
Data Controller and Processors – ICO definitions of data controllers and processors.
GDPR Data Breach Compensation – More guidance on compensation for data breaches.
Stress Due To A Data Breach – Guidance on what you could do if you suffer from stress following a data breach.
Personal Data Lost – Find out what your rights are if your personal data is lost by an organisation.
Useful Compensation Guides
- University of Northampton Data Breach
- University of Portsmouth Data Breach
- University of Salford Data Breach
- University of Sheffield Data Breach
- University of Southampton Data Breach
- University of Suffolk Data Breach
- University of Surrey Data Breach
- University of Sussex Data Breach
- I Suffered Stress Due To A Data Breach, Am I Eligible To Claim Compensation?
- University of the West of England Data Breach
- University of Warwick Data Breach
- University of Westminster Data Breach
- University of Winchester Data Breach
- University of Wolverhampton Data Breach
- University of Worcester Data Breach
- Watford Community Housing Data Breach
- Whitbread Data Breach Compensation Claims
- Wiltshire Council Data Breach
- Wolverhampton Council Data Breach
- Wrexham County Borough Council Data Breach
- Lost and Stolen Devices Data Breach
- Virgin Media Data Breach Compensation Claims
Thank you for reading our article about potential data breach claims against the University of the Highlands and Islands.
Written By Hambridge
Edited by Victorine