Abertay University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Abertay University Data Breach
How To Make A Data Breach Claim Against Abertay University
If you work for a university, are a student at one, or if you’re part of its alumni, the chances are they will hold a lot of personal information about you on one system or another. If that’s the case, the university has a legal duty to keep your records safe and to implement procedures to stop it falling into the wrong hands. While this article is about claiming compensation for an Abertay University data breach, the guidance contained within it could easily be applied to other universities as well.
Since The Data Protection Act 2018 was introduced into law as well as the General Data Protection Regulation (or GDPR), companies and organisations—including educational establishments—have to ask for your permission to use any of your personal information. They have also had to adapt to new principles relating to how long they keep data, how it is processed and who it can be shared with. Failure to get things right could mean a financial penalty is issued by the Information Commissioner’s Office (ICO).
Also, you could claim data breach compensation for any harm, and that’s where Legal Expert can help. Our specially trained advisors can review your claim without obligation and offer free legal advice. If there is a chance your claim might be successful, you could be connected to one of our solicitors who handle all claims on a No Win No Fee basis.
To enquire about starting a claim today, why not contact our team on 0800 073 8804? If you would like additional information on data breach claims against Abertay University before you call us, please continue reading.
Select A Section
- A Guide To Abertay University Data Breach Compensation Claims
- What Is A Data Breach Claim Against Abertay University?
- What Does The GDPR Cover?
- Examples Of Data Breach Cases Affecting UK Universities
- Reported University Data Breach Statistics
- Data Breaches Caused By Criminal Attacks
- What A Victim Of A Data Breach May Be Compensated For
- Calculating Abertay University Data Breach Compensation Settlement
- How Do You Choose A Specialist Data Breach Solicitor?
- No Win No Fee Data Breach Claims Against Abertay University
- Talk To A Specialist Solicitor
- Related Services
A Guide To Abertay University Data Breach Compensation Claims
When you do just about anything these days, you have to tick a box or click a button to agree to something or other. That is usually the case because since the GDPR was introduced, organisations need your permission to process your personal information, share it with others or store it – which is a good thing. That means when you buy a product, visit a website, register for medical services or sign up for an educational course, you’ll be asked to confirm your data privacy preferences.
What’s really important is that the organisation who asks for your preferences stick to them and only use your information in ways that you have agreed to. For example, websites can no longer assume that because you’ve registered with them using your email address, they’re allowed to send you weekly newsletters – they need your explicit permission for that process first.
If your data is exposed by a data breach, the ICO could issue a large fine against the organisation responsible, and you could be entitled to start legal proceedings. If you are going to take that route, you’ll usually have 6-years to do so. However, please be aware that if the claim is in relation to a breach of your human rights, you’ll only have a single year to claim.
While you’ll usually have plenty of time to claim, we advise that it’s often best to start as early as you can. That way, you’ll find it easier to recall how you’ve been affected, and your solicitor will probably have a much easier job gathering any supporting evidence.
What Is A Data Breach Claim Against Abertay University?
It is very common to immediately think of hackers or cyber attackers when discussing data breach claims. However, the GDPR isn’t only concerned with computer systems. Companies also have to implement security procedures relating to physical documents, such as secure disposal policies and ensuring documentation is stored in locked cabinets.
Within the 88-page GDPR document, a personal data breach is said to have occurred when a security breach allows personally identifiable information to be altered, destroyed, lost, disclosed or accessed in ways that you have not previously authorised.
One example of a university data breach that you may have heard of is the Blackbaud hack. The company (Blackbaud) found out that its backup servers had been hacked which meant several universities and other organisations had to contact alumni members and donors to explain that their personal information had been accessed. We’ll review this case in more detail later on.
What Does The GDPR Cover?
While you might think that a complex document like the GDPR is going to be long-winded and difficult to understand, it does define some key roles and principles which make things easier. Some of the roles include:
- A data controller is a company who has responsibility for describing why personal data is required and devises the method of processing it.
- The data subject is the person that is going to have their personal information processed.
- A data processor can be hired by the data controller to gather and process the data subject’s information.
Some of the important principles the data controller needs to comply with include:
- Informing the data subject about why their information is required.
- Ensuring data processing is conducted fairly, legally and transparently.
- To only keep personal information for as long as it is needed.
- Keeping all personal information up to date.
- Making sure that data is securely stored and confidentially so.
- To only request a minimum amount of personal information to fulfil the requirements of processing.
The GDPR clarifies that personal information relates to any data that could help identify a data subject directly or indirectly. This might include information such as names, email addresses, home addresses, telephone numbers, ID numbers or information relating to gender, race, ethnicity or disabilities.
Examples Of Data Breach Cases Affecting UK Universities
We’re now going to look further into the Blackbaud hack which affected a number of UK organisations including some universities. Blackbaud provides software which some universities use to help them keep in touch with their alumni and supporters.
The company realised that its backup storage had been hacked when a ransomware demand was made. The company had to contact its clients and let them know what had happened so they could provide security advice to those affected.
It was initially reported that the personal information of individuals stored on the system had been accessed but not any financial information. However, at a later date, the company admitted that passwords and bank account information could also have been stolen in the cyber-attack.
The attack took place in May 2020 and the company faced criticism for divulging the breach to its customers straight away. While not recommended by law enforcement agencies around the world, Blackbaud paid a ransom to the criminals so that the stolen information would be destroyed.
Reported University Data Breach Statistics
An Internet security firm has used the Freedom of Information Act 2000 to gather information from universities relating to data breaches and the numbers reported in its study are quite alarming.
The findings suggested that 54% of universities in the UK had been the victim of a breach and had contacted the ICO in the 12-month period to August 2020. Most of the 86 establishments who responded admitted that they were not confident in their ability to stop data breaches.
One problem highlighted by the study was a lack of training. This was related to both staff and students. On average, the study found that the budget for staff security awareness training was just £7,529 a year. Also, 37% of universities said they provided students with data safety resources when asked and only 51% provide students with security training proactively.
While this means that there is a risk of staff or student personal data being leaked if a data breach did occur, many universities hold sensitive data relating to research as well.
Data Breaches Caused By Criminal Attacks
Cyberattacks against universities could happen for a number of reasons. For instance, criminals could attack a university’s IT infrastructure for the purpose of extorting money by installing ransomware. It could also happen when attackers strike for other reasons, such as one report where cybercriminals were trying to access university research on Coronavirus.
Whatever the reason, if personal data is extracted, the university will need to identify those at risk and explain the situation to them and the ICO.
There are some steps that could help reduce the risk of data breaches, though, including:
- Keeping software, hardware and firmware up to date.
- Securing areas where confidential information is stored i.e. locking server rooms and filing cabinets.
- Employing a penetration tester to try and fix flaws in IT security before they are exploited by criminals.
- Reviewing and updating data security policies regularly.
- Encrypting data devices like laptops and tablets so information isn’t accessible if they are lost or stolen.
What A Victim Of A Data Breach May Be Compensated For
The process of claiming compensation for the suffering that results from a data breach can be quite complex. Usually, the claim will look firstly at any money you’ve lost because of the breach (called material damages) and then any diagnosed psychological injuries that you have suffered.
Something that you should be aware of is that only one compensation claim is possible. That means, once you’ve signed to accept a settlement, you can’t go back and request further compensation later on. That means that solicitors need to look at any potential future harm that could result from the data breach and claim for that as well.
As an example, while you’re able to claim for psychological conditions like anxiety, Post-Traumatic Stress Disorder (PTSD), or depression that you’ve already suffered, medical reports could indicate how long your symptoms are likely to continue for. You could therefore add future suffering to your claim.
Similarly, there could be an additional impact on your finances in the future following the data breach. This might be the case if you’ve already suffered financially because an identity thief has used your personal information and that results in negative entries on your credit file. That could have an impact on your ability to obtain a mortgage or loan in the future.
All of these considerations are why we would always advise having specialist legal representation. If your claim is accepted by Legal Expert, you’ll have a solicitor who will thoroughly assess the whole impact of the data breach with you before lodging a compensation claim.
Why not call us today and let one of our data protection specialists review your claim? If the case is strong enough, they’ll refer you to a solicitor who’ll work on a No Win No Fee basis if they take the claim on.
Calculating Abertay University Data Breach Compensation Settlement
So, let’s now look at how much compensation might be awarded for the impact of a data breach. While we are unable to provide exact estimates until your claim has been assessed properly, we are able to show the table below which contains figures from the Judicial College (JC). Legal specialists use a list of injuries and settlement figures provided by the JC to help work out compensation amounts.
It’s important to note that you could claim for any diagnosed psychological injuries following a data breach even if you haven’t lost out financially. That right was set out by the Court of Appeal when assessing the case Vidal-Hall and others v Google Inc . The Court also ruled that payments for such psychological injuries should fall in line with personal injury law.
|Injury||Severity||Compensation Range||Additional Comments|
|Psychiatric Damage Generally||When working out psychiatric injury damages, the factors which are considered are: A) How well the claimant is able to cope (with work, education and life in general), B) Any impact on relationships, C) Whether treatment might help, D) The claimant's prognosis.|
|Psychiatric Damage Generally||Severe||£51,460 to £108,620||In this category, all factors will have been badly affected by the medically diagnosed psychiatric injuries, treatment will not help and the claimant will have a very poor medical prognosis.|
|Psychiatric Damage Generally||Moderately Severe||£17,900 to £51,460||In this category, the claimant will be suffering significantly with the factors listed above but their prognosis will be more optimistic.|
|Post Traumatic Stress Disorder (PTSD)||Severe||£56,180 to £94,470||The claimant will suffer permanent effects of PTSD symptoms (flashbacks, suicidal ideation, nightmares, avoidance etc) which prevent them functioning anywhere near pre-trauma levels and certainly unable to return to work.|
|Post Traumatic Stress Disorder (PTSD)||Less Severe||Up to £7,680||This category is used when there has been a virtually complete recovery (in a year or two) and any longer-term symptoms will be minor.|
What you will notice in the table is that the amounts of compensation vary based on how severe the injury is. That’s why you’ll need to supply medical evidence to show the extent of your suffering. To do this you’ll be asked to attend a local meeting for a medical assessment as part of the claims process. During the appointment, a specialist will refer to any medical records available to them and ask you several questions about how you’ve suffered.
How Do You Choose A Specialist Data Breach Solicitor?
You might now want to look for a suitable solicitor to help you claim university data breach compensation. If that is the case, where do you look? Some claimants seek recommendations from family or friends, some read solicitor reviews and others just take on a solicitor who is local. All of these options could help you, but you might find the process takes time and you won’t necessarily find a solicitor you’re happy with.
What you could do instead is call Legal Expert. We have a team of experienced data breach solicitors who could represent you and a team of advisors you can ask questions to before agreeing to work with us. Our team can check your case without any obligation and provide free advice on your options. If the claim is strong enough, you’ll get a solicitor who will be available during the claims process to answer any queries that arise. They’ll work tirelessly to try and achieve the maximum amount of compensation possible and keep you abreast of any progress as the case continues.
No Win No Fee Data Breach Claims Against Abertay University
You might worry that taking on a University’s legal team when making a data breach claim will be expensive and could leave you out of pocket. However, Legal Expert’s solicitors provide a No Win No Fee solution for claims they take on. That means your financial risks are lowered which should mean your claim is less stressful.
When you ask us to take your claim on, a solicitor will review it first to check if they think it can be won. Once they’ve done so, and if everybody is happy to continue, you’ll receive a contract called a Conditional Fee Agreement (or CFA). The document will set out the claims process for you and explain clearly that:
- No money needs to be paid for the case to start.
- Your solicitor won’t charge you any fees while the claim continues.
- In the situation where the case fails, you are not liable for any of your solicitor’s fees at all.
The CFA will also have a section on a “success fee”. This is a small percentage of any compensation you receive which will be retained by your solicitor to cover their time and costs when a claim is won. Success fees are legally capped, and your percentage will be shown in the CFA so there won’t be any surprises later on when the claim is finalised.
Talk To A Specialist Solicitor
We’re approaching the end of this article on Abertay University data breach claims. Hopefully, the information we’ve supplied means you’re now ready to begin your claim. If that’s true, and you would like Legal Expert’s support, you can contact us by:
- Calling for free claims advice on 0800 073 8804
- Asking an online team member for free advice in live chat.
- Sending us an email outlining what has happened to email@example.com.
- Requesting a call at a convenient time by registering your claim online.
In the final section of this article about making a compensation claim for an Abertay University data breach, we’ve provided some more additional information in the form of links to other useful resources which might help you. Additionally, you’ll find some more of our guides relating to other services we are able to provide.
Abertay University Policies – A list of the different data protection policies relating to staff, student and alumni personal information.
Having Data Deleted – Advice provided by the ICO which explains when you could ask an organisation to delete data records that it holds about you.
Mental Health & Wellbeing – A list of different NHS services which are available for those struggling with their mental health.
No Win No Fee Agreements – We’ve provided a more detailed guide about how No Win No Fee claims are funded in this guide.
Medical Negligence Cases – Advice on when to claim for any suffering caused by a negligent medical professional.
Claiming For Professional Negligence – Details on claiming for any suffering caused by negligent professional advice.
Guide by Hambridge
Edited by Billing