Falmouth University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Falmouth University Data Breach
If you have been affected by a data breach by a university, you may be eligible to claim compensation for the harm that was caused. Under the General Data Protection Regulation (GDPR), businesses and organisations such as universities are responsible for the personal data they collect and use from students, staff and others. In this guide to data breach compensation claims against Falmouth University, we hope to supply some information you may be looking for. This guide shall look at how a data breach may occur, as well as, what harm an individual could suffer. In addition, we shall also look at the claiming process and then what could be claimed.
If you wish to make a data breach claim, Legal Expert can provide you with a skilled solicitor to handle your case. We offer all of our potential clients a free consultation. Call us today to speak to an advisor about your case. If we can see that you have a claim with a good chance of success, a knowledgeable solicitor will start working on your claim as soon as possible.
To speak to one of our advisors, call 0800 073 8804. They offer free legal advice with no obligation for you to continue using our services.
Select A Section
- A Guide To Data Breach Claims Against Falmouth University
- What Is A Data Breach At A University?
- The GDPR And Educational Institutions
- Which Universities Have Sustained Breaches In Data Protection?
- Rates Of Breaches In Data Protection Affecting Universities
- Cybercrimes Affecting Universities
- How Those Affected By A Breach In Data May Be Compensated
- Compensation Calculator And Data Breach Claims Against Falmouth University
- How Could A Data Breach Expert Help You?
- No Win No Fee Data Breach Claims Against Falmouth University
- Start Your Claim
- Additional Resources
Universities and other organisations must abide by the General Data Protection Regulation (GDPR) 2018. This is a law that was established by the European Union in 2018.
The GDPR states the following:
- Organisations such as universities have a duty of care towards the public and key stakeholders, such as students and staff members, to protect their personal data.
- They should have robust internal processes and security systems in place to protect the data that they hold.
- They must request permission from individuals to use their personal data. (Not in certain circumstances though.)
- If a data breach occurs and causes harm, those affected have the right to claim compensation from the organisation responsible.
In the United Kingdom, the Data Protection Act 2018 enacts this EU directive into law.
Universities should store data securely, but in the rare event that a data breach occurs, you may be entitled to claim compensation from the organisation. Data breaches can happen due to negligence on the part of the university. For example, a member of staff may violate the university’s data breach policy or hackers may steal your personal data after a cyber attack.
Time Limits for Data Breach Claims
How long will you have to make a claim for a university data breach in the UK? There is normally a 6-year data breach claims time limit. If you were involved in a university data breach in which your human rights were violated, your data breach compensation claim time limit would just be one year. We recommend that you call Legal Expert as soon as possible to begin your compensation claim. Avoid falling outside of the time allowed for making a compensation claim.
So, to begin your claim, call Legal Expert today for your free claim assessment. Alternatively, feel free to write to us about your case using our online claims form.
Potentially a data breach by Falmouth University could be caused by different scenarios. The Information Commissioner’s Office (ICO) defines a data breach as a security issue that had lead to the accidental or unlawful:
- Destruction of personal data
- Loss of personal data.
- Unauthorised disclosure
- Altered personal data
- Access to personal data by unauthorised beings.
This can happen accidentally. For example, a staff error can occur if a university receptionist leaves a document on a reception desk so it is visible to visitors. It can also happen because of criminal activity such as cyber-attacks.
How Could A Data Breach Occur?
If a data breach at Falmouth University occurs, it may affect students, members of staff, alumni and other people who are associated with the institution. A data breach may result in financial loss if data theft occurs and cybercriminals obtain access to online banking information. The data breach can also cause emotional distress.
Here are examples of types of data that the ICO would deem ‘personal information:
- Phone number
- Home address
- Email address
- Online activity
- Banking details
As we have explained, organisations that manage your personal data owe you a duty of care. If a data breach harms you, you may have the right to claim compensation from the organisation responsible.
Sadly, UK universities were recently involved in a ransom attack whereby there was a breach of data. Cybercriminals attacked Blackbaud, a company that provides database services to universities. They stole data that contained personal information. The company paid a ransom for the attackers to destroy the data that they had compromised.
Source URL: https://https://www.bbc.com/news/technology-54370568
We have already explained in brief what the purpose of the General Data Protection Regulation is, which is enacted into UK law by the Data Protection Act 2018. To reiterate, the main purpose of the GDPR is to ensure that businesses and organisations protect the data they hold on people.
Here are some key terms that illustrate the requirements that the General Data Protection Regulation bestows on organisations that collect and store personal data.
- The data controller: This is a person, agency, public authority or other body that decides how and why the personal data of individuals is collected and used.
- The data subject: This is the person whose personal data the data controller uses.
- A data processor: A company that collects, processes and stores data on behalf of the data controller.
The GDPR bestows rules upon organisations to ensure that they fulfil the above roles to adequate standards:
- A data controller must act in accordance with all regulations and laws surrounding the collection and use of personal data.
- The organisation must keep all information they collect and store up to date.
- The controller must inform the data subject of what purposes they’re using their data and how they’re using it.
If you have any questions relating to this guide on data breach claims against Falmouth University, call our advisors.
If a business or organisation violates data protection laws, the Information Commissioner’s Office (ICO) has the power to issue financial penalties to that organisation. This has affected universities in the past.
For example, in 2018, the ICO fined Greenwich University £120,000 for a data breach. The university failed to protect the personal data of 19,500 students. In 2016, attackers were able to access areas of the university’s web server after exploiting a microsite that a student made in 2004. They then took this personal information and posted it online.
The Blackbaud data breach happened in 2020 and affected multiple universities. Blackbaud is a cloud computing provider. It holds personal data for universities. After it was hacked, it paid the cybercriminals to destroy the personal data, which they did.
The following universities were just some of those that the Blackbaud data breach affected:
- University of Exeter
- University of Leeds
- Oxford Brookes University
- University of Reading
- University of York
- Loughborough University
- University College, Oxford
- University of London
Source URL: https://www.bbc.co.uk/news/technology-53516413
Redscan published a study in July 2020 entitled The State of Cyber Security Across UK Universities. The report explained that 54% of UK universities reported a data breach to the Information Commissioner’s Office in 2019. 45% of these institutions reported more than one breach. Redscan obtained this information following Freedom of Information requests where 86 universities responded
The report recommended that the universities prioritise cybersecurity. It noted that, with staff working remotely due to the Covid-19 pandemic, they were more vulnerable than ever to phishing attacks. Phishing is a cyber-attack where criminals attempt to steal personal information using scam emails. The study revealed that 46% of university staff have not received awareness training and on average universities spend just £7,529 a year on staff training.
As we have explained, universities that handle your personal data have a duty of care to protect it, so that others do not have access to it. A data breach can occur because of a cyberattack, or it can occur because of simple human error or employee negligence. We will now look at ways a data breach by Falmouth University could potentially occur.
Staff errors can occur when engaging in data handling:
- A member of university staff can send a letter to the wrong person or wrong address, leading to them accidentally sharing the intended recipient’s private information.
- A staff member could send an email to the wrong recipient, sharing confidential information about a student, staff member or another university stakeholder.
- People who should not have access to a room may be able to enter an office where documents are visible, or a computer is open with confidential information on display. This would be unauthorised access.
What Different Cyber Attacks Could Occur?
Of course, you can also suffer a university data breach in the UK due to criminal activities. These can include the following:
- Physical theft: For example, if someone steals a folder with important records from a university office, criminals could use that data for identity or financial theft.
- Malicious intent: For example, a person intending to cause harm and working within the organisation deliberately reveals someone else’s personal data to the public, another person or group.
- A security incident where a criminal hacker steals data: The hacks may come in the form of malware (malicious software to gain access to a network), ransomware (whereby a virus attacks a computer or threatens to block access to data, as well as, exposes data unless the ransom is paid), or phishing where people are directed to a false site.
Falmouth University should have a university data breach policy in place. In addition, the policy should include plans and action points for risk management. If a person has their personal data compromised due to negligence, they may be eligible to make a data breach compensation claim for the harm they have suffered.
If you make a data breach claim against a university, how will your compensation claim be calculated?
In data breach cases, compensation can be paid out in two categories (or either):
- Material damages: If you have been harmed financially, you can claim compensation for material damages. Examples of financial harm as a result of a data breach can include theft from your bank account, a criminal taking out credit in your name or identity fraud. However, not all claimants will have been affected this way.
- Non-material damages: These are paid out to compensate the claimant for any psychological or emotional harm the data breach caused them. Therefore, non-material damages that you could claim can include emotional distress and psychological harm such as anxiety or depression the data breach caused.
The emotional and psychological effects of experiencing a data breach should not be underestimated. To some, experiencing a data breach is the 21st century equivalent of being burgled. For some, suffering from a traumatic experience can result in Post-Traumatic Stress Disorder (PTSD). The impact of emotional trauma, stress, depression and anxiety can have a negative impact on people’s friendships, relationships, career and academic performance.
If you believe that you could be entitled to compensation, call Legal Expert today for a free consultation. We will be happy to estimate how much compensation you could claim. And if we believe your claim will be successful, then we can provide you with a knowledgeable solicitor to handle your case. Don’t hesitate to contact us for anything else you would like to know after reading this guide to data breach claims against Falmouth University.
In this section, we are going to look at the amount of compensation that could be awarded for any psychological suffering caused.
The case Vidal-Hall and others vs Google  provides us with a helpful model for how people who have suffered due to a data breach can be compensated for psychological and emotional harm. The case allowed, claimants to seek compensation for psychological harm, even if the data breach didn’t cause them financial damage.
Since that case, data breach claims for psychological trauma can be valued according to personal injury guidelines. We have provided you with a table that contains parameters the Judicial College Guidelines outline for how much compensation could be paid for psychological harm. (The JCG is a publication solicitors may use when valuing injuries.)
Type Of Psychological Injury Severity Notes On This Injury Compensation Guidelines
Psychiatric Injury Severe Significantly impacts the claimants ability to cope effectively with work, education, life, and relationships. £51,460 to £108,620
Psychiatric Injury Moderately severe Whilst the claimant may have been effected in a similar way to those in the above category, there is a better future prognosis. £17,900 to £51,460
Psychiatric Injury Less Severe Assessments are carried out to look at the impact on the claimants ability to sleep and to cope with day to day activities. Settlements are based on the severity of the injury and how long the person has suffered. Up to £5,500
Post-Traumatic Stress Disorder (PTSD) Severe The persons life could have been affected in many ways and they could not live in the same way as they did before the injury £56,180 to £94,470
Post-Traumatic Stress Disorder (PTSD) Moderately Severe Whilst the effects would continue for the foreseeable future, the prognosis and outlook are better than the category above. £21,730 to £56,180
Post-Traumatic Stress Disorder (PTSD) Moderate The claimant will have recovered but there could be minor persistent symptoms. £7,680 to £21,730
Post-Traumatic Stress Disorder (PTSD) Less Severe A full recovery should be made in around a year or two. Up to £7,680
As we have already explained, you may also be able to claim compensation for any financial losses that have occurred as a result of the data breach. How much you could claim for this could be calculated by looking at how much money has been lost. Additionally, you could also consider any other expenses you incurred as a result of the data breach.
If you wish to make a data breach claim against a university, the first step you should take is to make a formal complaint to the university administration. Then we recommend that you decide whether you’d like a solicitor to handle your claim for university data breach compensation. These sorts of claims can be settled out of court. We recommend using a solicitor to handle your claim. This is because they can accurately value what your claim is worth and negotiate with the defendant. They’ll try to make sure that you won’t retrieve less compensation than you deserve.
In this part of our guide to data breach claims against Falmouth University, we consider how you could fund a solicitor.
If you have had your personal data compromised because of a university data breach in the UK, Legal Expert could help you claim compensation for the damage that was done. Legal Expert’s solicitors can handle your case on a No Win No Fee basis. This means that, instead of paying your solicitor’s fees before they start working on your claim, you will only have to pay a success fee if your solicitor wins your claim.
What advantages are there to making a No Win No Fee claim?
- It is a more affordable option when using a solicitor as you won’t have to pay an upfront fee. And, you only have to pay their fee if you win your claim.
- There is less financial risk involved, as you won’t have to pay a solicitors fee or success fee if your claim is not successful.
You can learn more about what No Win No Fee claims involve by reading our online guide.
We hope you have found this guide helpful. To begin your compensation claim, contact Legal Expert today.
- Call Legal Expert today. Dial 0800 073 8804.
- Use our online compensation claims form to contact us in writing.
- Use the chat widget in the bottom right corner of your browser to chat with an advisor.
Thank you for reading this guide to data breach claims against Falmouth University. You may find these resources helpful if you wish to claim compensation for a breach of data.
Written by Chelache
Edited by Victorine