Keele University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim?
What Could Be Claimed For A Data Breach By Keele University?
You may be eligible to make a data breach claim against Keele University if you can prove the organisation violated your data protection rights and you’ve suffered financial damage or harm to your mental health as a result.
In the UK, organisations have a duty to protect the data they collect, process and store from the public. This includes private businesses and institutions such as schools and universities. This is codified in EU law under the General Data Protection Regulation (GDPR) and in UK law by the Data Protection Act 2018.
A data breach can occur because the university system was hacked, or because of an internal error that resulted in personal data being exposed to unauthorised people. If you can evidence that the breach occurred because of the failings of the university, we can help you claim the compensation you could be owed.
We offer a free consultation and assessment to all of our potential clients. Call Legal Expert today on 0800 073 8804 to get started, or use our online compensation claims form to reach us. If we can see that you have a valid claim we can provide you with a skilled data breach lawyer to represent you.
Select A Section
- A Guide To Data Breach Claims Against Keele University
- What Is A Data Breach By Keele University?
- Breaches Of The GDPR By Universities
- What Happens When University Data Is Breached?
- Rates Of Data Breaches By UK Universities
- Cybersecurity Criminal Attacks Against Universities
- What Is Your Right To Compensation For A Data Breach?
- Calculating Compensation For Data Breaches By Keele University
- How A Specialist Solicitor Could Help You Deal With A Personal Data Breach
- No Win No Fee Claims For Data Breaches By Keele University
- Make A Claim With An Expert
- Find Out More About Data Breaches
Public institutions such as universities have to comply with the General Data Protection Regulations (GDPR). The Data Protection Act 2018 (DPA) enacts the GDPR into UK law.
The GDPR requires organisations to abide by the following rules:
- Organisations are responsible for the data they collect, process and store. So for example, a university has a duty to protect the data it collects from students, staff, donors, alumni and other stakeholders.
- Data must only be collected and used by consent. The organisation must obtain permission from individuals to collect and use their data. They must explain what the data will be used for and must not use it for other purposes.
- An organisation such as a university must have adequate and up to date network security systems and data protection policies in place to protect the data that is being held.
Keele University will have data protection procedures in place, to protect your data. However, if a data breach does occur and you have been affected by it, you may be eligible to claim compensation for any psychological damage or financial losses you have endured.
How long do you have to claim compensation for a university data breach?
There is a time limit of 6 years to make a data breach claim against a university from the date that you gained knowledge that the breach occurred.
If you have been harmed by a data breach in which you suffered a human rights violation, you will have one year in which to make a data breach claim against the University of Keele.
Remember, if you have been harmed because of a data breach by Keele University, we can help assess your potential case’s validity. Call our helpline today to speak to an advisor, or contact us in writing to begin your claim.
A data breach is when an organisation that holds personal data, suffers a security breach. It can result in personal data becoming accessible to unauthorised persons, being stolen or lost, destroyed and/or altered. This can result in individuals suffering a privacy violation, potentially leading to such damage as their data being used by fraudsters to steal money from them.
Personal data which may be compromised includes the names and addresses of stakeholders, their bank details, their email addresses, information about online activity, and usernames and passwords to gain access to university systems or online accounts.
How can a data breach occur?
A Keele University data breach may occur because of an internal error or Keele University’s data protection policies not being followed properly. For example, if an email is sent to the wrong address by a Keele University employee this could lead to unauthorised sharing of information.
Similarly, if a loss of a device occurs (i.e. a work laptop), files containing confidential data could be accessed by unauthorised persons, especially if that laptop lacked any sort of security encryption.
Unfortunately, there are also incidents where a data breach occurs due to criminal activity. For example, a Keele University data protection breach may occur if hackers gain access to the university’s cybersecurity system to gain access to data for malicious purposes, for ransom or to commit fraud. We will look at types of cyber attacks and theft that can cause a data breach at a university later in this guide.
Unfortunately, there was recently an incident where eight universities in the UK experienced a data breach. In May 2020 there was a cyberattack on Blackbaud, a database services company that manages data on behalf of universities.
Unfortunately, hackers obtained unauthorised access to information they were processing and storing on behalf of their clients. Students, alumni and staff experienced a compromise of their personal data, which the criminals held to ransom. Blackbaud stated that they had paid a ransom to the hackers for the data to be destroyed. This destruction of personal information meant that it wouldn’t be revealed to the public.
Of the incident, Dr. Richard Messr, Chief Strategy Officer for the University of Reading commented that “It is important to note that no sensitive financial information was involved, such as bank account, credit card details, or passwords.” Despite this, the exposed data incident must have been distressing for those involved.
These 9 UK universities were affected by the Blackbaud university data breach incident:
- Loughborough University
- Newcastle University
- University of Leeds
- University of Reading
- University of York
- Oxford Brookes University
- University College, Oxford
- University of Exeter
- University of London
A data breach claim against the University of Keele could be warranted if they were found responsible for similar incidents such as those described above. Call Legal Expert today to find out more.
If we can see that you have a valid claim, we will provide you with a No Win No Fee solicitor to handle your compensation claim.
Source URL: https://universitybusiness.co.uk/headlines/data-breach-at-eight-uk-universities/
All organisations including schools and universities must follow the General Data Protection Regulation and the Data Protection Act 2018, the latter being introduced to enact into UK law the former.
The GDPR defines the following roles in the data collection process:
- An organisation that collects, processes and stores information is known as a data controller. The data controller is responsible for demonstrating how data belonging to individuals is collected, processed, stored and used by the organisation and must be accountable for these processes.
- The people whose data is collected by the organisation are referred to as the data subjects. The organisation must collect data from these individuals by consent and inform them of how their data will be used.
- If an organisation employs a company to process and store data on their behalf, they are known as the data processor. An example of such an organisation would be Blackbaud
The GDPR states that organisations must fulfil the following obligations with regards to their information governance:
- A data controller must collect, store and use personal data in accordance with all applicable regulations and laws.
- Organisations must keep the data that they have collected up to date.
- As we have mentioned, data must be collected in a consensual manner. When the data is collected, data controllers must explain how and why the data will be used and obtain permission from the data subject.
If Keele University has collected data from you they have a duty to safeguard it.
The Information Commissioner’s Office (ICO) has the ability to impose fines on universities and other organisations if a data breach occurs. An example of this that made the news is a data breach at the University of Greenwich, where the university exposed data belonging to some of their students.
The university published the personal data of 19,500 students on a microsite. It was reported that the privacy breach exposed a significant amount of sensitive data such as staff sickness records and details of people with learning difficulties.
The University of Greenwich was fined £120,000 by the ICO for this data breach. The harm caused by this incident serves as a warning about why it is so important for universities to have robust university data breach policies in place to protect stakeholders.
Cyber security services company Redscan published a survey in July 2020 entitled The State of Cyber Security Across UK Universities. The company conducted the survey by making a Freedom of Information request and 86 UK universities responded.
The findings of the report showed some worrying trends and that more investment may be needed to protect universities from cyber-attacks and unintended data breaches.
The key findings of the report were as follows:
- 54% of universities had reported to the ICO a data protection breach in the preceding 12 months.
- Of this 54%, 45% of the universities had experienced one or more university data breaches.
- 46% of university staff had not received any data breach awareness training.
- On average, universities spend £7,529 a year on data protection education for their employees.
The report noted that with the threat of coronavirus many university employees are working from home and are not as well supervised. This means that employees may be more vulnerable to scam emails and phishing emails and may require more support.
As we have already explained not all data breaches are caused by criminal activity or people with ill intent. Some data breaches are caused by human error. For example personal data being sent to the wrong parties, such as in the case of the University of East Anglia where details of health issues and bereavements was sent to around 300 people in error (Source: https://www.bbc.co.uk/news/uk-england-norfolk-51284352).
Unfortunately, a data breach at Keele University can also occur because of a cybersecurity breach, or cyber-attack caused by criminal activity to steal or expose the data. Here are some examples of how a data protection breach can occur by hacking:
- Malware is malicious software that gains access to a network.
- A computer worm is a type of malware that can cause damage without any human interaction, or without attaching itself to software. It spreads from computer to computer copying itself.
- A malicious bot is a type of malware that infects a host computer network and transmits information back to a central server. It may gather sensitive information such as passwords.
- A Trojan horse virus (also known as a Trojan virus) is malware that misleads internet users about its purpose. It disguises itself as legitimate software to gain access to computer systems.
- Spyware is a type of malware that gains access to a user’s computer without them knowing and tracks their internet usage, stealing passwords.
If you can show with evidence that you have been affected by a hacking or cyber-attack leading to a Keele Uni data breach, you may be eligible to claim compensation for any financial or mental damage done. Contact Legal Expert today to speak to us about your legal rights.
If you make a data breach claim against the University of Keele, you may be able to claim compensation for any psychological distress caused by the data breach. This is known as non-material damage.
The case of Vidal-Hall and others vs Google  provided a key development when it comes to data breach compensation. Before this case, a claimant had to have suffered financial damage in order to claim for any associated distress or anxiety. The Court of Appeal changed this position. Now, it’s possible to seek compensation for either mental damage or financial damage.
It was further recommended in the case that claims for psychological trauma can be valued using guidelines that are normally applied to personal injury claims. The table below contains information from the Judicial College, a document used by personal injury lawyers to value injuries.
If fraudsters used your personal data to steal from you, or you had other financial losses because of the data breach incident, you may be eligible to claim compensation. However, calculating such harm can be tricky, so it’s best to speak to us directly.
To give you an idea of how much compensation different psychological injuries can attract, we’ve compiled useful data from the guidelines of the Judicial College in the below table.
Form Of Injury To Be Claimed For And Severity Comments On This Injury Guidelines On Compensation
Psychiatric Injury - Severe The psychiatric injury will impact the persons ability to effectively cope with things such as life, work and education. £51,460 to £108,620
Psychiatric Injury - Moderate The person will be affected in a way similar to those above, however, they have a better prognosis. £17,900 to £51,460
Psychiatric Injury - Less Severe The settlement will be based on how severe the person's injury is, how much they are suffering and how much they can do things such as coping with everyday activities. Up to £5,500
Post-Traumatic Stress Disorder (PTSD) - Severe The claimant will have found their life and ability to cope with life effected in several ways. They may not live in the same way as they did before. £56,180 to £94,470
Post-Traumatic Stress Disorder (PTSD) - Moderately Severe The effects nay be similar to those above but the person has a better prognosis. £21,730 to £56,180
Post-Traumatic Stress Disorder (PTSD) - Moderate Whilst recovery has taken place, other symptoms may persist. £7,680 to £21,730
Post-Traumatic Stress Disorder (PTSD) - Less Severe The claimant should fully recover within a year. Up to £7,680
Please bear in mind that these figures are just guideline amounts. To learn what your specific injuries could attract, we’d need to learn more about your case. Get in touch with our team today to learn more.
If you have been affected by a Keele University data breach, or a data breach at any other UK university, you may be eligible to claim compensation if you can prove it was the fault of the organisation and you suffered damage to your finances or mental health as a result. If we can see you have a valid case, Legal Expert can provide you with a skilled data breach solicitor to act on your behalf.
What makes our expert solicitors a cut above the rest?
- Online solicitors reviews provided by our satisfied former clients give you an insight into our service.
- Our lawyers have decades of experience helping claimants like you
- You will have the option to have your case handled as a No Win No Fee claim.
- Your solicitor will value your claim accurately and will negotiate with the university to win you the maximum compensation that you deserve for your injuries.
We can handle your claim on a No Win No Fee basis. With a No Win No Fee claim you will not be charged a solicitors fee upfront or while the case progresses.
Instead, you will enter into a Conditional Fee Agreement (the formal name for a No Win No Fee agreement) with your solicitor, where you will agree to pay a success fee on the condition that your claim is successful. This means that if your claim is unsuccessful you will not have to pay any fees to your solicitor.
For many of our clients making a No Win No Fee data breach claim is the less stressful and more affordable option.
To learn if you have a valid claim for a Keele Uni data breach, contact Legal Expert today for your free consultation using one of the following methods:
- Dial 0800 073 8804 to speak to an advisor.
- Fill out our online compensation claims form to contact us.
- Use our chat widget below to speak to a claims professional.
We hope you have found this guide to making a data breach claim against Keele University helpful. If you wish to learn more about making a data breach claim, please consider reading these online guides:
Crown Prosecution Service Data Breach Compensation Claims Guide – learn more about your rights if the CPS has breached your data
HSBC Bank Data Breach Compensation Claims Guide – If HSBC bank has violated your data protection rights, this guide will tell you what you can do about it
NHS Data Breach Compensation Claims Guide – the NHS collects and processes vast amounts of data. If your information gets in the wrong hands, this guide can help.
Enforcement Action Taken by The ICO – learn more about the action taken by the ICO
Cyber Security Survey 2021 – see the latest statistics on data breaches published by the UK government
A Government Guide To Data Protection – this guide, produced by the UK government, gives more information on data breaches.
Guide by Chelache
Edited by Billing