London South Bank University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For London South Bank University Data Breach
My Data Was Exposed In A Data Breach At London South Bank University, Could I Claim Compensation?
Have you been affected by a data breach by the London South Bank University? Perhaps you’ve been affected financially or suffered anxiety and stress because your personal data was breached due to negligence, human error or a malicious cyber attack? If so, you could be eligible to make a data breach claim against London South Bank University for the harm you’ve suffered.
This guide has been created to give you an understanding of how to go about proving a data breach compensation claim against a university that has exposed your data and caused you psychological or financial harm as a result.
Below, we explain in detail what laws are in place to protect your personal data, and how universities should ensure they take steps to prevent your data from being exposed, stolen or lost.
We also explain the definition of a data breach and explain how a London South Bank University data breach could affect you.
In addition to this, we explain how data breach compensation could be calculated, what it could include and how we could provide you with a solicitor to help you get started with your claim.
If you would like to ask us anything about the information contained in this guide or would like to enquire about making a data breach claim against London South Bank University, you can reach the Legal Expert helpline on 0800 073 8804 at any time.
Select A Section
- A Guide On Data Breach Claims Against London South Bank University
- What Is A Breach Of Data Protection By London South Bank University?
- University GDPR Compliance Policies
- Which Universities Have Been Impacted By Breaches In Data Protection?
- Statistics On Universities Affected By Breaches In Data Protection
- Cybersecurity And Criminal Breaches Of Data Protection
- What The Victim Of A Breach Of Data Protection Could Be Compensated For
- Calculating Compensation For A Data Breach By London South Bank University
- How Do I Choose A Solicitor For My Case?
- No Win No Fee Data Breach Claims Against London South Bank University
- How To Contact Us
- Where To Learn More About Data Breaches
Like other organisations that collect and process personal data, there are certain laws universities should abide by when it comes to ensuring the protection of that personal data. Legislation such as the Data Protection Act 2018 (DPA), which enshrines into UK law the General Data Protection Regulation (GDPR). This gives the likes of universities the legal responsibility to ensure personal data is protected. But what happens if there is a breach of that data?
Along with facing an investigation from the Information Commissioner’s Office (ICO) and potential fines, it could also lead to a university facing a claim for university data breach compensation.
The guidance below has been put together to help those looking to prove a data breach claim against London South Bank University. In the sections that follow, you’ll find out what personal data is, and what steps a university should take to comply with data protection laws to ensure the privacy and security of your data.
Before we answer the question ‘what is a data breach?’, we should first look at what constitutes personal data. The Information Commissioner’s Office cites personal data as being:
- Information that could be used to identify a person on its own
- Information that could be used in combination with other data to identify a person
Examples Of Personal Data
Personal data could include:
- A person’s name
- Their contact information
- Their location information
- Their date of birth
- A student ID number
- An IP address
- Bank details
Some information could be considered more sensitive than other information and should be protected with a higher level of security. Sensitive information could include:
- Sex life
- Ethnic origin
- Religious/philosophical beliefs
- Trade union memberships
- Health data
- Political opinions
- Sexual orientation
- Genetic data
- Biometric data (for identification)
Data Breaches Explained
A data breach claim against London South Bank University could be justified if personal data has been:
- Made unavailable
- Subject to unauthorised disclosure, access, alteration, storage, transmission or processing
It could be caused by human error, negligence or malicious attack and it could be caused by someone inside or outside of the organisation. Some examples of causes of data breaches could include:
- A hacking
- A loss or theft of equipment that contains personal data
- E-mails that are sent to the wrong recipients
- Negligence in maintaining network or computer security, such as not renewing anti-virus software
Whatever the reason you’ve suffered a breach of personal data, if it has harmed you in some way and you can evidence the breach, you could make a data breach claim against London South Bank University.
How Could A London South Bank University Data Protection Policy Breach Affect Me?
There are various ways in which you could be harmed by a data breach. These could include:
- A privacy violation – if you have suffered a data privacy breach relating to sensitive information, you may feel that your privacy has been violated,
- Identity theft – a cybercriminal could, if they had enough information about you, use it to steal your identity.
- Theft – a cybercriminal could potentially access your bank account and steal from you, using your personal information.
- Psychological harm – Exposed data could cause a person psychological harm. They may suffer anxiety or distress due to a data breach.
It is vital that organisations like London South Bank University takes university GDPR compliance seriously, as they have a legal responsibility to protect the personal data they hold on people.
If they fail to comply with the below requirements, they could risk investigations and fines from the Information Commissioner’s Office, as well as potentially being liable for a data breach claim.
- Processing of personal information must be lawful and fair
- Collection of personal information must be legitimate, specified, and explicit
- Personal data must be secured
- Personal information must be kept for only as long as it is needed for the specified purpose
- Personal data must be regularly updated to ensure accuracy
- Personal data processing must be relevant, not excessive, and adequate
Unfortunately, several UK universities have been affected by data breaches, including the examples below:
- The Blackbaud hack – In 2020 a database company called Blackbaud, which serviced several UK universities, was targeted in a ransomware attack. While the stolen data was thought to have been destroyed, many university students, staff and alumni’s personal information was breached. (Source: https://universitybusiness.co.uk/headlines/data-breach-at-eight-uk-universities)
- Greenwich University – The University of Greenwich was handed a £120,000 fine in 2018 by the ICO for a data breach affecting almost 20,000 people.
- East Anglia University – The University of East Anglia was affected by at least 2 data breaches in 2017. In the first, a member of staff’s personal details were sent to almost 300 people. In the second, the university had to pay £140,000 to students, when sensitive personal information was sent to nearly 300 people in error. (Source https://www.bbc.co.uk/news/uk-england-norfolk-41934027)
Unfortunately, it appears that at least in some cases, universities are not doing as much as they should when it comes to protecting data. In fact, in a report by IT Governance, it was revealed that over half of universities that responded to an FOI (Freedom of Information) request had reported breaches of data to the ICO in 2019 alone.
The report also revealed that the provision of security awareness training was not rolled out as standard to all staff and students. A staggering 54% of university staff and 12% of student were said to have not received security awareness training.
Further concerns raised in the report included the security of university systems. Internet service provider Jisc conducted tests on university systems in 2019 and were able to access over 50 such systems in fewer than 2 hours.
There are several reasons universities could be targeted by cybercriminals. Universities should take as much care as possible to protect not only personal data, but also research data from common types of cyber attack. This is especially since, in 2020, it was reported that the National Cyber Security Centre, or NCSC, believed coronavirus research material was targeted in cyber attacks, believed to be from Russian spies.
Some types of cybersecurity threats that could affect universities could include:
- Keystroke detectors – if a keystroke detector is on an authorised user’s system, a cyber criminal could use it to record login information, which they could then use to gain access.
- Phishing attacks – these are when e-mails are sent, purporting to be from legitimate sources, when in fact they lead users to fake sites set up to steal their information. These are said to be one of the most dangerous methods of attack, according to a report by Redscan. (Source: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf)
- Malware/virus attacks – These could be used to steal data, infect computers, making them unusable, or to take control of a computer to use it as a platform for further attacks.
- Theft of data – If sensitive data is hacked, it could be stolen, and then used by a cybercriminal, or sold on to someone else.
- DDoS attacks – These are attacks whereupon authorised users are blocked from accessing services they are authorised to use.
- Password attacks – If password guessing software is used by cybercriminals, they could guess the passwords of authorised users, allowing them to gain access.
These are just a few examples of risks that could threaten the computer security or network security of a university.
This is why it is vital for a university GDPR policy to include methods of protecting the data it controls. If you’ve been affected by a data breach relating to any of the risks above, or any other breach of university data protection policy, we’d be happy to assess your case to see if you could claim.
If you’re considering making a university data breach claim, you may be wondering about the different types of damages you could seek. Under data protection law, you could not only claim for material harm, but you could also claim for non-material harm.
What Does This Mean?
Material damages relate to the quantifiable financial cost of a data breach. They could relate to any fraudulent purchases made in your name, or money stolen from you, for example.
Non-material damages are more difficult to quantify. They relate to things like the loss of privacy you’ve suffered, as well as any psychological injuries caused by a breach of your data.
Claiming For Psychological Damage
You may be wondering what could lead to you being able to claim for psychological damage caused by a data breach. In fact, a case from 2015 set a legal precedent that could allow you to do so.
It was decided in the case of Vidal-Hall and others v Google Inc  – Court of Appeal, that compensation for psychological injuries could be considered even if no financial harm has resulted from the data breach.
If you’ve lost sleep or suffered distress, anxiety or depression due to a data breach, you could include these damages within a potential data breach claim against London South Bank University.
If you’ve suffered financial or psychological damage due to an ICO data protection breach by the South Bank University, your compensation payout would be calculated by taking into account the value of the damage suffered.
For financial, or material harm, this could mean assessing your bank statements, credit card bills. credit ratings and other financial documents.
However, when it comes to the psychological damage caused to you by a data breach, the evidence you could be asked to provide could be slightly less straightforward.
Psychological Damage Compensation
As part of a claim for psychological damage caused by a data breach by London South Bank University, you would need to gather medical evidence.
As part of the claim, you will need to have an appointment with an independent medical expert, who could review your medical notes and ask you about your injury. Based on the medical evidence available to them and their expert opinion, they would put together a report which could verify your injuries and give their professional opinion on your prognosis. This report could be used to come to an appropriate compensation payout.
Below, we have put together a psychological injury table, which contains values from the Judicial College Guidelines, a legal publication which could be used to hone in on a value for your claim. This could give you some insight into how much your claim could be worth.
|Psychological Injury Type||How Severe||Compensation Bracket (JCG)|
|General Psychological Injury||Cases that are severe||£51,460 to £108,620|
|PTSD||Cases that are severe||£56,180 to £94,470|
|PTSD||Cases that are moderately severe||£21,730 to £56,180|
|General Psychological Injury||Cases that are moderately severe||£17,900 to £51,460|
|PTSD||Cases that are moderate||£7,680 to £21,730|
|General Psychological Injury||Cases that are moderate||£5,500 to £17,900|
|PTSD||Cases that are less severe||Up to £7,680|
|General Psychological Injury||Cases that are less severe||Up to £5,500|
If you believe you’ve been the victim of a South Bank University data breach, you could write to the London South Bank University data controller with your concerns. If you’re not sure how to go about this, you might wish to search for the London South Bank University data protection policy; it could include contact details for the controller.
You could explain how you think your data has been breached and explain how it has affected you. If you’re not happy with the response you receive, you might wish to then escalate your compensation to the Information Commissioner’s Office, and ask them to look into the suspected breach for you.
Do I Need A Solicitor?
While you could potentially make a data breach claim against London South Bank University alone, many claimants prefer to reap the benefits of using a lawyer when making such claims. These benefits could include:
- Ensuring action is taken before the claim became time-barred (6 years for breaches of personal data, 1 year for a breach of your human rights)
- Ensuring your claim was put together professionally, and was as strong as it could be
- Utilising the lawyer’s professional negotiation skills to ensure that you claimed as much compensation as is possible for your claim
- Taking care of the legal paperwork, which could mean claiming became less stressful for you
Let Us Help You
If you’re searching for a lawyer to help you with a data protection breach claim, you might want to ask for recommendations from friends or family, or you could take a look online. But with so many law firms out there, how do you differentiate between them?
Here at Legal Expert, we are aware of just how many options you have when it comes to legal support for a data breach claim against London South Bank University, but we also know we could be a great option for you to choose. By working with Legal Expert on your claim, you could benefit from:
- A 24/7 freephone helpline
- Great customer support
- Years of knowledge and experience
- Free eligibility checks
- Legal Expert’s No Win No Fee lawyers
Many of our previous claimants have attested to the quality of our service too, as you can see from our reviews page. Whether you have questions about the claims process or your eligibility or would like to start a claim, why not get in touch and find out how great our services are? We’d be happy to help you.
If you’re considering making a data breach claim against London South Bank University and you would like a lawyer to help you, you may be pleased to learn that you would not be required to pay them upfront. If your lawyer works under No Win No Fee terms, which all Legal Expert lawyers do, you would only have to pay them once your compensation has been arranged.
To begin a claim under these terms, you’d need to sign a Conditional Fee Agreement (No Win No Fee agrement) with your lawyer, which they would send to you before starting your claim. This document sets out the small fee you’d pay them if your case successfully resulted in a payout. This amount is known as the success fee. It is legally capped and is usually calculated as a percentage of your total payout.
Upon receiving a signed agreement from you, the lawyer would begin working on your claim. Once a compensation payout had been arranged for you, the success fee would be deducted from the total amount, and you’d benefit from the rest.
If your case did not result in a compensation payout, you would not be asked to cover the solicitor’s costs or pay the success fee.
If you’re interested in starting a No Win No Fee claim for a university data breach in the UK, why not get in touch? If you’d like to learn more about claiming under these terms, you can read our No Win No Fee claims guide, which can be found here.
Getting help with a data breach claim against London South Bank University is easy when you contact Legal Expert. Our team are happy to help assess your eligibility to claim, or to answer questions about university GDPR compliance breaches that have caused you harm.
We’d also be happy to provide you with a No Win No Fee lawyer to help you with your claim. To contact us, simply:
- Call 0800 073 8804
- E-mail firstname.lastname@example.org
- Fill in the contact form
- Or you could use our Live Chat service.
How Long Might I Have To Claim? – Different limitation periods could apply to different types of compensation claims. Find out more about this here.
NHS – Mental Health Support– The NHS provides details of how to seek help with mental health issues.
Data Protection After Brexit – You can find out more about what’s changed with data protection due to Brexit here.
Psychological Effects Of A University Data Breach– If you’ve considering making a university data breach claim, this guide to data breach distress might be useful.
Breach Of Data By A Housing Association – If a housing association has breached your personal data, you may be able to claim under the Data Protection Act 2018. Find out more about how to do this by reading our handy guide.
ICO Actions– Here, you can read what actions the ICO has taken relating to data breaches.
Thank you for reading our guide to making a data breach claim against London South Bank University.
Guide by Jeffries
Edited by Billing