Norwich University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Norwich University Data Breach
If you’ve attended Norwich University formerly, or you’re a current member of staff or student there, the university would more than likely have processed some of your personal data. Organisations that control and store personal data have a legal responsibility to protect your personal data security. If they fail to do so, and you suffer emotional or financial harm due to a data breach, you might be wondering whether you could make a data breach claim and how to go about doing so. In this article, we will explore the concept of a data breach claim against Norwich University.
This guide has been created to help you understand how such claims could be possible. In the sections below, we give an overview of what constitutes personal data and how it could be breached. We also explain the laws that protect personal data, how you could go about reporting a Norwich University of the Arts data breach, and what types of compensation you could claim. We also show you how the team at Legal Expert could help you take your claim forward and get the compensation you deserve. If you’re ready to start a data breach claim right now, or you have any questions, please don’t hesitate to call our freephone helpline on 0800 073 8804. We’d be happy to help.
Select A Section
- A Guide To Data Breach Claims Against Norwich University
- What Is Breach Of Data Protection?
- How Universities Should Comply With The GDPR
- Examples Of How Breaches In Data Protection Could Happen At A University
- Statistics In Breaches In Data Protection
- Criminal Breaches In Cyber Security
- Ways In Which Compensation Could Be Awarded For Breaches Of Data Protection
- Calculate Data Breach Compensation Claims Against Norwich University
- How Could A Solicitor Help You Claim For A Breach In Data Protection
- Could I Make A No Win No Fee Data Breach Claim Against Norwich University?
- Speaking To An Expert In Data Protection Cases
- References For Breaches Of Data Protection
Like any type of organisation that controls, processes or stores personal information, Norwich University of the Arts has a legal obligation to protect the personal data of its donors, staff, students and alumni. While many universities have in place robust cybersecurity systems to prevent a cyberattack, sometimes things could go wrong. This guide explains how a data protection breach could affect the university. And how you could make a data breach claim if they have breached your personal data in some way.
Such claims could be quite complicated. And you may be looking to learn more about what constitutes a data protection breach. You may also be interested in knowing which laws protect you from data breaches. We will examine how universities should go about managing your personal data so that it is not breached. In the sections below we explain this, citing examples of cybersecurity risks that universities face. Also, explaining some previous breaches that have affected universities in the past.
To determine what a data breach claim against Norwich University of the Arts could be call our advisors today. They can provide free legal advice.
Before we talk in more detail about how to make a data breach claim, we should explain what personal data is, and how a data breach could happen.
What Is Personal Data?
The Information Commissioner’s Office, which enforces data protection law in the UK says that personal information is:
- Information that relates to living people who could be identified by it directly
- Data that relates to living people who could be indirectly identified by it if it is used in combination with other data
Some examples of such personal data could include:
- Title, or name
- Someone’s gender
- A person’s contact or location information
- Their IP address or online identifier
Some data could be considered ‘sensitive’ and should be given a higher level of protection. Sensitive data could include:
- Someone’s political views
- Religious beliefs
- Sexual orientation
- Biometric data
- Medical information
This list is not exhaustive.
What Is A Data Breach?
Data breaches are, according to the ICO, data security incidents that cause personal data to be:
- Made unavailable
- Subjected to unauthorised disclosure, transmission, alteration, access, processing or storage
How Could A Data Breach Happen
A data breach claim could be launched due to a cyber attack data breach, or it could be due to a human error or the university’s negligence. Examples of what could cause a data breach could include:
- Negligence in the maintenance of network security or computer security
- Someone accidentally sending an e-mail containing personal data to an unauthorised recipient
- Theft or loss of computer equipment.
How Could I Be Affected By A Potential Norwich University Of The Arts Data Breach?
There are several ways in which a victim of a data privacy breach could be affected, including:
- Financially – If someone has enough of your personal data that they are able to access your bank accounts or financial information, they could make fraudulent purchases using those details. They could even take money from your bank account. In addition to this, they could assume your identity and make applications for loans or credit cards in your name.
- Emotionally – A privacy violation relating to your personal information could affect you emotionally. You may lose sleep over a data breach by Norwich University of the Arts, or you may suffer anxiety or stress.
The laws that protect your personal data allow you to seek compensation for non-material or material harm caused by a data breach. This means you could make a data breach claim against a university for the financially and emotional harm caused by such a breach.
There are laws in place that data controllers and processors are legally obligated to adhere to. One of these is GDPR, the General Data Protection Regulation. This is a law that the EU brought into force in 2018, and that the UK has enshrined in law in the Data Protection Act 2018 (DPA), in order to apply GDPR in the UK. To comply with UK GDPR, universities must:
- Process data in a way that is lawful and fair
- Collect data in a manner that is specified, legitimate and explicit
- Not process data excessively
- Process data in a manner that is relevant and adequate
- Make sure data is accurate and up to date
- Make sure data is only stored for as long as necessary
- Ensure data is secure
Failure to comply with GDPR means the Information Commissioner’s Office could enforce the law. Then they could issue fines to those who have breached them. GDPR also allows victims of a data breach to claim for the harm they’ve suffered psychologically and financially.
There have been a number of different universities that have been affected by a data breach in the UK. One cyberattack data breach that has affected a number of UK universities is the Blackbaud hack.
What’s The Blackbaud Attack?
IN 2020, UK university staff, students and alumni data was stolen in a ransomware attack on a database service provider called Blackbaud. The ransomware attack (where the perpetrator demands a ransom for the safe destruction or return of stolen data), lead to a data protection breach that affected universities including:
- The University of Birmingham,
- University College, Oxford,
- De Montfort University,
- The University of Reading,
- Loughborough University,
- The University of Exeter,
- Oxford Brookes University,
- The University of York,
- The University of Leeds,
- The University of Strathclyde,
- The University of London,
Not All Breaches Are Malicious
While a cybersecurity attack could cause a data breach, some data breaches by universities may happen due to negligence or human error. For example:
In 2017, victims of a data breach at the University of East Anglia were paid £140,000 in university data breach compensation when their sensitive personal information was sent to almost 300 people in error. https://www.bbc.co.uk/news/uk-england-norfolk-41934027
In 2018, the University of Greenwich was the recipient of a £120,000 ICO fine due to the breach of the personal data of almost 20 thousand people. A student left a microsite unprotected online, and it was accessed without authorisation. The ICO decided that the university had been negligent in ensuring its protection.
At the time of writing, there were no data breaches found for, Norwich University of the Arts. No matter whether your claim relates to student, staff or alumni personal data theft as the result of an online cybersecurity attack, or it relates to negligence or human error, we could help assess your case to see if you could be eligible for compensation. To find out what a valid data breach claim against Norwich University, may look like call our team today. We could provide you with a specialist solicitor who could assist with your claim.
IT Governance published an article in 2020 containing some statistics regarding the provision of computer and network security across UK universities. In it, they revealed that 86 universities had responded to a Freedom of Information request regarding data security. The answers to the request revealed:
- 54 percent of respondent universities had reported and ICO data protection breach
- 46% of staff had not been given awareness training in the previous 12 months
- Only 51% provided security training to students
- Most respondents admitted to having serious shortcomings in their abilities to protect their systems from data breaches
In addition to this, the report revealed that an ISP servicing universities, Jisc, had conducted security tests on a number of UK universities’ systems and testers had been able to gain access to over 50 universities within just 2 hours.
While not every data breach claim against a university could result from a cybercrime, universities face certain common threats from cybercriminals, which could include:
- Phishing attacks – One of the most dangerous methods of cyberattack, according to one Redscan report, phishing is where users are directed to dummy sites via fake e-mails. When they enter login information into the fake site, the criminal could then gain access to their account. Source: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf
- Password guessing/keystroke recording software – Cybercriminals could use these to effectively ‘steal’ login information of authorised users.
- Information theft – Personal data could be very valuable in the hands of a cybercriminal, as could research data.
- DDoS attacks – Denial of service attacks could deny authorised users access to their own data.
- Viruses/malware/ransomware – These types of attack could also cause a breach of personal data
It is vital that every university has a university data breach policy in place. This is so they are aware of how to respond to a cyberattack causing a data breach. They should also have robust network security and computer security plans in place to protect them from the common risks they face. Failure to adequately protect data could allow victims of a data breach that have suffered harm because of it to claim university data breach compensation.
GDPR allows victims of a data breach to claim compensation for both the material harm and the non-material harm caused to them because of the breach.
- Material damages – these could include the quantifiable financial expenses that arise as a direct result of the breach. They could include the value of fraudulent purchases made in a victim’s name, or the amount taken from a bank account by a cybercriminal, for example.
- Non-material damages – these could include claims for the loss of privacy of the victim, and the psychological harm caused to them because of the data breach.
One of the reasons it could be possible for a victim to claim for psychological injuries that have resulted from a data breach is because a case from 2015 set a legal precedent when a judge presiding over the case said it could be allowed for victims of data breaches to claim for personal injury. The case in question was Vidal-Hall and others v Google Inc  – Court of Appeal.
If you’re claiming compensation for financial expense caused by a data breach, then you’d need to look at the evidence of the expenses you’ve incurred. Then you could work out how much you could claim. This could include evidence such as credit card statements and bank records, for example.
Claiming compensation for psychological harm also requires evidence. You would obtain by going to a medical appointment with an independent expert. The expert would review any appropriate medical notes, and speak to you about your injuries. Based on their professional knowledge and the assessment, they would put together a medical report. Then this could be used to calculate an appropriate level of compensation for your mental suffering.
Compensation Amounts For Psychological Injuries
To get an idea of how much compensation could be appropriate for psychological injuries resulting from a data protection breach, we could look to the Judicial College Guidelines. Solicitors could use when calculating compensation settlements. It lists the following guideline brackets for psychological injuries.
|Injury||JCG Bracket||Level Of Severity|
|PTSD/Post-traumatic stress||£3,710 to £7,680||Less severe|
|PTSD/Post-traumatic stress||£7,680 to £21,730||Moderate|
|PTSD/Post-traumatic stress||£21,730 to £56,180||Moderately severe|
|PTSD/Post-traumatic stress||£56,180 to £94,470||Severe|
|Psychological injury (General)||£1,440 to £5,500||Less severe|
|Psychological injury (General)||£5,500 to £17,900||Moderate|
|Psychological injury (General)||£17,900 to £51,460||Moderately severe|
|Psychological injury (General)||£51,460 to £108,620||Severe|
It is entirely possible for the victim of a data breach to claim compensation without legal assistance. It is advised that you write to the company you hold responsible. If you were not happy with the response, they could escalate their concerns to the Information Commissioner’s Office.
However, many people choose to work with a lawyer when they want to make a university data breach claim. They may do so for a variety of reasons, which could include:
- Not having to take on the legal legwork of proving their claim.
- Having not to worry about their claim being time-barred (a data breach solicitor would know that the limitation period for data breach claims is 6 years or 1 year for human rights breaches)
- Knowing that a solicitor would have the capability to fight for the maximum compensation for their case, and ensure they claimed everything they were eligible to claim for.
How To Choose The Right Lawyer For A Data Breach Claim Against Norwich University
When it comes to finding a lawyer for a data breach claim against Norwich University, you might ask around to get recommendations from friends and family. Or, like many people, you may search online. Here, we explain why we believe you should consider working with Legal Expert:
- Years of experience – we have many years of experience helping people get the compensation they deserve
- Expert advisors – our freephone helpline connects you with expert claims advisors
- Free case checks – Want to check your eligibility to claim. Our free, no-obligation case checks are available over the phone
- Legal Expert solicitors– we could provide you with a No Win No Fee solicitor to help you with your claim
- Great reviews – our previous clients have left glowing reviews of our services, which you can take a look at here
If you’d like to learn more about how we could help you with a data breach claim against a university, why not call our friendly team? We’d be delighted to answer any questions you might have about making a claim and we could quickly help you get started on the path to compensation.
If you’re thinking about making a data breach claim against Norwich university, then you might want to benefit from the experience and knowledge of a data breach solicitor. With Legal Expert’s No Win No Fee claims service, you would not have to pay upfront to get a solicitor to help you with your claim.
How Do No Win No Fee Claims Work?
If you wanted to make a data breach claim with one of our solicitors, you would need to sign a Conditional Fee Agreement that the solicitor would send to you. This document includes details of the success fee you’d pay your solicitor once they’d achieved a data breach compensation payout for you. The fee you’d be asked to pay is legally capped and is usually a proportion of your total payout. You’d only pay this if your claim was successful.
Once you’d signed and returned the Conditional Fee Agreement to your solicitor, they would be able to start working on your claim and negotiating for compensation for you. Once your claim had been successfully completed, and your compensation payout had come through, their success fee would be deducted from it, with the balance being for your benefit.
What Happens If A Claim Fails?
If you’re worried about what fees you’d have to pay your solicitor in the event that your claim didn’t result in compensation, it might be a relief to learn that if your claim were to fail, the success fee would not be payable. You would not be required to cover the costs your solicitor had sustained while they were pursuing your university data breach claim either.
We can answer questions about a data breach claim against Norwich University of the Arts or do you have further questions you’d like us to answer. Or are you unsure as to whether you could be eligible to claim for a university data breach in the UK? Whatever your position, we’re here to help. You can reach us:
- By telephone : 0800 073 8804
- E-mail: email@example.com
- Via Live Chat
- Or through our contact form.
Cloud Computing Data Protection– This page takes you to guidance from the ICO on protecting data in the cloud.
Getting Mental Health Support– The NHS website shows you how to seek help with mental health issues.
Claim Time Limits – Limitation periods can vary. This page explains how long you could have to make certain types of compensation claims.
Data Loss Compensation– Has your personal data been lost? Find out if you could claim.
Stress Caused By A Breach– We explain more about how stress could be caused by a data breach and how you could claim.
ICO Data Rights– Your data protection rights are explained here.
Written By Jefferies
Edited By Melissa.