The Open University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For The Open University Data Breach
When you apply to learn at a university, you will need to hand over quite a lot of personal information as you enrol. While that makes sense, if you think about the type of data you’ll provide, it could cause you a lot of problems if it were to get into the wrong hands. While we are going to examine the concept of data breach claims against the Open University, the details we’ll supply could be relevant to other universities as well.
Unless you have not read any news at all over the past couple of years, you can’t have failed to notice the introduction of the GDPR or the General Data Protection Regulation to give its full name. It was passed into UK law when The Data Protection Act 2018 was enacted. These acts of law work to provide you more say over how personal information is used.
If you would like to begin such a case, Legal Expert is here to help. Our specialist will review any case on a no-obligation basis and provide free legal advice as well. If your data breach compensation claim seems to have strong grounds, you could be partnered with one of our solicitors. Any claims that we accept are handled using a No Win No Fee service.
To review your claim options right away, please contact us on 0800 073 8804. Alternatively, please read on for more information on claiming for a personal data breach.
Select A Section
- A Guide To Data Breach Claims Against The Open University
- What Are Data Breaches At A University?
- How Higher Education Should Comply With The GDPR
- Has The Open University Suffered A Data Breach?
- Statistics On Data Security Breaches In Higher Education
- Preventing Criminal Cyberattacks
- How Are Settlements For Breaches In Data Protection Calculated?
- Calculating Compensation For Data Breach Claims Against The Open University
- Why Contact Legal Expert About Your Claim?
- No Win No Fee Data Breach Claims Against The Open University
- Contact Us To Claim
- Where Do I Learn More?
A Guide To Data Breach Claims Against The Open University
There are a lot of daily processes that take place which are not the same as they were before the GDPR was introduced. Whenever you register with a doctor, shop online, book a restaurant, hire a car or register with a website, you’ll probably see spurious pages that explain how your personal information will be used.
All of that extra information is provided because one of the rules is that data subjects must be informed about how their data will be used. Furthermore, they need to agree to it as well in most cases. What’s more, they need to implement security features to keep your data safe. When data breaches do occur and the new data protection laws aren’t followed, organisations (or data controllers in the words of the GDPR) could be issued a substantial financial penalty by the Information Commissioner’s Office (ICO). While that process won’t mean you’ll receive compensation, you may be able to start your own legal case if you’ve been harmed by a breach.
As with all compensation claims, you will need to start claims for a data breach within the allotted time limits. In general, you’ll have a 6-year window to claim within. However, please call to check how long is left because some cases (those relating to human rights breaches) only have a single year. We usually suggest that if you begin your claim as early as you can, it should be easier to discuss how you’ve been affected. Also, collecting evidence to substantiate your claim could be a lot quicker too. Your specialist data breach lawyers will show you how to effectively collect evidence
What Are Data Breaches At A University?
Some of the larger data breaches that make it into the news result from cybersecurity issues like malware, viruses, denial of service attacks, ransomware, or keyloggers. However, while they are common, digital data breaches aren’t the only reason. For example, a pharmacy in London was recently fined by the ICO for leaving thousands of paper customer records inside unlocked containers.
The GDPR documentation explains that a personal data breach occurs where a security issue leads to information about a data subject being altered, destroyed, accessed, lost or disclosed to or by unauthorised parties. The act that caused the breach doesn’t have to deliberate or illegal, though, the ICO could also investigate accidental data breaches.
One of the GDPR rules is that a data controller has to investigate when a breach is identified. They need to let any data subject who could be at risk know what information was leaked, how the breach occurred and when the event took place. They are also legally obliged to let the ICO know of their investigation.
How Higher Education Should Comply With The GDPR
The technical information within the GDPR is presented in quite a clear way so that it is easy for individuals or organisations to understand their roles. It is quite long though at a whopping 88-pages! Once you have defined what role you play in the handling of personal information, it is quite easy to understand your responsibilities. For example, in many cases, universities will be deemed ‘data controllers’. That means they must show that they comply with a number of principles. For instance, they must:
- Collect for fair, obvious and, of course, legal reasons.
- Only collect the information which is required and nothing extra.
- Use secure and confidential data processing techniques.
- Ensure that any stored information of a personal nature is kept up to date.
- Never retain personal data for longer than it is required (there isn’t an actual time limit defined though).
Any data that could be used to help identify somebody is covered by the GDPR. For instance, the following could all help directly identify you: name, staff or student ID number, home address, email address or telephone number. Also, data that might indirectly identify you is covered too such as gender, sexual orientation, age or disability.
Has The Open University Suffered A Data Breach?
At the time of writing, there are no data breaches involving the Open University listed on the ICO website. Therefore, we are going to show a case study of a breach that did affect several UK universities.
Blackbaud supplies many universities with a database system. In May 2020, the cloud-based version of the database was hacked. The company investigated and realised that some data had been illegally downloaded.
As required by the GDPR, Blackbaud informed affected customers about what had happened. In turn, the universities contacted any staff, students or alumni who may have been at risk.
However, in this case, Blackbaud decided that the best course of action was to pay a ransom demand which had been issued. In return, the hackers informed the company that the data had been destroyed.
Source article: https://www.theprofs.co.uk/news/list-of-universities-impacted-by-blackbaud-data-breach-grows/
Statistics On Data Security Breaches In Higher Education
We are now going to review a study undertaken by an IT security company about data breaches in UK universities. Based on 86 responses, the report reveals that:
- Quite alarmingly, more than half of the respondents said their university had reported data breaches to the ICO in the past 12-months (54%).
- 46% of employees had not been offered any data security training in the last year.
- Over a quarter said they had never employed an external firm to perform a penetration test of their IT infrastructure.
- Only 51% said they provided proactive IT security training to students (although another 37% said advice was available if asked).
- The average annual data security training budget for employees amounted to only £7,529 per university.
Detailed report: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf
Preventing Criminal Cyberattacks
Due to the sensitivity and the vast amounts of personal information held by universities, we believe that steps should be taken to try and reduce the number of future data breaches. We can’t offer IT security advice, but some standard security practices that could help are listed below:
- Only use devices that connect to the university network if they are fully patched with the newest security updates.
- Use encryption techniques to try and secure any data if devices are stolen or lost.
- Review data protection policies regularly and update them.
- Employ network security specialists to try and identify frailties in the IT infrastructure so that they are fixed before they’re exploited by criminals.
- Ensure all employees and students receive adequate training on how to protect the data they handle.
Education budgets are often stretched thinly so the cost of implementing these measures might seem prohibitive. However, those costs might be far outweighed by the cost of an ICO fine and the measures could also prevent a lot of harm in the future.
How Are Settlements For Breaches In Data Protection Calculated?
The way in which data breach compensation claims are calculated can be quite complex. Not only do you need to look at what suffering the breach has already caused, but you also need to look at how you could suffer in the future. On top of that, you can’t just ask for a set amount of compensation, every element of your claim needs to be justified and backed up with evidence.
When calculating compensation amounts, it’s often easiest to look at any money that you have lost. This is known as the material damages part of the claim. First, you’ll calculate costs that have already been incurred and any money you’ve lost. After that you may need to work out any potential costs you’ll incur in the future. As an example, if the breach means your credit file has been damaged following an identity theft, you may find that mortgages, credit cards or loans become more expensive in the future.
The next element of your claim is called non-material damages. This part covers any psychiatric injuries sustained directly because of the data breach. An independent medical specialist could be used to assess your overall suffering. For instance, you may find that an extended period of anxiety could make it difficult for you to trust loved ones or Post-Traumatic Stress Disorder (PTSD) could affect your ability to work.
It’s important to factor everything into your initial claim as you can only make one claim. We are able to appoint a specialist solicitor to cases we accept to try and ensure all parts of your claim are considered before the claim is submitted so please call us today.
Calculating Compensation For Data Breach Claims Against The Open University
We are now going to move on to show you the potential compensation amounts that can be awarded for psychiatric harm caused in personal injury cases. These figures that we provide are based on personal injury cases. In an important case, the Court of Appeal said that compensation for such harm could be claimed without the need for any financial losses. Additionally, as they were summarising the case of Vidal-Hall and others v Google Inc , they said payments should be made in line with personal injury law.
So, to demonstrate how much could be paid for certain injuries, we have provided some figures from the Judicial College Guidelines (JCG) in the table below. Courts, solicitors and legal professionals will often refer to the JCG when calculating compensation. This data is provided for your information. If you contact us to talk about your claim, and it is assessed by a solicitor, we should be able to offer a more detailed and personal compensation estimate.
|Injury Type||Severity Level||Settlement Bracket||Extra Information|
|Psychiatric Damage||Severe||£51,460 to £108,620||In this settlement bracket, the claimant won't react well to treatment. They will receive a very poor prognosis because coping with everyday life will be difficult as will work and managing personal relationships.|
|Psychiatric Damage||Moderately Severe||£17,900 to £51,460||In this settlement bracket, the claimant will have been given a more optimistic prognosis than above but they will have still suffered significant and similar symptoms.|
|PTSD Injury||Severe||£56,180 to £94,570||In this settlement bracket, the claimant will be unable to work or function at anywhere near normal levels due to the permanent serious symptoms of PTSD.|
|PTSD Injury||Moderately Severe||£21,730 to £56,180||In this settlement bracket, there will be a chance of improvements through professional support but the claimant will suffer significantly for the immediate future.|
One of the main factors used to determine settlement levels is the severity of your injuries. To help substantiate this, you will need to attend a local medical assessment as part of the claims process. This appointment will be between you and an independent medical expert. They will assess the effects the breach has had on you by asking questions and reviewing medical records.
Once you have completed the appointment, the medical specialist will prepare a detailed report of their findings for your solicitor. As this report is vital evidence that could support your claim, it is important that all claimants attend a medical assessment.
Why Contact Legal Expert About Your Claim?
After you’ve decided that you would like to begin a university data protection claim, you might start looking for a solicitor next. How you find the right one can vary, though. Some claimants decide to search on the high street while others ask colleagues or friends to recommend one. However, you could take a much easier route to help choose your solicitor – a quick call to Legal Expert.
Our specialist advisors are here to support you by answering as many questions as needed. They’ll even assess your claim on a no-obligation basis. If the claim is strong enough, and it is accepted, you’ll benefit from the experience of one of our specialist solicitors. During your claim, the solicitor will be able to explain any complex terms which crop up and answer any queries. You’ll also be updated as soon as there is any progress with your case. Ultimately, our solicitors will always work hard to try and ensure you are compensated fully for your suffering.
No Win No Fee Data Breach Claims Against The Open University
We understand that many people are put off from using a solicitor when claiming due to the financial risks involved. We can reduce those risks by offering a No Win No Fee solution for all claims we handle, making the process a lot less stressful as well.
As you’d imagine, we do need to check the feasibility of any claims before we take them on. Once a solicitor has approved your case, you’ll receive a Conditional Fee Agreement (CFA). This contract allows your case to begin and it explains that:
- Nothing needs to be paid to your solicitor upfront before the claim can start.
- Solicitor’s fees aren’t billed to you during the claims process.
- If your solicitor fails to win your case, you don’t have to cover their fees.
Our solicitors are only paid for their work if your claim is won. In the event of a successful claim, a success fee will be deducted from your compensation. This is a fixed percentage of your award that is listed in the CFA, so you’ll know how much it is from the start. We should tell you that, to avoid overcharging, success fees are legally capped.
Contact Us To Claim
Thanks for taking the time to complete our guide. If you have any questions about data breach claims against the Open University we are here to support you. If that’s the case, you can reach our specialists by:
- Calling our advice centre on 0800 073 8804 to receive free legal advice.
- Asking an online advisor to review your chances of receiving compensation in online chat.
- Using our online claims form to arrange a call at a suitable time.
- Emailing us a message about what’s happened to firstname.lastname@example.org.
We try to keep things as straightforward as possible when you call, and we will always be honest about your chances of being compensated. Our advisors review claims and offer completely free advice on them. If they believe you could win your case, they could pass you through to a specialist solicitor. Any claims they handle are managed using our No Win No Fee service.
Where Do I Learn More?
If you have suffered an Open University data breach please call our team for your case to be assessed. In this section, we’d like to supply you with some links which might prove useful during a claim. Also, as we are able to support other types of claims, you’ll see some links to additional Legal Expert guides as well. Please call our advice line if there is any further help we can provide.
ICO Fines – Details of the measures the ICO uses to recover outstanding fines.
Generalised Anxiety Disorder – Information from a UK charity about one common type of anxiety.
Suing Your Current Employer – Advice on when you could claim for a workplace personal injury against your current employer.
Care Home Negligence – This article looks at claiming compensation for injuries sustained in a care home.
Dog Bite Claims – Advice on seeking compensation after being bitten by a dog.
Other Useful Compensation Guides
- Teesside University Data Breach
- The Arts University Bournemouth Data Breach
- Can I Get Compensation For Loss of Medical Records?
- Transform Hospital Group Data Breach
- University of Aberdeen Data Breach
- University of Bedfordshire Data Breach
- University of Bradford Data Breach
- University of Brighton Data Breach
- University of Buckingham Data Breach
- University of Cambridge Data Breach
- University of Central Lancashire Data Breach
- University of Cumbria Data Breach
- University of East Anglia Data Breach
- University of Edinburgh Data Breach
- University of Glasgow Data Breach
- University of Gloucestershire Data Breach
- University of Huddersfield Data Breach
- University of Hull Data Breach
- University of Kent Data Breach
- University of Lincoln Data Breach
Written By Hambridge
Edited By Melissa.