University Of Essex Data Breach Compensation Claims Guide
By Stephen Hudson. Last Updated 15th September 2022. As you can imagine, universities need to keep personal information in records relating to their staff, students, supporters and alumni. In the world we live in today, that personal data could prove quite lucrative if it were to end up in the wrong hands following a data breach. In this article, we’re going to look at the concept of data breach compensation claims against the University of Essex. We will consider what causes data breaches, the potential for them to cause harm, and the amount of compensation that could be awarded for that harm.
In recent years, data security measures have been tightened because of the introduction of the General Data Protection Regulation (GDPR) and The Data Protection Act 2018. Both laws now mean that any organisation which holds information about you has to store it securely.
If your data is exposed because of a data breach, you may be entitled to claim compensation if you suffer any harm as a result. In addition, the Information Commissioner’s Office (ICO) could step in and launch an investigation.
Legal Expert can help with university data breach claims. We start by conducting an assessment of your claim (without obligation) and explaining your options. If the claim has strong grounds, you could be connected to specialist solicitors. Any claim they agree to work on will be handled on a No Win No Fee basis.
To discuss starting a claim right away, please call 0800 073 8804 today. Alternatively, carry on reading to find out more about the data breach claims process.
Select A Section
- A Guide To Data Breach Claims Against The University Of Essex
- What Is A University Data Breach?
- GDPR & Data Protection Guidelines For Universities
- Has This University Experienced A Breach Of Data Protection?
- University Cybersecurity And Data Breach Statistics
- Stopping Cyber Security Threats To Universities
- How Victims Of Breaches In Data Protection May Be Compensated
- Calculating Compensation For Data Breach Claims Against The University Of Essex
- How To Find The Right Data Breach Lawyer
- No Win No Fee Data Breach Claims Against The University Of Essex
- Talking To An Expert
- Resources For Data Breach Claims
A Guide To Data Breach Claims Against The University Of Essex
Ever since the GDPR was introduced, you have probably seen changes to the way you make a purchase, book appointments, use websites and even sign up for a university course. That’s because all data controllers (like universities) need to request your permission before processing information about you, storing it or letting other organisations access it. However, there are times when they do not need to ask your permission.
These checks are important because they put you in control of what happens to your personal data. Once an organisation knows your data protection preferences, they generally have to abide by them.
Claims need to be made within the data breach time limits. Mostly, this will be a 6-year period. However, it can be just 1-year when the claim relates to human rights breaches. Data breach Solicitors generally advise that you start a claim early. As it will often be easier to remember how you have suffered. Similarly, data breach solicitors could benefit too because they will probably find it easier to gather evidence to back your claim.
What Is A University Data Breach?
You might instantly think of cyberattacks, malware, phishing emails, ransomware or viruses when you are asked about university data breaches. While they are likely culprits, the GDPR also covers non-digital data too. For instance, if a university holds paper records relating to its staff or students, it must be kept secure if it contains any personally identifiable information.
The 88-page GDPR documentation explains that a personal data breach is where a security incident leads to personal information about you being altered, lost, destroyed, accessed or disclosed accidentally or deliberate. The ICO can investigate any data breaches whether they were caused by illegal, accidental or deliberate acts.
GDPR & Data Protection Guidelines For Universities
As universities are generally deemed to be data controllers when they process information about their staff, supporters or students. They need to abide by the following principles listed in the GDPR:
- They must only collect the minimum amount of information required to fulfil the purpose of the data processing.
- Processing must be legal, fair and obvious.
- Any stored personal information must be kept up to date.
- Personally, identifiable information can only be stored for as long as it is necessary.
- The method of data processing needs to be confidential and secure.
When we talk about personally identifiable information, we mean data that could potentially lead to a data subject being identified. This could include names, telephone numbers, dates of birth, addresses and email addresses. It could also include staff or student numbers. As well as data relating to protected characteristics such as age, sexual orientation, ethnicity or disability.
Has This University Experienced A Breach Of Data Protection?
In this section we will look at data breach case studies that have impacted several UK universities. The first case study is one that affected the University of Essex.
In March 2022, the University of Essex was hit by a major data breach that included the release of sensitive data on over 400 students. The breach was caused by an email from a facilities management delivery partner that requested payment for repairs to a broken door on an accommodation block. A spreadsheet containing student IDs, contact details and dates of birth was accidentally attached to this email.
A separate data breach incident affected the University of Greenwich and led to the organisation being fined £120,000 by the ICO. The incident exposed the personal information of almost 20,000 data subjects.
It happened when a temporary website was created in 2004 to support a training conference. The details of the data subjects which included names, telephone numbers and addresses in most cases (although more sensitive data was included in some instances) were uploaded to the website.
After the event had finished, the website was never removed or secured. Nine years later the website was compromised. Then, another 3 years after that, it was targeted by several cyber-attackers. A fine was issued by the ICO for the data breach due to a lack of organisational or technical measures to prevent such breaches.
The next case is about a software provider, Blackbaud. They supply database management solutions to the higher education sector. In 2020, it realised that information had been accessed. Data relating to several UK organisations including universities was downloaded.
The company was later contacted by the hackers and a ransom was demanded. The company gave in to the hackers and paid the ransom in an effort to make sure it was destroyed.
University Cybersecurity And Data Breach Statistics
As we have just demonstrated, university data breaches do happen. That said, many people are probably of the opinion that they aren’t really all that common. A report conducted by an IT security firm looked at the security of information at universities. Their study revealed that:
- Only 46% of university staff had been given data safety training in the past 12-months.
- Over a quarter of the universities in the study had never used an external company to test the security of their IT network.
- 49% of universities don’t proactively supply training to students regarding data safety.
- A massive 54% of respondents said that they had needed to report a data breach to the ICO in the past 12-months.
The study was based on 86 UK universities that responded to Freedom of Information (FOI) requests from the security firm.
Stopping Cyber Security Threats To Universities
While cybercriminals are very determined when it comes to hacking computer systems, there are some steps that universities could take. This could try to prevent data breaches in the future. For instance, they could:
- Hire an external security firm to assess the physical security of the university campus. And the network security to identify any security issues before hackers exploit them.
- Encrypt devices like laptops, memory sticks, or tablets. This is so the data they contain cannot be accessed if they get into the wrong hands.
- Train all members of staff and students about their data safety responsibilities.
- Review data privacy policies and update them regularly.
- Making sure that any hardware, software (including apps), and firmware are kept up to date.
As you can imagine, limited university budgets might mean it is hard to justify these actions. However, all universities, as data controllers, have a duty to keep personal information safe. Also, by taking these actions, the university could save money by avoiding the cost of an ICO fine.
How Victims Of Breaches In Data Protection May Be Compensated
When you start a data breach compensation claim, it will usually consist of two elements. The first looks at any money that you have lost. This is known as material damages. The next, non-material damages. Which aims to compensate you for any pain, suffering or loss of amenity that has been caused by psychological injuries you have suffered because of the breach.
As every claim is unique in our experience, we can only provide you with a personalised compensation estimate once your claim has been assessed properly. However, in this section, we will look at what criteria could be used to determine the level of compensation. This is important because once you agree to settle a claim, it is not possible to request extra compensation later on.
That means, if you are claiming for financial losses, you will also need to determine if you are likely to suffer additional losses in the future. This could be the case if personal information about you was exposed to an identity thief. As they may have sold it to other criminals on the dark web for instance.
Similarly, if your claim includes psychological injuries that have already been diagnosed, a medical specialist will need to assess if you are likely to continue to suffer in the future. For instance, ongoing Post-Traumatic Stress Disorder (PTSD) could affect your future income if it prevents you from working.
It is very important for your claim to be properly assessed before it is submitted. This is so that nothing is excluded. So, why not call Legal Expert today for a free review of your case. If it is strong enough, you could be connected to a data breach solicitor who will handle all aspects of your case for you.
Calculating Compensation For Data Breach Claims Against The University Of Essex
As we have already covered the reasons why you might want to claim and what you could claim for, we are now going to consider how much compensation might be paid.
An important case was heard at the Court of Appeal (Vidal-Hall and others v Google Inc ) in which it was agreed that even if you don’t suffer pecuniary losses, you can still ask to be compensated for psychological injuries that have resulted from a data breach. Payments made for such compensation should be at the same level as personal injury cases.
Therefore, we have included some potential compensation figures for psychological injuries listed in the Judicial College Guidelines; This used by solicitors to help work out settlement amounts.
|Injury Type||Severity||Compensation Bracket||Further Details|
|Psychiatric Damage||Severe||£54,830 to £115,730||With cases covered under this bracket, the victim will usually be in a very vulnerable state and the prognosis will be very poor.|
|Psychiatric Damage||Moderately Severe||£19,070 to £54,830||The victim will be in a very vulnerable state and require lengthy treatment, but the prognosis will be much more positive compared to Severe cases (mentioned above).|
|Psychiatric Damage ||Moderate||£5,860 to £19,070||Although the victim will have suffered significantly, there will already be signs of recovery and a good prognosis will be offered.
|Psychiatric Damage||Less severe||£1,540 to £5,860||The main factors used to decide a settlement figure will be how long the injuries lasted and the length of time daily activities were affected.|
|PTSD||Severe||£59,860 to £100,670||The permanent symptoms of PTSD will mean a return to work or functioning at pre-trauma levels is highly unlikely.|
|PTSD||Moderately Severe||£23,150 to £59,860||The significant problems caused by PTSD will be similar to above but there will be a chance of some recovery with professional support|
|PTSD||Moderate||£8,180 to £23,150||The victim will largely recover from the condition. Any continuing effects won’t be grossly disabling.|
|PTSD||Less Severe||£3,950 to £8,180||A virtually full recovery will be achieved within 1-2 years. Just minor symptoms will persist over any lengthier period of time.|
As solicitors aren’t medical experts, they use independent specialists to assess the severity of your injuries. During the claims process, you will need to attend a local medical assessment. In the appointment, a specialist will review the medical notes available to them and try to determine the level of suffering by asking you questions.
How To Find The Right Data Breach Lawyer
You might want to find a solicitor to represent you. Where do you turn though? Will you read online reviews (ours are here by the way), ask for a recommendation from somebody, or scour the high street for options? Or will you take the easy route and call Legal Expert straight away?
Calling our advice line is an easy way to ask any questions you might have. We provide a free assessment of all cases too. If you want to work with Legal Expert, and your claim is taken on, you will be paired with a suitable solicitor to help you. They will be able to answer any questions that crop up while the claim is being processed. You will be updated regularly. Without exception, our solicitors will always work as hard as they can to try and gain the maximum amount of compensation possible in your case.
No Win No Fee Data Breach Claims Against The University Of Essex
We realise that many people are put off from starting cases because of the perceived costs involved. That is the reason that our experienced team of solicitors provide access to legal representation on a No Win No Fee basis. Claiming on this basis with Legal Expert should be less stressful because your financial risks will be reduced.
Before your claim can begin, a solicitor will need to verify that it has grounds for success. If they decide to take your claim on, when you are ready to start you will be given a Conditional Fee Agreement (CFA) to sign. This contract explains how your claim will be processed and it will show you that:
- Solicitors start work without the need for an upfront payment.
- Solicitor’s fees aren’t charged during the claims process.
- If the claim doesn’t work out, your solicitor will not charge you any of their fees.
If the outcome of your claim is positive and you are paid compensation, your solicitor will keep a percentage to cover their costs. This legally capped ‘success fee’ is listed in the CFA so it is clear what percentage you will pay when you sign the CFA.
Talking To An Expert
You’re nearly at the end of our article relating to data breach claims against the University of Essex. If you have reached the conclusion that it’s the right time to begin a claim, why not get in contact with Legal Expert today? You can reach us by:
- Calling an advisor for free data breach claims advice on 0800 073 8804.
- Emailing us with an explanation of your claim to firstname.lastname@example.org.
- Asking one of our specialist online advisors for information in live chat.
- Beginning your claim online so that we can call back at a suitable time.
When you contact us, we will always be honest about the chances of making a successful claim. And we’ll keep the claims process as easy as possible. An advisor will listen to what has happened. Then they will consider any evidence you already have. If they suspect the claim could be viable, you will be connected with a specialist solicitor from our team. If they agree to work on your case, it will be conducted on a No Win No Fee basis.
Resources For Data Breach Claims
This is the final part of our guide about data breach claims against the University of Essex. We have provided a lot of information already, but we have also linked to extra resources below which might help you during your claim. Additionally, we have included some more Legal Expert guides. These relate to different types of claims we could help you with in the future. If you require any more guidance, please don’t hesitate to speak to an advisor.
Anxiety UK – A UK charity that aims to help those affected by anxiety-based depression.
Making A Subject Access Request – Advice from the ICO about requesting the information a company holds on you using a SAR.
Shop Injury Claims – Information on when you could claim if a retailer’s negligence causes an accident in which you are injured.
Hospital Medication Errors – Details on claiming if you have suffered after being given the wrong medication in a hospital.
Other Useful Compensation Guides
- University Of Bristol Data Breach Compensation Claims
- Data Breach By St Helens Borough Council
- Hilton Hotels and Resorts Data Breach Compensation Claims
- Ibis Hotels Data Breach Compensation Claims
- Newcastle City Council Data Breach Compensation Claims
- GP Data Breach Compensation Claims
- Liverpool John Moores University Data Breach Compensation Claims
- Plymouth City Council Data Breach Claims
- Stockport Council Data Breach Claims
- Doorstep Dispensaree Data Breach Compensation Claims
- Data Breaches At Sandwell Council
- Sainsbury’s Bank Data Breach Compensation Claims
- HCA Healthcare Data Breach
- Tesco Pharmacy Data Breach
- Kettering General Hospital Data Breach Compensation Claims
- Dixons Carphone Data Breach Compensation Claims
- University of Greenwich Data Breach Compensation Claims
- Aston University Data Breach Compensation Claims
- BMI Healthcare Data Breach
- University of Bath Data Breach Compensation Claims
- Blackbaud Data Breach Compensation Claims
Written By Hambridge
Edited By Melissa.