University Of Exeter Data Breach Compensation Claims Guide
Could I Claim Compensation For Data Breach At The University Of Exeter?
Universities are required to keep personal information relating to their staff and students for various reasons. It is especially important that the information they retain is kept from criminals as it could cause a lot of harm if it got into the wrong hands. While this guide relates to data breach claims against the University of Exeter, the details we will provide could be applied to any other university as well. We will review how a data breach might happen, the harm that could result and when you could seek compensation for that harm.
Data security has become a big issue since the General Data Protection Regulation (GDPR) came into force when The Data Protection Act 2018 was enacted into UK law. These new laws give individuals (or data subjects) much more control over the way in which information about them is used. Any organisation that controls personal data has a legal obligation to ensure that it’s kept safe. If a data breach does occur, the Information Commissioner’s Office (ICO) could issue a financial penalty to any organisation found to have broken data protection laws. Moreover, if you can prove that you have been harmed by the data breach, you could begin a compensation claim.
Legal Expert is happy to help anybody who wants to make a claim. Our service includes an assessment of your case (without obligation) and free legal advice. Should your claim appear strong enough, your advisor could refer it to a specialist data breach solicitor who will work on a No Win No Fee basis if the claim is accepted.
To tell us about how you’ve been harmed by a data breach that you’d like to claim for, please call us on 0800 073 8804 today. You can also write to us by clicking here or chat with us now about data breach claims using our live chat.
If you would rather learn more about university data breaches before calling, please continue reading.
Select A Section
- A Guide To Data Breach Claims Against The University Of Exeter
- What Is A University Data Breach By Exeter University?
- University Data Protection And The GDPR
- Universities Which Have Been Impacted By Data Breaches
- Statistics On Breaches In Data Protection By Universities
- Cybersecurity Attacks And Breaches
- How Could I Be Compensated If Impacted By A Breach In Data Protection?
- Calculating Data Protection Breach Claims Against The University Of Exeter
- How To Find A Data Claim Expert
- No Win No Fee Data Breach Claims Against The University Of Exeter
- Start A Claim
- Where To Find Out More
A Guide To Data Breach Claims Against The University Of Exeter
While you have always needed to provide personal information when you register with a website, make a purchase, join a new doctor’s surgery or start a university course, the way in which you do so has changed since the GDPR was implemented.
The reason is that anybody who wants to process your information, store it or share it with others needs to a) tell you how it will be used and b) ask for your explicit permission to do so. That’s why you will now notice sections on application forms where you need to tick boxes to approve how your information will be used or click on pop-up boxes on websites.
After your data privacy preferences have been gathered, it is a legal requirement that the organisation who has your personal information keeps it safe and only uses it in the ways that you have authorised. For instance, if you provide your email address to a shop so that they can tell you when your purchase is going to be delivered, they can’t then use it to send advertising to you.
If your private information is leaked during a data breach, not only could you try to claim compensation for any harm caused (provided you can evidence your case), but also the organisation responsible could be investigated and fined by the ICO.
We should advise you that time limits apply for data breach claims. Normally, you will have 6-years to claim but if the basis of your claim is a breach of your human rights, you will only have 1-year to claim. Our specialist data breach solicitors usually advise that starting a claim as early as possible could mean it is easier to remember the impact of the data breach, and easier for your lawyer to investigate.
What Is A University Data Breach By Exeter University?
Data breach claims against the University of Exeter don’t have to relate to cybersecurity issues like phishing emails, malware, ransomware or key loggers, they can also relate to physical documentation as well. The GDPR covers any type of personal data which means documents containing personal information that are stored in filing cabinets need to be considered just as much as anything stored electronically.
The definition of a personal data breach, as listed in the GDPR, is where a security issue causes personal information to be disclosed, destroyed, altered, lost or accessed using methods which have not been approved by the data subject. Whether the reason for the breach is accidental, deliberate or illegal does not matter, the ICO could investigate and fine the responsible organisation.
Personal information means any data which could help identify the data subject such as employee number, student number, name, email address, telephone number, home address or data relating to some protected characteristics.
After a data breach has been identified, an investigation should be started and anybody who could potentially be at risk should be informed. The ICO also needs to be told about the breach at this point.
University Data Protection And The GDPR
Any organisation that requires personal information about a data subject and defines how it will be processed is regarded as a data controller within the GDPR. If a data controller uses third parties to gather and process that data, they will usually be defined as data processors.
The GDPR explains that data controllers must abide by, and be able to show compliance with, the following principles:
- The reason why personal information is required must be made clear to the data subject.
- The act of data processing needs to be legal. It should also be obvious to the data subject and fair.
- When collecting data, only the minimum amount required should be requested.
- No personal information should be kept for any longer than is necessary.
- Data processing should be conducted in a confidential and secure manner.
- Personal information that has been stored should be regularly updated.
Legal Expert can help if you believe your personal information has been leaked because the rules of the GDPR haven’t been followed. Please let us know how you have been affected and we will review your claim for free.
Universities Which Have Been Impacted By Data Breaches
As we mentioned earlier, data controllers can use third parties to process personal information, with the latter being referred to as data processors. In this case study, we are going to show how a software supplier used by the University of Exeter, Blackbaud, was the victim of a data breach that affected a number of universities and organisations in the UK.
Blackbaud provides a hosted database used by many universities to keep in contact with its fundraisers, supporters and alumni. It became aware of the fact that its backup servers had been compromised by hackers when it received a ransomware demand.
After investigating what happened, the company realised that a subset of data had been downloaded by the criminals and contacted the organisations that were at risk, including the University of Exeter.
The information thought to have been accessed included personal details, contact details, how previous students had engaged with the university since leaving, educational records, employment history since leaving and other information shared with the university.
While initial reports said that banking information and passwords had not been compromised, Blackbaud said, at a later date, that there were some cases where they may have been.
While law enforcement agencies around the world usually advise against paying ransoms of any sort, that is what Blackbaud did. In return, it said it had gained assurances from the hackers that the data had been destroyed.
Statistics On Breaches In Data Protection By Universities
While we have shown that university data breaches have happened in recent months, you might believe that they are relatively rare. However, a recent study that detailed the responses of 86 UK universities suggests otherwise. The study reveals that:
- In the last 12-months over half of the respondents (54%) needed to inform the ICO of a data breach involving their university.
- The average staff awareness training budget, per university, is a little over £7,500 per year.
- 46% of staff had not been provided with any awareness training in the past year.
- 27% of universities had never asked for a third party company to test their network security for flaws.
Cybersecurity Attacks And Breaches
As we have shown in the previous section, data breaches in universities aren’t uncommon. So, what can be done to prevent them from happening in the future? Here are some suggestions:
- Making sure privacy policies are assessed and updated regularly.
- Using encryption on laptops, memory sticks and tablets so that the data on them becomes unreadable if lost or stolen.
- Ensuring staff, contractors and students are all fully trained on data protection issues.
- Keeping software and hardware up to date.
- Using third-party security firms to carry out penetration testing of the computer network and university buildings to identify security problems before criminals do.
While it could be considered costly to carry out the steps above, universities have a duty to prevent their alumni, students, staff and supporters from becoming victims of the next data breach. Additionally, the steps listed could also prevent large financial penalties from being issued by the Information Commissioner’s Office.
How Could I Be Compensated If Impacted By A Breach In Data Protection?
From our experience in handling data breach claims, we understand that no two claims are alike because every claimant is affected in different ways. Therefore, we can only provide a personalised compensation estimate once your case has been properly assessed. However, in this section, we will look at what could be included in a data breach compensation claim.
There are two main parts to such a claim. The first is known as material damages which could be claimed if you have lost money because of a data breach. The next is non-material damages which aim to cover any pain and suffering that has resulted from psychological injuries caused by a breach.
Claiming for these elements can be quite tricky because as well as considering the harm that has already been caused, you need to look at any potential future harm too. That’s because you can only make one claim. It’s therefore important to review your case thoroughly before starting legal proceedings.
For example, data breach solicitors use independent medical specialists to look at what conditions have already been diagnosed such as Post-Traumatic Stress Disorder (PTSD), anxiety and depression. Then they need to look at if they will cause you any long-term problems with work, education, coping with life or managing relationships.
Similarly, as well as looking at any money you have already lost, your case will be reviewed to see if the data breach might cause additional financial problems in the future. An example of this could be if your details have been sold on the dark web and are still being used by cybercriminals.
Calculating Data Protection Breach Claims Against The University Of Exeter
So far, we have looked at the justifications for making a claim for a university data breach. Now it is time to look at what amount of compensation might be payable.
The Court of Appeal decided, when hearing the case Vidal-Hall and others v Google Inc , that claims for psychiatric damage could proceed even if you have not lost any money. In addition, the court ruled that any compensation award for psychological harm should be calculated in the same way as personal injury claims.
To show you how much compensation is listed for some relevant injuries in the Judicial College Guidelines (used to help determine compensation amounts in personal injury cases), we have added the following table:
|Injury||Severity Level||Compensation ||Additonal Details
|Post-Traumatic Stress Disorder ||Severe||£56,180 to £94,470||PTSD will cause problems with all aspects of life, be permanent, and prevent a return to work.
|Post-Traumatic Stress Disorder||Moderately Severe||£21,730 to £56,180||Similar to above but there will be a better prognosis because professional help should mean symptoms improve.|
|Psychiatric Damage (General)||Less severe||Up To £5,500||This compensation range will consider how long you suffered and the duration that daily activities were affected.|
|Psychiatric Damage (General)||Moderate||£5,500 to £17,900||Settlements made in this category will mean improvements have begun to be made and there is a good prognosis for the future.
As the amount of compensation awarded is based on the severity of your injuries, you will need to attend a medical assessment locally during the claims process. An independent medical specialist will review your case notes and assess your condition by asking questions about your suffering.
How To Find A Data Claim Expert
When you have decided that you are going to claim for a University of Exeter data breach, your next move might be to find a solicitor. How do you do one though? You could do what some do and choose a firm based locally, or you might ask for recommendations or you could read solicitor reviews online. What might be even easier though, and less time-consuming is to call Legal Expert.
Our advisors will listen to the details of your case, answer any questions and provide free legal advice. If you want to proceed, and your case is accepted, you will be connected with a specialist solicitor who will be able to explain any complex jargon throughout your claim. They’ll also be on hand to answer any queries and will provide you with updates as your case progresses. You can rest assured that our solicitors will always do their best to try and ensure you are compensated fairly. Why not check out some of our past reviews?
No Win No Fee Data Breach Claims Against The University Of Exeter
Now that you have read this guide about claiming for an Exeter University data breach, what’s preventing you from making a claim? If it is because you are concerned about the financial risks involved, then we can help. Our solicitors handle each case that is accepted on a No Win No Fee basis. That means any financial risk is lowered which also means your claim will be less stressful.
Your lawyer will analyse your claim before it is accepted to check that it has a relatively good chance of success. If the solicitor agrees to work on your claim, you will be given a Conditional Fee Agreement or CFA to sign (the formal term for a No Win No Fee agreement). This document is used to fund your claim and sets out the claims process. It also explains clearly that:
- There will be no fees charged upfront.
- Solicitor’s fees are not requested while the claim is ongoing.
- If the claim doesn’t work out in your favour, you will not be asked to cover any of your solicitor’s fees.
If your solicitor wins your claim, they will retain a small percentage of any compensation payment. In the CFA, the percentage you will pay is listed as the ‘success fee’ so you will be aware of how much you’ll pay from the start of your claim. To put your mind at ease, it is important to point out that success fees are capped by law.
Start A Claim
We are reaching the end of our article about how we can help with data breach claims against the University of Exeter. If you have concluded that you would like to start a claim, you can contact us by:
- Calling our advice line on 0800 073 8804 to speak with a specialist advisor.
- Email information about your case to email@example.com.
- Fill in our online claims form so that a specialist can call you when it’s convenient.
- Discuss how a data breach has affected you in our online chat tool.
We always try to keep the claims process as straightforward as possible. Our advisors will give honest feedback on the prospects of success when assessing your case in a no-obligation consultation. They will offer free advice and, if the claim appears viable, you could be partnered with one of our data breach solicitors who operate on a No Win No Fee basis if your claim is accepted.
Where To Find Out More
We hope that this article on the University of Exeter data breach claims has been useful. In this last section, we have supplied you with additional resources that might be helpful during your claim. Additionally, in case you need Legal Expert’s help with any other types of compensation claim, there are some more of our guides listed here too.
University Privacy Policies – A list of different privacy policies from the University of Exeter.
Information About Exam Results – Advice from the ICO for students whose exams used predicted grades because of the coronavirus pandemic.
Generalised Anxiety Disorder – Details of how anxiety is diagnosed and treated from the NHS.
Whiplash Compensation Claims – Advice on claiming for injuries like whiplash following a car accident.
Allergic Reaction Claims – This guide shows when a restaurant could be liable if you suffer an allergic reaction after eating.
Thank you for reading our guide to University of Exeter data breach claims.