University Of Portsmouth Data Breach Compensation Claims Guide – How Much Compensation Can I Claim?
My Information Was Exposed By A Data Breach At The University Of Portsmouth, Could I Make A Claim?
In this guide, we are going to examine the concept of data breach claims against the University of Portsmouth.
Personal data protection should be taken seriously by every organisation that collects or processes personal information. This guide aims to show how, despite best intentions, your data can be exposed through multiple causes.
For example, a data breach could be caused by the failings of an organisation that was supposed to protect personal information. If your personal data is affected in a breach, you could suffer financial loss and psychological damage. Consequently, if this is due to the positive wrongful conduct of an organisation or institution that was supposed to protect your personal data, you could claim.
Unfortunately, we might not be able to answer every question that you have in this guide. That’s partly because no two claims are the same. Each has its own unique aspects.
However, our advisors can give free legal advice. They’re available 24/7 on 0800 073 8804 and they can answer any specific questions that you have.
Additionally, if you have solid grounds for a valid claim, they could connect you with our solicitors. However, you’ll be under no obligation to proceed with these services if you don’t want to.
Select A Section:
- A Guide On Data Breach Claims Against The University Of Portsmouth
- What Is A Data Breach At The University Of Portsmouth?
- Breaches Of The GDPR In Higher Education
- Action Taken By The ICO For Higher Education Data Breaches
- How Many Breaches Of Higher Education Data Security Have Happened?
- Criminal Cyber Attacks And Hacks Against Higher Education Institutions
- What Your Compensation Settlement Could Include
- Calculating Claims For Data Breaches By The University Of Portsmouth
- How A Data Breach Compensation Expert Could Help You
- No Win No Fee Data Breach Claims Against The University Of Portsmouth
- Contact One Of Our Experts
- Related Guides
A Guide On Data Breach Claims Against The University Of Portsmouth
Every organisation that keeps your personal data, or processes it, should comply with the UK General Data Protection Regulation (GDPR). The UK GDPR sits alongside the Data Protection Act 2018. The EU GDPR was enacted into UK law via the Data Protection Act.
Data protection law is created with the intention of keeping your personal data safe. But what happens when a failure in data protection compliance leads to a data breach involving your personal information? This guide explores the answer.
We start off by providing background information. We examine what a data breach is, and the specific problems faced by higher education providers in relation to storing personal data. You will also find some information about past data breaches in this educational sector.
Once this background has been laid, we move on to look at some information related to the claims process itself. You will find that we have listed some of the reasons why you might receive compensation for a data breach. We have also provided an example compensation table for your information.
In addition, we explain No Win No Fee: how it works and what the benefits can include.
Claim Time Limits
Something you might already understand is that there will be a time limit for starting your claim. The circumstances of your claim will decide the time limit. In general, you will have six years. Although this might only be one year if the claim involves human rights breaches.
Why not get in touch with our advisors to find out how long you have left to claim? They can tell you which time limit will apply.
Get More Help And Advice
Our advisors are here to help you. You can use the contact number at the end of this guide to get in touch with them. They’re ready to help 24 hours a day, 7 days a week. What’s more, their expert advice is free and they could connect you with our solicitors. But remember, you’ll be under no obligation to proceed with their services.
What Is A Data Breach At The University Of Portsmouth?
Personal data or personal information is anything that can identify you directly or in combination with other information. For example, your name, address and phone number would be examples of personal data.
A personal data breach begins with a security breach. This then leads to personal data being lost, destroyed, disclosed, accessed or altered without permission or unlawfully. It can happen through accidents or be deliberate. In addition, it can occur with personal information on physical documents or stored digitally.
Some digital data breaches are caused by cyberattacks. This is where cybercriminals make deliberate efforts to unlawfully attack online systems. Cyberattacks can take many forms, such as:
- Phishing – tricking somebody into exposing your data by impersonating an entity that has valid access to it.
- Man in the Middle (MitM) – where an unauthorised intruder intercepts communications between two parties.
- Drive-by download attacks – unintentionally downloading malicious code, leaving you vulnerable to a cyberattack.
- SQL injection – inserting malicious SQL statements into an entry field for action.
- Eavesdropping – gaining access to data by accessing it in transit across an unsecured network.
The Reality Of Cyber Attacks
A successful cyber attack will exploit a vulnerability in hardware, software or security to gain unlawful access to personal data. It is important to understand that it may not be the university itself that caused the breach to happen. It could be a data processor. Data processors are third parties (such as organisations) that process personal information at the request of data controllers.
A data controller is an organisation or institution that decides how and why they’ll process personal data. They may process this data themselves or get a data processor to do it.
A good example of this is the Blackbaud data breach that happened in 2020. Blackbaud is a cloud computing provider and suffered a cyberattack. Over 120 organisations, including several universities that used the Blackbaud platform, experienced personal data incidents relating to the Blackbaud data breach.
How A Data Breach Can Affect You
Some data breaches are trivial in nature, and won’t have any consequences. Others are serious and could cause you problems. For example:
- Identity theft – someone is able to take enough personal information from you to be able to act as you. For example, they may be able to take out new loans in your name, for which you suffer financially.
- Resale – your personal data might be resold to another criminal.
- Theft – a criminal may steal from your bank account if they’re able to access that personal data.
- Psychological – you could suffer mentally due to the stress of the data breach or the prospects of what it could lead to.
If a university’s positive wrongful conduct caused a data breach that involved your personal information, and you were affected mentally or financially as a result, you could claim.
Breaches Of The GDPR In Higher Education
University data protection policies should be robust. The purpose of compliance with the UK GDPR is, in part, to reduce the likelihood of a data breach, whether caused by accident or through malicious action.
The UK GDPR outlines 7 main principles for processing personal data:
- Lawfulness, fairness and transparency – the university should be open about how your personal data will be used.
- Purpose limitation – the type of data collected should be limited to the purposes of its use.
- Data minimisation – the university should keep the bare minimum data that is needed to fulfil its needs.
- Accuracy – personal data should be accurate and kept up to date.
- Storage limitation – data should not be stored indefinitely. It should be stored only as long as required for the pre-agreed purposes.
- Integrity and confidentiality – the university must make sure that it keeps your personal data secure.
- Accountability principle – the university must show that it complies with data protection law, and be ready to demonstrate compliance if called upon.
Your Rights Under The UK GDPR
UK GDPR provides you with a number of rights to help you to take control of the way that an organisation, such as a university, handles your personal data. There are eight individual rights that UK GDPR gives you. These are as below.
- Access – you can ask to be provided with a copy of the data stored.
- Erasure – you can ask to have your data deleted completely.
- Be informed – you can ask about how your data is used.
- Restriction of processing – to stop your data from being used in a specific way.
- Rectification – to have your data corrected.
- Portability – to obtain your personal data and re-use it.
- Objection – you can object to its use.
- Rights relating to automated decision-making
Action Taken By The ICO For Higher Education Data Breaches
The Information Commissioner’s Office (ICO) helps enforce compliance with data protection laws. If an organisation fails to follow data protection laws, the ICO could investigate and issue a fine.
How Many Breaches Of Higher Education Data Security Have Happened?
There have been a surprising number of data breaches involving educational establishments in the UK. A survey published in 2020, showed that 54% of UK universities had reported some type of data breach to the ICO in the 12 months prior to responding to the survey.
The same survey showed that only 54% of the staff at the universities had actually received training related to cybersecurity in the previous 12 months.
Criminal Cyber Attacks And Hacks Against Higher Education Institutions
We mentioned the Blackbaud hack previously. Eventually, it was discovered that many universities in different countries were affected by this attack. However, there have been more recent cyberattacks on universities.
Looking at March 2021 alone, three universities were the victims of cyberattacks. These were Queen’s University in Belfast, the University of Central Lancashire in Preston, and the University of the Highlands and Islands in Scotland.
The attack resulted in students not being able to submit assignments remotely. However, in regards to the University of Central Lancashire in Preston, personal data was apparently not lost due to the attack.
For information about potential justifications for data breach claims against the University of Portsmouth, call our advisors today.
What Your Compensation Settlement Could Include
If you do make a data breach claim against a university, you could use the services of a solicitor to help. If you do, your lawyer can tell you about the two different types of damages you might be able to claim.
After a data breach, you may suffer financial loss, especially if you have been the victim of identity theft. Compensation that covers this falls under material damages.
To claim material damages, you need to prove your financial losses caused by the breach. This could be through financial documentation such as bills or credit scores.
And then there is the psychological harm that the data breach could cause. Compensation that covers this falls under non-material damages.
To prove material damages, you’d attend a medical assessment as part of the claims process. During this assessment, an independent medical professional would check your condition to:
- Assess whether your psychological injuries were caused or worsened by the data breach (or whether there is no link). If it’s found that your injuries aren’t linked to the data breach, it may be difficult to claim.
- Assess the severity of the injuries.
The professional would then create a report, which your solicitor would use to help them with a valuation of the psychological harm done.
When Can You Claim?
Not all data breaches are caused by the data controller’s failings. It may do all it can to prevent a breach but one occurs regardless. However, if a data controller’s positive wrongful conduct causes a personal data breach, it could lead to a claim. You’d have to prove that your information was exposed in the breach and you consequently suffered psychiatric damage.
For example, if a university failed to put appropriate cybersecurity measures in place and your personal data was exposed during a cyberattack as a result, they could be at fault.
Calculating Claims For Data Breaches By The University Of Portsmouth
The compensation table below gives examples of recommended compensation ranges for the psychological harm a personal data breach causes. We used the guidelines produced by the Judicial College to make this table. These guidelines are used by legal professionals to help them value injuries.
|Type of Injury||How Severe?||More Information||Compensation Range|
|Psychological damage||Severe||The claimant would struggle with everyday life. The prognosis for this claimant would be very poor.||£51,460 to £108,620|
|Psychological damage||Moderately severe||The prognosis would be much better than the claimant above.||£17,900 to £51,460|
|Psychological damage||Moderate||There is a significant improvement and the prognosis will be positive.||£5,500 to £17,900|
|Psychological damage||Less severe||The award will take into account sleeplessness and how everyday activities are affected.||Up to £5,500|
|PTSD||Severe||The claimant will suffer permanent effects.||£56,180 to £94,470|
|PTSD||Less severe||The claimant will make an almost full recovery within 2 years.||Up to £7,680|
The case of Vidal-Hall and others v Google Inc  was heard by the Court of Appeal. During the case, it was decided that:
- Claimants could seek compensation for psychological damage even if they hadn’t suffered financial loss because of the data breach.
- Psychological harm can be valued as it is in personal injury claims.
If you can’t see your injury in the compensation table above, or you’re unsure of where your injury would fall, why not get in touch for a free, no-obligation estimate?
How A Data Breach Compensation Expert Could Help You
If you need to make a data breach claim against a university, you could do so with the support of a legal professional. Help from a solicitor that is familiar with the UK GDPR and data protection law could be beneficial.
Our solicitors can work for you from anywhere in the country. Therefore you won’t be restricted to the services of lawyers in your area. In addition, our solicitors offer their services on a No Win No Fee basis.
So here’s what you could do:
- Call our claims team on the number at the bottom of the page. Explain your situation and get your questions answered for free.
- An expert advisor will evaluate your claim, tell you what your legal options are, and whether we could help you further.
- You could be connected with our solicitors who could begin processing your claim for you under a No Win No Fee agreement.
This guide about the concept of data breach claims against the University of Portsmouth aims to give information to help you. But if you have unanswered questions, why not reach out?
No Win No Fee Data Breach Claims Against The University Of Portsmouth
You may be able to make your claim for university data breach compensation under a No Win No Fee agreement. Another term for a No Win No Fee agreement is a Conditional Fee Agreement (CFA). As this term suggests, the solicitor’s fee is conditional on the claim being won.
Essentially, this means that:
- You won’t pay any ongoing solicitor fees during the claim.
- Additionally, you won’t pay solicitor fees upfront.
- If the claim is not a success, the lawyer will not take their solicitor fee.
If the claim is won, a success fee will be due. However, it’s taken from the compensation once it comes through so that you’re not left out-of-pocket. Plus, it’s a small percentage and is legally limited.
We understand that you might need a fuller explanation of how No Win No Fee works. Therefore, you can call the number below any time of the day or night, 7 days a week. When you do, one of our expert advisors will answer any questions you have.
Contact One Of Our Experts
Do you have evidence of a justifiable claim? Then we could help. Please speak to one of our advisors.
- Contact us online so we can get back to you.
- Call us on 0800 073 8804.
- Use our live chat to get instant answers.
You can read some other guides we have published on this site. They may have more useful information for you.
You may also like to check these external links. Each of them has additional information.
Data Protection: a Government guide
Thank you for reading our guide that considers what evidence could justify potential data breach claims against the University of Portsmouth.
Written by Wheeler
Edited by Victorine