University Of The Arts London Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For University Of The Arts London Data Breach
My Information Was Exposed In A University Data Breach, Could I Claim Compensation?
Have you been the victim of a University of the Arts London data breach and are looking into whether you could make a claim for compensation? If so, this guide to data breach claims against the University of the Arts London could be very useful to you.
All organisations, including universities, must take great care to protect the personal information of staff, students and alumni. This is their legal obligation under the General Data Protection Regulation and the Data Protection Act 2018. A failure to protect private information could cause you to suffer financial and psychological harm, and if you suffer such harm, under data protection law, you could claim compensation.
In the sections below, we look at how data breaches at UAL could occur, as well as discussing the types of data breach compensation you could be eligible to claim.
We also take a look at how GDPR affects universities and how the risk of a data breach at the University of the Arts London could be reduced.
Finally, we offer some insight into how Legal Expert could connect you to a specialist lawyer to help you begin a data breach claim against a University. If you would like to speak to us directly to begin your claim or have any questions about your case, you can reach us by calling our freephone advice line on 0800 073 8804.
Select A Section
- A Guide To Data Breach Claims Against The University Of The Arts London
- What Are Data Breaches At UAL?
- GDPR And Educational Institutions
- Universities Impacted By Data Breaches
- University Data Breach Statistics
- Criminal Breaches In Information Security
- Types Of Data Breach Compensation
- Calculate Your Data Breach Settlement Against UAL
- How Do I Claim For A Data Breach?
- No Win No Fee Data Breach Claims Against The University Of The Arts London
- Talk To A Member Of Our Team
- Related Claims Guides
Whether you are a member of staff or a former or current student at the University of the Arts London, they would need to, at some point, collect and process some of your personal information. In doing so, they would become a data controller, and as such, they would need to abide by data protection law. If your data is breached and you suffer financial or non-material harm as a result, you could be eligible to make a claim for a data breach by the University of the Arts London.
This guide to data breach claims against the University of the Arts London explains the situations in which a case could be justified. Below, we describe just what we mean by personal data, and how universities should protect not just the data security of what they hold on a computer but also data they hold in document form. We also explain the types of compensation you could be eligible for, and how to go about reporting a breach of data protection to the Information Commissioner’s Office.
At the end of this guide, you can find further reference material, as well as information about how we could help you launch a claim for compensation. We hope you find this guidance useful. If you’re ready to begin your claim, or you’d like a free, no-obligation eligibility check, you can contact our friendly advisors at any time. You’ll find our contact information at the end of this guide.
Under the General Data Protection Regulation, and its enshrinement in UK law in the form of the Data Protection Act 2018, every data controller that processes personal data has a legal obligation to protect it.
If they don’t, victims of data breaches who suffer financial or mental damage could be eligible to claim compensation. But before we explain how a university data breach could lead to compensation, we should first explain what personal information is and how it could be breached.
What Is Personal Information?
Personal data is, by ICO definition, data that can identify you, either on its own or when it is used with other information.
Examples of such data could include:
- Contact information
- Names, addresses, dates of birth
- Your IP address or e-mail address
- A student identification number
- Financial information
- Medical information
What Is A Data Breach?
A personal data breach is defined by the Information Commissioner’s Office (ICO) as being a data security incident that affects the availability, integrity or confidentiality of personal information. This could include situations where personal data is:
- Accidentally destroyed, lost, disclosed or corrupted
- Accessed or transmitted without proper authorisation
- Made unavailable, which has a negative impact on the data subject
How Could A Breach Happen?
A university data breach could result from a malicious cyber-attack. It could also result from human error or negligence. Some examples breaches of data include:
- A failure to maintain cybersecurity software, such as a firewall, for example, leading to a breach
- A member of staff sending student information to the wrong recipient
- Someone accessing unlocked filing cabinets with personal information contained in them without authorisation
- A hacker using a bot, malware, a virus, spyware, ransomware or DDoS attacks to access/steal personal information
- Phishing attacks
- Theft or loss of computer equipment containing private information
How Could A Breach Affect A Victim?
There could be a number of unwanted consequences of a University of the Arts London data breach. They could include:
- A loss of privacy – This could also cause reputational damage, particularly if sensitive information is breached.
- Financial expense – particularly if someone is able to access your financial information. They could use this information to commit identity fraud or access your bank accounts, for example.
- Emotional harm – A privacy violation could cause undue stress, anxiety and depression
While data breach claims against the University of the Arts London would not erase what has happened, they could help to compensate you for the harm you’ve suffered because of them.
GDPR is the strictest most wide-reaching data privacy and data security law in the world. The UK’s application of GDPR, which came into force in 2018, is enshrined in UK law in the form of the Data Protection Act 2018. It requires any organisation that takes part in data processing to safeguard private information relating to its data subjects. They should do so in line with the below principles:
- Personal data processing must be lawful, transparent and fair
- Data must be collected for legitimate and clear purposes
- The data must be relevant, adequate and limited to what is necessary
- It must be accurate and up to date
- Data processing information should only be kept for as long as necessary
- It should also be secured against unlawful and unauthorised processing, accidental losses, damage and destruction
Data controllers should also be able to demonstrate their data security compliance. If a data breach occurs at UAL and GDPR is breached, this could lead to an investigation by the Information Commissioner’s Office.
The ICO could issue penalties for insufficient information security. In addition to this, GDPR allows victims of non-material harm and material harm caused by data breaches to claim compensation for such damages.
If you’re wondering what university data breaches have happened in the past, let us draw your attention to a few examples.
The Blackbaud Hack
Blackbaud, a database services provider for a number of UK universities, was the victim of a ransomware attack in 2020. The company paid an undisclosed figure to the perpetrator of the cyberattack. They were confident that the data stolen in the cyber-attack was destroyed. They also confirmed that no financial information was involved.
However, this could still represent a data breach for students staff and alumni of the following UK universities:
- Newcastle University
- University College, Oxford
- University of London
- Oxford Brookes University
- Loughborough University
- York University
- University of Exeter
- Leeds University
- University of Reading
It should be noted that a claim would likely be pursued against Blackbaud directly as a data processor, rather than the universities.
Accidental Data Breaches
An accidental data protection breach affected students at the University of East Anglia back in 2017. The breach involved a member of staff accidentally sending the sensitive personal information of students to around 300 people. The details sent included bereavement details, personal issues and health problems. The University’s insurers paid approximately £140,000 in compensation.
Another accidental data breach cost the University of Greenwich £120,000 in ICO penalties. According to the ICO’s report, the university breached nearly 20,000 people’s data when they left a microsite online and failed to protect it. According to the investigation, multiple attackers gained access to the microsite, which contained contact information and some staff sickness records.
No matter whether a breach was accidental or the result of malicious behaviour, our solicitors could help victims of such breaches make data breach claims against the University of the Arts London provided they can show the breach causesdthem financial or mental harm.
If you’re wondering how common university data protection breaches are, the following reports may interest you.
According to Redscan, 46% of university staff in the UK who responded to a survey has not received data security training in the 12 months prior to the survey. The report they refer to also highlighted that there was a lack of investment in student cyber safety training too. Around 51% of the university respondents revealed that they provide security training to their students.
In addition to this, the report found that universities received millions of phishing attempts in 2019. One university reportedly detected approximately 130 million attempts. Another institution revealed that attacks had risen 50% since 2019.
One of the reasons that universities should take great care with data security and cyber safety training is that they could be considered at risk of criminal acts. According to the Cyber Security Breaches Survey 2020, some of the most common incidents that lead to data breaches include:
- Fraudulent e-mails, or e-mails directing recipients to fraudulent websites
- Others impersonating the organisation online or in emails
- Malware, viruses or spyware
- Hacking of bank accounts or attempted hacking
- Unauthorised use of servers, networks or computers by outsiders
- Use of servers, networks or computers without authority by staff
In addition to this, universities could be at risk of having sensitive data stolen by hackers. Many universities conduct research, which could be valuable to a cyber-criminal.
According to media reports, the National Cyber Security Centre (NCSC) believed universities in the UK were targeted by those looking to steal coronavirus research information, including that on the development of vaccines in 2020.
Data breach claims against the University of the Arts London could include compensation for financial expense caused by a data breach. However, this is not the only compensation you could claim. GDPR and the Data Protection Act 2018 allows victims of data breaches to claim for both non-material and material damages.
- Material Damages – these are the financial costs of a data breach. If, for example, someone uses your financial information to steal money from you, the cost could be recoverable.
- Non-Material Damages – these are non-pecuniary damages. They have no specific price tag. They could include damages for loss of privacy, damage to a person’s reputation and even psychological harm.
Legal Precedent For Claiming Psychological Injury
In 2015, a case set a legal precedent that could allow those who suffer psychological injuries from a data breach to claim compensation. In Vidal-Hall and others v Google Inc , the Court of Appeal spoke about awards for psychological injuries and said such awards could be considered even if there is no financial damage.
Previously, it was necessary to suffer financial harm to claim compensation for mental damage too. Therefore, eligible claimants could claim damages for stress, distress, anxiety and depression caused by a data breach.
If you’re wondering how data breach claims against the University of the Arts London could be calculated, this is something that would be done on a case by case basis. Data breach solicitors and courts would need to assess the evidence, facts and circumstances of the case before they could arrive at an appropriate value.
During the claims process, you would need to attend a medical assessment appointment with an impartial specialist. You would only do this if you intend to claim for psychological injury.
They would be able to assess you and ask questions about how the breach has affected you. They would write a report detailing their professional opinion on your condition and prognosis. This document could be used to help value your claim.
Solicitors and courts could also look at the Judicial College Guidelines, a regularly updated publication, to hone in on a value for your claim. To give you a rough idea of how much different levels of psychological injury could be worth, we have created a table with the guideline compensation brackets for such injuries.
|Type of injury||Severity Level||JCG Payout Bracket|
|A general psychological injury||Severe||£51,460 to £108,620|
|PTSD||Severe||£56,180 to £94,470|
|PTSD||Moderately severe||£21,730 to £56,180|
|A general psychological injury||Moderately severe||£17,900 to £51,460|
|PTSD||Moderate||£7,680 to £21,730|
|A general psychological injury||Moderate||£5,500 to £17,900|
|PTSD||Less severe||Up to £7,680|
|A general psychological injury||Less severe||Up to £5,500|
If you think that the University of the Arts London has breached your data, you should report it. You should initially report your concerns to the university, according to the ICO. When you report your concerns, you could include a description of what data you believe they have breached.
You could also mention how the breach affects you. You could ask for a copy of the university data breach policy and ask them to look into your concerns. They should work with you to resolve the issue. If they do not, you could report the breach to the ICO directly.
However, the ICO may choose not to investigate your report if you leave it too long. If the ICO believes there has been an undue delay in reporting a data breach, it may not choose to investigate.
Does Reporting Data Breaches To The ICO Prevent Me From Making A Claim?
Whether you’re reporting data breaches to the ICO or not, it’s possible for you to make data breach claims against the University of the Arts London if they have not responded to your report satisfactorily.
If 3 months have gone by since you’ve had contact from them about your report, you could seek legal advice and make a claim for compensation.
Did you know you could make data breach claims against the University of the Arts London without having to pay legal fees upfront? With No Win No Fee claims, there’s no requirement to pay fees until your claim ends and compensation comes through.
How Do No Win No Fee Claims Work?
The process of making a No Win No Fee claim is simple:
- Your chosen data breach solicitor sends you a document called a No Win No Fee Agreement, or Conditional Fee Agreement. It contains details of the success fee you’d need to pay your solicitor out of your compensation award. This small, legally capped percentage of your compensation is only payable if your claim ends with a payout.
- You sign and send back the agreement and your solicitor begins to put your case together. They would try and negotiate a settlement directly with the university or their insurers. If they refuse or dispute your claim your solicitor could file legal paperwork and help you take them to court.
- Once your lawyer has obtained a settlement or award for you, they deduct the fee we mentioned, and the rest is for your benefit.
What If There’s No Compensation?
If the claim doesn’t succeed, there’s no obligation on your part to pay your lawyer their fees. We have created a more detailed guide on No Win No Fee to show you how these claims work, which you can read here. Otherwise, if you’d like to ask us any questions about these payment terms, we’d be happy to discuss this over the phone.
If you’d like to learn more about making data breach claims against the University of the Arts London, we’d like to help you. We’d be glad to answer any questions you have about making a claim for a data protection breach, whether it was as the result of unsafe software, a breach of the university’s cloud information or a simple staff error.
When you call us, we’ll be able to assess your case for free, to see if you’d be eligible to claim. If we believe you could have a valid claim, we’d be happy to connect you with a No Win No Fee data breach lawyer who could help you get the compensation you deserve. To reach of friendly team, simply:
- Call 0800 073 8804
- E-mail firstname.lastname@example.org
- Write to us using our online contact form
- Or use our Live Chat to message our team
ICO Protecting Data Transfers Via VPN – In this guide, the ICO discusses protecting transferred data by using a virtual private network.
A Data Protection Guide – The ICO has issued guidance to organisations showing how they should protect personal data.
Reporting Data Breaches – If you’re considering making a data breach report, this page could help you.
Data Breach and Stress – A guide discussing seeking compensation for distress and psychological harm caused by a data breach.
Data Loss, What Are My Rights? – Has your data been lost in a cyberattack, or because of an error? If so, find out whether you could claim compensation.
Employer Data Breaches – If you work for a university and they’ve breached your data, this guide could be useful.
Thanks for reading our guide to data breach claims against the University Of The Arts London.
Guide by Jeffries
Edited by Billing