What Are My Rights After A University Data Breach?

If you have been the victim of a university data breach you may be eligible to make a compensation claim. You could be compensated for the financial loss and mental suffering that this has caused. Universities may hold a range of personal data, such as sensitive data. They may hold the data of staff, current students and alumni.

If your personal data has been involved in a university data breach, the consequences could be serious. You could suffer financial losses, damage to your reputation or career and may experience emotional distress.

At Accident Claims UK we could help you to claim data breach compensation. In our guide we look at what a personal data protection breach is and how they could happen. We also look at a case study involving the University of Manchester data breach. Finally we look at how you could be compensated and how a No Win No Fee solicitor could help you.

For more information please contact our team;

In front of a keyboard, a padlock says data breach.

Browse Our Guide

What Is A University Data Breach?

A university data breach is a breach of security which leads to the accidental or unlawful destruction, alteration, loss, unauthorised disclosure of or unauthorised access to personal data. A breach of personal data may be caused accidentally or deliberately.

A university may hold sensitive data such as that concerning,

  • Health data, including information on medical conditions.
  • Trade union membership and the membership of professional bodies.
  • Ethnic or racial origin.

Under the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR), a data controller or data processor has a responsibility to protect your personal data. The data controller is the party which decides when and how to process personal data. They may process this data themselves or outsource it to a data processor. A university may be both a data controller and processor, or may use a third party data processor. The Information Commissioner’s Office (ICO) provides more information on the UK GDPR and personal data breaches.

Compensation claims for data breaches could be made when,

  • A data controller or data processor had failed to adhere to the correct data protection legislation, resulting in a breach.
  • Your data was impacted.
  • You suffered mental harm, financial loss or both.

If you have been impacted by a data security incident, such as a student accommodation data breach, please contact our team.

How Could A University Data Breach Happen?

A university may store your personal data either electronically or physically (such as paper records, etc). A university data breach could happen due to human error or criminal activity, such as a ransomeware attack or other cyber incident. Cybercriminals may hack into university networks to access personal data.

To claim compensation for a cyber incident such as a ransomeware attack, you will need to demonstrate that the university did not have adequate cybersecurity measures in place.

Examples of how and when university data breach claims could be made include human error, such as;

  • Where a university has sent a letter containing personal or sensitive data to the wrong email address. This may be caused by simple human error but could expose sensitive data to the wrong person.
  • Where a school at a university sent a letter to the wrong address, such as sending correspondence to a previous address.
  • When salary information, including your name, address, tax details and national insurance number, are sent to the wrong person or address.
  • Where the university has lost a device that contained your personal data and was not password protected.

For more information about claiming for data breaches due to human error, please contact our team.

A computer keyboard has a button saying data breach.

Case Study: University of Manchester Data Breach

The ICO received a report that a ransomware attack had occurred on the University of Manchester. A news outlet then reported that the data of 1.1 million NHS patients may have been affected. The University held information in regards to major trauma patients across the country, and those who had been treated after terrorist attacks, for research purposes.

Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes. The University warned health officials that it did not know how many patients were affected or whether names had also been hacked.

www.independent.co.uk/news/health/nhs-patient-data-attack-b2364202.html

What Should I Do After A Data Breach?

if your data is involved in a data breach that affects your rights and freedoms, you should be contacted by the university without undue delay. They should explain that a breach has occured and what data may be involved. If you think there has been a data security breach at your university, but have not been notified, you can contact the university directly to find out if one has occurred and if you have been affected.

Following confirmation, there are steps which you can take. These can help you to make a university data breach compensation claim.

  • Keep a record of any correspondence between you and the university applicable to the breach. This may include any letter of notification with information on the breach, what data was impacted and steps they are taking.
  • Keep a record of any financially negative impacts the breach has had on you, such as a loss of earnings. You could keep copies of bank statements and payslips.
  • Contact credit reference agencies to see if any credit has been applied for in your name. This may indicate whether you have been impacted by identity theft.

You should also visit a medical professional. They can assess any psychological harm caused by the breach. This will ensure you get the treatment you need as well as provide medical evidence to submit as part of your compensation claim.

Individuals affected may also make a complaint and report the incident to the ICO.

A person sits at a computer keyboard.

How Much University Data Breach Compensation Could I Receive?

How much compensation you could receive for a university data breach will be dependent on your case. Each claim is unique and so without being able to assess your case fully, we can not say what you could be awarded.

If your claim is successful, the settlement could include compensation for your non-material damage, otherwise known as psychological harm. To calculate this, solicitors or others involved in the data breach claims process may refer to the Judicial College Guidelines (JCG). The JCG contains guideline recommendations on what may be awarded for different types of levels of harm. You may also be compensated for your material damage, which we look at shortly.

Below we provide guideline figures from the JCG on psychological injuries. Note, the first row has not been taken from the JCG. It illustrates how you could be compensated for both types of damage.

HarmSeverityNotesGuideline Compensation
Severe psychological harm + material damage.SevereCompensation for mental harm as well as material damage.Up to £250,000+ with material damage.
Psychological harmSevereThe parson has marked problems across all areas of their life.£66,920 to £141,240
Psychological harmModerately severeThe person has significant problems associated with relationships, education, work and life in general.£23,270 to £66,920
Psychological harmModerateThe person has marked improvement and a good prognosis.£7,150 to £23,270
Psychological harmLess severeDamages take the period of disability and extent of the impact on sleep, etc into account.£1,880 to £7,150
Anxiety disorderSevereThe person will have permanent effects preventing them working or functioning as before the injury.£73,050 to £122,850
Anxiety disorderModerately severeThere is better chance for progress in a recovery than above.£28,250 to £73,050
Anxiety disorderModerateWhilst largely recovered, the person could have some continuing symptoms that are not grossly disabling. £9,980 to £28,250
Anxiety disorderLess severeVirtually, a full recovery can be made in one to two years.£4,820 to £9,980

Can I Claim For Material Damage?

In addition to your settlement covering your non-material damage, such as an anxiety disorder caused by a university data breach, you could also be compensated for your material damage. Material damage refers to the additional expenses or financial losses caused by the data breach.

Examples of items you could be compensated for include,

  • The cost of therapy and psychological treatment for mental harm caused by the breach of personal data.
  • Loss of earnings caused by taking time off work because of the impact the breach has had on you.
  • The cost of relocating if you had to move home because of the impact of the breach on your safety.
  • The cost of any additional home security due to safety concerns caused by the breach.

For more information on how compensation for data breaches could be awarded, speak to a member of our team.

Why Use A No Win No Fee Solicitor To Claim Data Breach Compensation?

If you have been impacted by a university data breach you could be eligible to claim compensation with the support of a solicitor working on a No Win No Fee basis. One of our data solicitors could handle claims for data breaches through a Conditional Fee Agreement (CFA).

Under a CFA, you don’t pay for your solicitor’s services upfront or throughout the claim. Instead, you will only need to pay a success fee if you win your claim. This is a legally-capped percentage of your compensation.

For more information on how a No Win No Fee solicitor could help you, please contact our team.

A lawyer works on a university data breach claim.

More Resources About Data Breach Claims

Below we have included further resources related to claims for data breaches:

Further resources:

Thank you for reading our guide on your rights after a university data breach. For more information, please contact our team.