Data breaches by universities are becoming ever more frequent. And considering the amount of personal data universities hold in relation to both their students and employees, they face an onerous responsibility in ensuring the safety and security of that data.
Universities, like many other large organisations, have been the targets of cyber and phishing attacks – which in practice can be very difficult to defend against as hackers employ ever more sophisticated methods in a bid to unlawfully obtain financial information and intellectual property. But unfortunately data breaches at universities caused by “human error” are becoming increasingly common. This is mainly due, it would appear, to inadequate staff training.
The security firm Redscan conducted a Freedom of Information request to which 86 universities have responded. According to the study, 46% of university staff had not received data security training in the past year and there was a similar lack of investment in student training.
You may be entitled to bring a claim for compensation if your university has breached your data.
We have helped our clients claim compensation for universities data breaches when:
- A university shared a student’s personal data in a group email
- A student’s form containing sensitive data was shared with another student’s parents
- A university shared an employee’s personal data with the students
The Information Commissioner’s Officer (ICO) also reports data breaches by universities who have failed to follow the rules regarding requests for information. Some examples are:
- University of Warwick’s failure to respond to the complainant’s request within the statutory time limits.
- University of Central Lancashire’s failure to issue a refusal notice in respect of requested information by
Quite rightly students expect universities to keep their personal data safe, and to process their data only for legitimate purposes. Their time at university ought to be an enjoyable experience – a time of learning and growth. The unauthorised disclosure of their personal information can lead to great distress and suffering. And universities need to do more to ensure that the student experience is not diminished by inadequate data protection policies.
If you believe your data has been breached by a university or any other educational establishment, whether you are a student or an employee, get in touch with our lawyers at DRM Legal to find out if you can bring a claim.