How To Claim For An Exam Results Data Breach

How To Claim For An Exam Results Data Breach

How To Claim For An Exam Results Data Breach

An exam results data breach could happen for a variety of reasons. The education institution may accidentally publish them on its website by mistake or your result could be sent to another student. This may cause you both stress and anxiety. In this guide, we will look at whether you could make a data breach claim should your exam results be leaked or exposed.

A personal data breach compensation claim could be made if an organisation that requires your personal data (a data controller) failed to adhere to the data security laws in this country and as a result personal information was breached. 

Moreover, in this guide, we will go through the claims process of a personal data breach and how one could potentially impact your mental and financial health. Advising you on the ways that a data breach could take place and the different forms they can present themselves. 

Our advisors can answer any of your questions about the claims process. You can contact us through: 

Select A Section

  1. Are Exam Results Personal Data?
  2. Where Could An Exam Results Data Breach Happen?
  3. What Data Could Be Affected?
  4. What To Do If A Data Breach Occurs?
  5. Calculating Compensation For An Exam Results Data Breach
  6. Start An Exam Results Data Breach Claim

Are Exam Results Personal Data?

Data protection laws in this country cover any information that can be used to identify you. So this could include:

  • Full name – first, middle and last name 
  • Student ID numbers 
  • Student email address 
  • Date of birth
  • Home address 

Not all data is protected by data security laws. Personal and sensitive data are both protected by these laws. This means that any data which is processed digitally or physically and is personal to you will be protected.

If you wish to make a data breach claim for breached exam results then you must meet the following criteria:

  • Personal data was included in the breach.
  • The data controller/educational institution was responsible for the breach because they failed to adhere to the applicable data laws.
  • You suffered mentally and/or physically as a result.

The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 to protect all forms of personal data. Both laws seek to give you, the data subject, a lot more rights when it comes to your personal and sensitive information.

These laws also apply strict rules to how data controllers and processors must handle the data they collect. Such law states that there must be a lawful basis for the sharing of this information and the organisation must comply with 7 Core Principles.

What Is An Exam Results Data Breach?

A personal data breach is a security issue that results in personal and sensitive data being destroyed, lost, stolen, altered, accessed, or disclosed. Not all data breaches will mean that a party is liable. A data controller could have done all they could to protect and secure the information but a breach still happened. Cybercriminals can be responsible for data breaches but the vast majority happen through human error.

There are, usually, time limits when it comes to making a personal data breach claim. It is 6 years or if a public body was involved in a data breach, the time limit would be reduced to a year. 

How Commonly Do Data Breaches Happen?

The ICO publishes, every financial quarter, data security trends. We have used their statistics from the third fiscal quarter of 2021/22 below to look at the data security incidents that have happened in the education sector.

  • Alteration of personal data – 2
  • Data emailed to incorrect recipient – 78
  • Information of wrong data subject shown in client portal – 6
  • Data posted or faxed to incorrect recipient – 11
  • Failure to redact – 19
  • Failure to use bcc – 15
  • Incorrect disposal of paperwork – 3
  • Loss/theft of device containing personal data – 11
  • Loss/theft of paperwork or data left in insecure location – 31
  • Not Provided – 5
  • Other non-cyber incident – 81
  • Unauthorised access – 29
  • Verbal disclosure of personal data – 20

The data range runs from 01/10/2021 – 31/12/2021 and looks solely at non-cyber security incidents. We have not included the cyber security data incidents in these statistics.

Where Could An Exam Results Data Breach Happen?

Educational institutions collect and distribute exam results to their students. The exam board, primary schools, secondary schools, colleges and universities all could be affected by a data breach. 

If a data breach were to occur within an educational institution, that affects the rights and freedoms of their students they must inform those affected straight away. They also have a duty to report this to the ICO.

.Example scenarios of data breaches:

    • Sent exam results to the wrong participant: If an examination board or a school sent exam results to the wrong student, the student who should have received the results could be impacted negatively. 
    • Loss/Theft of paperwork or data left in an insecure location: Members of staff could leave folders containing students’ exam results in an insecure location. 
    • Poor IT defence systems could mean hackers could easily infiltrate databases and steal students’ exam results.

What Data Could Be Affected?

All data could be affected by a data breach. As we said earlier it is only personal and personally sensitive data that is protected by data security laws. Personal data means information that can identify you or be used in conjunction with other data to do the same. 

Sensitive data or special category data requires even more protection and can include information about:

  • Racial or ethnic background 
  • Political choices 
  • Religion 
  • Trade union membership
  • Genetic data
  • Biometric data 
  • Health data
  • Sex life; and
  • Sexual orientation.

Lots of the information here could be included in your exam results, especially data such as your name, address, DOB, student number etc. If this information is leaked or exposed causing you harm, get in contact with us today. 

What To Do If A Data Breach Occurs?

If a school, college or university has suffered a data breach then it could affect the student’s and staff’s personal data. If you have experienced an exam results data breach you may be confused about what steps you can take?. 

The school, college or university should inform you if your information has been involved in a data breach. But this is mainly only if it affects your rights and freedoms. If you receive information from the educational institution about the breach, it would be wise to keep all correspondence in case you have a valid data breach claim. 

If you suspect a data breach has happened but no one has contacted you, you can make a complaint to the organisation you think has suffered the breach. You can ask if a breach has taken place, if your data was involved and what they plan to do about it.

You could also file a complaint with the ICO. After the complaint has been filed, the ICO could open an investigation into the complaint. If you need to make a complaint, it should be in a good amount of detail, as well as include information on how the breach happened as you believe it to have happened.  

The ICO have the power to issue penalties to organisations, but they do not award compensation. All of the steps above can be used when gathering evidence for your case so are all important steps. The advice of a data breach specialist is also vital. Contact our team today for more information. 

Calculating Compensation For An Exam Results Data Breach

The Judicial College guidelines are produced to aid in the valuation of your claim. These compensation brackets are based on previously settled court cases and would differ on a case by case bases. 

Forms of mental health issuesCompensation BracketDescription of the injury
Anxiety Disorder: Severe£59,860 to £100,670Specific diagnosis of a reactive psychiatric disorder. All aspects of the life of the injured person will be badly affected.
Anxiety Disorder: Moderately Severe£23,150 to £59,860The claimant will have better prognosis which will be for some recovery with professional help.
Anxiety Disorder: Moderate £8,180 to £23,150A good recovery made. Any symptoms that persist will only be minor.
Anxiety Disorder: Less Severe£3,950 to £8,180A full recovery is expected between one and two years.
Mental Health Issues: Severe£54,830 to £115,730The person's ability to cope with life, education and work will be significantly and permanently effected.
Mental Health Issues: Moderately Severe£19,070 to £54,830Significant issues at the outset that affects all aspects of the claimant's life. But there is room for some recovery.
Mental Health Issues: Moderate£5,860 to £19,070There will already be improvement's made.
Mental Health Issues: Less Severe £1,540 to £5,860The period of disability and the extent to which daily life is affected will drive the amount awarded.

The table shows the different types of mental health problems you could suffer as a result of your data being breached. The amount of compensation shown may vary on a case by case basis, this is because there are many different factors that go into determining the amount of compensation. This includes the severity of the injury and the ways it has impacted your life. 

Types of damages 

Compensation is broken down into two categories. These two categories are called material damages and non-material damages. 

Material damages are used for compensating the financial impact that the data breach has incurred on you. Whereas non-material damages are used for compensating the mental harm and illness that you might have endured as a result. 

It would be usual to have knowledge of the case of Vidal-Hall and others v Google [2015], before this case, you would have only been able to claim for non-material damages if you also claimed for material damages. After the Court of Appeal heard this case, it was concluded that you could seek out non-material damages alone. 

Start An Exam Results Data Breach Claim

A No Win No Fee agreement, or a Conditional Fee Agreement CFA can be used to fund the service provided by a solicitor. This means no upfront payments for the solicitor to begin work on your case. If the case fails you do not pay a success fee to the solicitor. Should the case wins you pay a capped percentage of the settlement to the solicitor as their success fee. 

If you have any further questions on No Win No Fee agreements or whether you can claim for an exam results data breach get in touch with us today. Our advisors can be contacted through: 

When Could You Claim Against An Educational Institution?

We have additional resources, articles and guides on how to make a claim for a personal data breach.

Below, we have collected some external links for you to have a look through.

The ICO has a wealth of resources when it comes to data breaches.

Furthermore, if you require any further information if you have been affected by an exam results data breach get in contact with us today.