Welcome to our guide to making a nursery data breach claim. When you register your child with a new nursery, not only do you need to provide their details to the operator, but you’ll also need to provide information about yourself. The nursery registration form may explain how that information will be processed and may ask you to consent to it being used. That’s due to new rules set out in the General Data Protection Regulation (GDPR). In this article, we will review how a nursery data breach could result in you suffering. Furthermore, we will show you when you could receive data breach compensation for any suffering and how much you might receive.
I Suffered A Psychological Injury After A Nursery Data Breach, What Are My Rights?
We are here to help you if you would like to discuss your case, whether it relates to a school data breach, university data breach or nursery data breach. We begin by offering a telephone consultation to review what’s happened. During your call, you can ask as many questions about the claims process as you like. Also, you will be given free legal advice on the options that are available.
You won’t be under any obligation to claim but, if your case appears to be suitable, we could partner you with one of our specialist data breach solicitors. Importantly, if they take you on as a client, they will represent you on a No Win No Fee basis.
If you would like one of our specialists to assess your claim for free, why not call our advisors today? Our number is 0800 073 8801. We will review your evidence and provide advice, whether you go on to claim or not. Alternatively to learn more about claiming for nursery data breaches before you call us, please continue reading.
Select A Section
- A Guide To Personal Data Breach Claims Against A Nursery
- What Personal Data Could A Nursery Hold About Me?
- What Is A Personal Data Breach Claim Against A Nursery?
- Action A Nursery Should Take If They Have A Data Breach
- Examples Data Breaches By Nurseries
- What Rights Are Available To You In Relation To The GDPR And Data Breaches?
- Evidence You May Need To Make A Personal Data Breach Claim
- Nursery Data Breach Compensation Calculator
- Can You Be Compensated For Material And Non-Material Damages?
- No Win No Fee Claims For A Nursery Data Breach
- Talk To Our Team
- FAQs On GDPR And Data Breach Claims
- Related Guides
A Guide To Personal Data Breach Claims Against A Nursery
In the past, data protection may have seemed more important to those organisations that held sensitive data, like banks or hospitals. However, since the introduction of the GDPR, it has become more relevant to smaller businesses as well. That’s because the type of information they hold could cause serious problems for you if it were to be leaked.
Fortunately, the Data Protection Act 2018 (as well as the GDPR) means the rules around data safety have been tightened. Organisations that decide how and why your data will be used (data controllers) must now have a lawful basis to process information about you. Generally, that means they should tell you why they want to use your data and may also ask you to agree to its use too.
All businesses that process personal information need to register with the Information Commissioner’s Office (ICO). If there is a breach of the GDPR’s rules, the ICO could begin an investigation. Should they find fault in the way an organisation works, they could guide them to make changes or issue them with a fine.
Importantly, though, they are not able to issue compensation to anybody harmed by the breach. For that reason, we have written this article on how to claim for any suffering caused by a nursery data breach.
If you are contemplating a claim, we should tell you that there is a time limit that you must adhere to. Mostly, that is a 6-year limitation period. However, it may be worth verifying that with our team as claims relating to human rights breaches only have 1 year.
What Personal Data Could A Nursery Hold About Me?
When you register your child with a new nursery, they are likely to ask for a lot of details about you on the application form. Without the information, it would be difficult for them to manage their relationship with you or contact you in an emergency. However, have you ever considered what personal information could be held on your file? Well, it may include:
- Your full name.
- Home address.
- Mobile number or home telephone number.
- Email address.
- Details of your next of kin or emergency contact.
- Your bank or credit card details.
- Your child’s medical information.
This list isn’t comprehensive but it does give some idea of how much information you might hand over. Now think about how that data could be used if it got into the wrong hands. One example is that a criminal could use it to conduct identity theft which could result in you losing money.
As well as trying to keep this information safe, in most cases the nursery can’t share it with others unless you’ve agreed. For example, they could not give your email address to a photography company to try and sell you photos of your child without your prior permission.
What Is A Personal Data Breach Claim Against A Nursery?
It might be hard to imagine that a nursery would be targeted by cybercriminals, but it could happen. Exploits using phishing emails, ransomware, viruses or malware could be used to try and extort money from the company that operates the nursery.
However, non-digital data is also covered by the GDPR too. For example, if the nursery stores personal information in a filing cabinet, it should be kept locked to prevent unauthorised access.
As defined in the GDPR, a personal data breach results from some type of security incident that allows data about you to be changed, destroyed, accessed, lost or disclosed in a way that you’ve not agreed to. Importantly, it does not matter if the breach was illegal, deliberate or accidental, you could still claim if it resulted in you suffering and you could prove wrongdoing by the organisation.
Here are a few examples of nursery data breaches that could cause you to suffer:
- An unauthorised party is able to phone the nursery, request your child’s details and have them emailed to them because their identity wasn’t verified.
- A letter containing you or your child’s personal information is sent to the wrong address and accessed by the recipient.
- Old records are thrown away in the general rubbish bin and end up in the public domain rather than being securely shredded.
Action A Nursery Should Take If They Have A Data Breach
Should the company that operates a nursery find out about a potential data breach, they could have to:
- Investigate it.
- Report it to the ICO if it’s notifiable.
- Tell any data subjects about it if their rights or freedoms could be at risk.
Examples Data Breaches By Nurseries
On the ICO website, you are able to view details of the action it has taken. At the time we wrote this article, there were no reports of action being taken against individual nurseries. Therefore, we will look at a reported data breach about a webcam system used in some nurseries instead.
The NuseryCam system is used to allow parents to view what’s going on in their child’s nursery. In February 2021, the company had to shut down its servers after a loophole meant data from parents’ viewing accounts were accessible.
The report said that names, usernames, passwords and email addresses were all accessible in the breach.
As required by law, the company reported the incident to the ICO.
Nursery Data Breach Statistics
Are you wondering how common and nursery data breach could be? If so, let us take a look at the ICO statistics. According to the reports they received in Q2 2021-22, 313 data breach reports related to the education and childcare sector. 249 of these incidents were not related to cyber security breaches. The remaining 64 were cyber related. We can take a look at how the education and childcare sector performs against other sectors below.
We don’t have insight into how many of the education and childcare breaches involved a nursery data breach. However, we can look at the common causes of data security incidents across all sectors.
You might be surprised to know that sending information to the wrong recipient via email is the top cause of data breaches in the period we have just discussed. Following this are other non cyber causes followed by unauthorised access incidents and phishing.
What Rights Do You Have In Relation To The GDPR And Data Breaches?
As well as setting out how companies should manage data security, the GDPR also gives you a number of rights. They are:
- The right to be informed about when, how and why your personal information will be processed.
- A right to request copies of or access the data companies hold about you.
- A right to ask a data controller to amend inaccurate personal information.
- The right to have your personal data deleted.
- A right to restrict the processing of your personal information.
- A right to data portability. (This means that you’ll receive data in a format that is easy to use.)
- The right to object to your data being used.
- Rights regarding how your data is used in relation to profiling or automated decision making.
To fully understand your rights according to the GDPR, please refer to this ICO page.
Evidence You May Need To Make A Personal Data Breach Claim
When you make any type of compensation claim, you will need to supply evidence to explain what happened, who was liable and what you suffered. In the case of data breach claims, the following evidence could be used:
- Medical records that show any diagnosed conditions like data breach distress, post-traumatic stress disorder (PTSD) anxiety or depression. Additionally, an independent medical report that we’ll discuss in the next section could prove useful.
- Emails or letters from the data controller confirming that a breach took place and that you were affected.
- An ICO investigation report to show what happened and the information that was leaked.
- Financial documents like bank statements to help prove the level of financial losses you’ve sustained because of the breach.
If you call our advisors for free legal advice, a member of our team will review your evidence with you. As well as explaining your options to you, they could refer your case to one of our data breach solicitors. If they agree to work for you, they’ll do so on a No Win No Fee basis.
Nursery Data Breach Compensation Calculator
amount of compensation you could claim for a nursery data breach for psychological injuries, we could tell you about two important cases that could affect your compensation. Both cases set legal precedents regarding compensation for data breach psychological harm. In Vidal-Hall and others v Google Inc it was held that you could claim compensation for psychological damage even if you have not been harmed financially by a data breach. In Gulati & Ors v MGN Ltd , the judge held that compensation awards for psychological injuries from data breaches could be calculated in a similar fashion to that in personal injury cases.
This means we can use the Judicial College Guidelines to give you some insight into the amount of compensation you could claim. We use figures from this publication to create a table below that could give you some rough guidance on compensation amounts.
|Suffering resulting from post-traumatic stress injuries||£56,180 to £94,470||Severe|
|£21,730 to £56,180||Moderately severe|
|£7,680 to £21,730||Moderate|
|Up to £7,680||Less severe|
|Suffering caused by psychological injuries||£51,460 to £108,620||Severe|
|£17,900 to £51,460||Moderately severe|
|£5,500 to £17,900||Moderate|
|Up to £5,500||Less severe|
It is important to mention that you should have an independent medical assessment during your claim. That’s because the severity of your injuries is a factor used to determine how much compensation is awarded. If you work with Accident Claims UK, your appointment will usually be arranged locally.
The meeting will be conducted by an independent medical professional. During the meeting, they will ask questions relating to your suffering and refer to any available medical records. After they’ve completed the assessment a report detailing your injuries and your prognosis will be prepared and sent to your solicitor.
Can You Be Compensated For Material And Non-Material Damages?
When you start a claim for the harm caused by a data breach, it could be composed of two heads of compensation. They are material and non-material damages, which we shall look at in a moment. Importantly, for both elements, you will need to look at the harm that has already been caused as well as any that could result in the future.
Non-material damages are compensation that could be paid to cover any pain or suffering that has resulted from the breach. Generally, this could be used where you’ve suffered psychological injuries like anxiety, distress and similar conditions. If your medical assessment says that you will continue to suffer from these problems in the future, that should be considered during your claim.
Material damages might be claimed if you have sustained monetary losses as a result of the data breach. The amount you could claim would include money that has already been lost. This could include expenses you’ve incurred because of the breach as well. Then you might need to look at additional future losses too. For example, if your credit file is damaged by criminals using your details, it might mean you have to pay higher rates for financial products until the damage is repaired.
We advise that having legal representation could make the process of claiming easier. Moreover, we believe it can increase your chances of being compensated correctly. If you work with us, we could connect you to a specialist data breach solicitor if your case is suitable. Using their experience, they would conduct a thorough review of your case to ensure all aspects of your suffering are represented by your claim.
No Win No Fee Claims For A Nursery Data Breach
If you are considering claiming for the suffering caused by a nursery data breach, you may be pleased to hear that we provide a No Win No Fee service. If your claim is accepted, you’ll get access to one of our experienced solicitors.
Before a solicitor agrees to represent you, they will need to review your chances of success. If they decide to take your claim on, you’ll be given a Conditional Fee Agreement (CFA). This will show you what needs to be achieved before you’ll need to pay your solicitor. Furthermore, it will show you that:
- Your solicitor won’t ask to be paid their success fees in advance.
- There won’t be any solicitor’s fees payable during the claims process.
- If your case fails, you don’t need to pay any solicitor’s fees.
In the event that there is a positive outcome, your solicitor’s work will be paid for by a success fee. This is a set percentage of your compensation. So that you are aware of the fee before you sign up with the solicitor, it is clearly listed in your CFA. Legally, success fees are capped so that you aren’t overcharged.
Talk To Our Team
It’s now time to let you know how to get in touch if you would like to claim. To begin a nursery data breach claim, you can:
- Contact our advisors on 0800 073 8801 to discuss your options.
- Get in touch online using this enquiry form and we will call you back.
- Use our online chat to explain how you’ve been affected by a data breach.
- Send an email to email@example.com to start the ball rolling.
We won’t waste your time with irrelevant questions when you call and we will be fully open about your chances of making a successful claim. After your case has been reviewed, we could partner you with one of our data breach lawyers who’ll provide a No Win No Fee service if your claim is accepted.
FAQs On GDPR And Data Breach Claims
Let’s now look at some common questions relating to data breaches. If your question has not been answered in our guide, please feel free to contact us.
What is a breach of the GDPR?
Breaches of the GDPR are where information about you is destroyed, lost, changed, disclosed or accessed in a way that you’ve not agreed to. One example of a personal data breach is where an unencrypted USB stick containing your details is left on a bus and accessed by a member of the public.
What does the Data Protection Act do?
The Data Protection Act 2018 aims to control the ways in which organisations use personal data. It protects individuals because it sets out how their information can and cannot be used.
How Do You Complain To The ICO?
The process of raising a complaint with the ICO requires you to complain to a data controller first. If you aren’t happy with their response, you can speak to the ICO within three months of your last meaningful communication.
Thanks for reading about claiming for the suffering that results from unauthorised access to personal information held by nurseries. In our final section, we have listed some useful guides to help you further. If you need any extra information, please feel free to get in touch.
Nursery Inspection Reports: This online database allows you to find inspection reports from Ofsted.
Be Data Aware: ICO guidance on personal data security.
Anxiety Self-Help: This NHS article provides useful information on how to deal with stress and anxiety.
We have also listed a few more of our guides below which you may find useful.
Loan Provider Data Breach: Advice on seeking damages for suffering resulting from a loan provider’s data breach.
Mortgage Provider Data Breach: Information on when compensation could be paid if you suffered due to a mortgage provider’s data breach.
Questions And Answers On Data Breaches: Common FAQs relating to data breaches.
Thank you for reading our guide to nursery data breach claims.
Guide by BH
Edited by RV