We are seeing more and more claims by tenants for data protection breaches. The claims relate to a myriad of different scenarios with the most common breaches relating to:
- emails being sent to the wrong recipient
- disclosure of details in anti-social behaviour matters
- unauthorised members of staff having access to sensitive data
- insufficient data security
Causes of Action
Claimants allege the relevant sections of the Data Protection Act 2018 and principles of what is now the UK GDPR, but often also allege breach of privacy and confidentiality and on occasions, negligence. The “stacked” claims can appear substantial as a result but in the case of Reid v Price it was held that there is no material difference in claims made pursuant to data protection legislation, the law of privacy and/or confidentiality. The causes of action all relate to the wrongful retention or disclosure of data and as such, damages due will not be enhanced by the presentation of the case.
Claimants and Damages
When it comes to the question of damages, it must be borne in mind that you have to take your ‘victim as you find them’. This means that if the claimant has health issues or is vulnerable this may aggravate the claim somewhat and the damages due may be increased. Whether a claimant has a protected characteristic and the type and extent of data to the breach will be highly relevant in determining damages.
The average value of claims we are coming across is fairly low at this point; being between £1,500 to £4,000. However, case law, such as the Reid v Price case (where £25,000 damages was awarded and that was only because the claim form limited damages to that amount); indicate that damages for data breaches could be far higher. The specific scenario of each case must be assessed on its own merits to determine the extent of liability and value of the claim.
An important point to remember is that claimants will always seek payment of their legal costs. As such it is important that attempts are made to settle the claim as soon as possible to limit the costs or the costs could quickly exceed the value of the actual claim.
If you need advice on anything to do with data protection or a data breach, please contact Samantha Grix.