Law firms start collective action against BA

Law firm SPG Law has started the process of gathering names for a group action in the recent British Airways security breach that compromised more than 380,000 customers sensitive personal data.

The data that was hacked included names, debit/credit card numbers (including expiry dates and CVV's), addresses and email addresses. While BA dutifully notified the ICO and its customers, and promised to reimburse customers who suffer "direct financial losses", it now faces an ICO investigation and is likely to receive a hefty fine under the UK DP Act 2018.

EU GDPR’s Article 82 provides individuals a right to compensation for non-material damage. “This means compensation for inconvenience, distress and annoyance associated with the data leak… By joining a group action that we believe will attract thousands of others like you led by the experts at SPG Law, you have the best chance of ensuring you receiver the highest compensation possible from BA,” SPG says.

Law firm Hayes Connor Solicitors is also starting collective action against BA, and says that it expects to claim up to £5,000 per person.

The ICO announced that it has received BA’s breach notification and is investigating the incident. A criminal inquiry is being led by the National Crime Agency (NCA).

Read more at:

Privacy Laws & Business has organised, in association with the Brussels Privacy Hub, a workshop on 23 October in Brussels to raise awareness of upcoming challenges flowing from the GDPR’s Art. 80 on individuals’ right of redress via collective (class) action.

The workshop, ‘The future for collective action under the GDPR’ is a side event to the International Conference of Data Protection and Privacy Commissioners. The event is free of charge but requires pre-registration as places are limited.