The future for low-value data breach claims

Not every data breach is worth High Court time – a relief for the companies involved. By Katie Hewson, Olivia Fraser and Kate Ackland of Stephenson Harwood LLP.

As the number of low-value claims arising out of personal data breaches (Data Breach Claims) continues to grow, a recent flurry of High Court judgments suggests that judicial patience with certain such claims is wearing thin. This should be welcome news for controllers and processors, as the Courts are demonstrating a pragmatic approach to Data Breach Claims and demonstrating how the de minimis principle (i.e. matters regarded by the Court as too insignificant to be taken into consideration) applies to personal data breaches.

What are the recent trends in data Breach claims?

High Court jurisdiction is normally reserved for important, high value or complex litigation or cases, giving rise to issues of general public importance. Although the value of Data Breach Claims tends to be low, claimants frequently issue their claims in the High Court to increase the potential costs they could recover, or to otherwise pressure the defendant to settle in the face of significant legal costs. They sometimes do this by pleading claims in misuse of private information (MoPI) and/or breach of confidence (BoC), concurrently with claims for breach of data protection legislation. This can ensure that a claim is sufficiently complex to warrant High Court jurisdiction.

Continue reading

UK Report subscribers, to access the full article, please


If you wish to subscribe please see our subscription information.