26th October 2022
There has been an increase in data breach litigation since the introduction of GDPR and the UK data protection legislation framework. Some really significant cases have been decided over the last year or two. For example, the rejection, in Lloyd v Google , of mass data breach claims where individual evidence is not provided; and the narrow view of data breach claims advanced on the basis of breach of confidence, misuse of private information and negligence adopted by the court in Warren v DSG .
In Cleary v Marston (Holdings) Ltd , a low value data breach case was transferred from the High Court to the Small Claims Track in the County Court. Businesses are often the target of such claims. Business defendants will welcome this decision, as it reiterates the dim view the courts take against claimants who purport to overstate the complexity of their case.
Cleary v Marston (Holdings) Ltd demonstrates the court’s view that low value data breach claims can, and should, be dealt with via the Small Claims track in the County Court – not in the High Court. A key corollary to that is the fixed costs regime that applies. The decision is another example of the court actively managing data breach claims to ensure they are dealt with at proportionate cost.
Mr Cleary issued proceedings against Marston for an alleged breach of data protection legislation after an employee of Marston mistakenly sent an email containing information regarding Mr Cleary to a third party. The third party deleted the e-mail on the same day. The only factual point in dispute was whether the email had been read before it was deleted.
Mr Cleary instructed solicitors with an ATE insurance policy and arranged a conditional fee agreement (CFA) with them, which allowed for a success fee. The pleaded value of Mr Cleary’s claim was £3,000, but his cost budget for the claim totalled £46,908.
At the Costs and Case Management Conference (CCMC) Mr Justice Nicklin ordered the claim be transferred to the Small Claims Track because:
Mr Cleary’s solicitors argued that this raised potential issues in respect of access to justice. They alleged that Mr Cleary would not be able to obtain legal support without the availability to recover the ATE premiums. (Recoverable costs are limited to fixed costs in the Small Claims Track.)
Mr Justice Nicklin rejected that argument. He confirmed that the ability to recover costs should not affect the allocation of the proceedings. He also noted that no ordinary litigant would incur costs of circa £50,000 pursuing a £3,000 claim.
Walker Morris’ Commercial Dispute Resolution lawyers are highly experienced in resolving and defending data breach claims. This expertise, when combined with our specialist Regulatory & Compliance team’s comprehensive understanding of the regulatory background, ensures that an informed and robust strategy can be adopted.
As well as helping you to respond quickly and effectively if and when a data breach occurs and any claim is threatened, our specialist solicitors can help you to refine your pre-emptive risk management strategies. Whether that be carrying out health checks in respect of policies and procedures with a view to mitigating against claims of this nature, training staff and/or keeping you up to date with the legal and regulatory matrix, Walker Morris’ data breach litigation specialists will be very happy to help.
  UKSC 50 See Walker Morris’ earlier briefing on Lloyd v Google
  EWHC 2168 (QB) See Walker Morris’ earlier briefing on Warren v DSG
  EWHC 3809 (QB)
(FCIArb) Head of Commercial Dispute Resolution