Data breach claims are on the rise.

Recently we participated in a panel on mass claims for data breaches, looking at current issues in the UK, US and the Netherlands, together with our Lex Mundi partner firms Morrison & Foerster and Houthoff.

What is clear is that the risk of data breach claims is increasing across the globe.

A full recording of the webinar is at the link here, and we invite you to listen.

From the UK perspective, here are some headlines.

Recent high profile judgments in the UK have made the route map to bring mass claims for data breach clearer for claimants.

Data breach claims typically involve large numbers of data subjects and are ripe for mass claims by individuals affected, and well as potentially risking significant fines from the UK regulator, the ICO.

These are often the result of cyber attacks, for instance: against British Airways in 2018, resulting in a fine of £20 million and a group claim that was settled in 2021; claims against the Police Federation in England in relation to a cyber attack in March 2019, reportedly involving a database of 120,000 police officers; and most recently a cyber attack involving the Air France/KLM loyalty program which is said to have 17 million members.

One of the key questions that has arisen in UK cases, in particular the highly publicised Lloyd v Google case, is whether a claim can be made simply on the basis of ‘loss of control’ of personal data, or whether claimants need to demonstrate damage or distress which is more onerous.

Another question involves the process by which mass claims in this area can be brought. Court procedure can be a dry subject, but this does have significant repercussions for the funding of these claims, and in turn the risk of them materialising. The English court is showing a desire to enable collective claims for data breach. Less so the Competition Appeal Tribunal in a current case against Meta valued at circa £2.3 billion on behalf of a group of approx. 45 million UK consumers.

Companies holding and processing significant volumes of personal data should be aware of the increasing risks in this area. It is vital to have appropriate retention and security policies and measures in place.

Please get in touch with us to discuss any of these issues and to find out how we can help.

Written by

Related News, Insights & Events

Risk horizon scan: 2025

January is the optimal time for businesses to review risk registers against management plans and goals for the next 12 months.

Cyber security – looking back on 2024 and what businesses can expect in 2025

2024 was another year in which UK businesses battled to combat cyber security threats, which continue to impact organisations of all sizes across all sectors.

Christmas is coming… and the cyber threat is heightened

The increased cyber risks around the Christmas and New Year period.

Want to hear more from us?

Subscribe here

Advice for the way we live our lives.

Burness Paull is known globally as the go-to Scottish law firm.

Guide: Doing Business in the UK

Legal insights

Changes to the EUSS scheme – The UK moves to automated settled status

Events

An introduction to diversity, equity and inclusion in the workplace

Topics

Welcome to Burness Paull.

Human and high-performing

Delivering real change for our clients, people and communities

Responsible business lies at the heart of our decision-making.

Firm news

Burness Paull advises on sale of former Virgin Hotel in Glasgow.

We believe you’re not a tiny cog in a giant machine.

Vacancies

Looking for a workplace that will value your curiosity, passion, and desire to grow?

Don't settle for standard, help us set new ones.

Knowledge & Development Lawyer | Funds

How can we help you today?

Data breach claims - watch out, they're coming