There have been at least two recent instances where large scale data breaches involving pension schemes have been followed by court cases in which a firm acts for multiple claimants seeking financial compensation for the data breach. We consider a recent judgment in which a pension scheme administrator unsuccessfully sought to have mass data protection claims against it struck out as an abuse of process.
A High Court judge has dismissed a pension scheme administrator’s application to have mass data protection claims against it struck out as an abuse of process. The claim involved a law firm bringing a claim on behalf of almost 4000 individuals in relation to a large scale cyber-security breach by the defendant.
The particulars of claim (POC) took the form of a table listing each claimant’s name containing various paragraphs with standard form wording, for example alleging that the claimant had suffered distress as a result of the violation of his/her personal data. For each claimant, an X or absence of an X next to each standard form paragraph would indicate whether the particular standard form wording applied in relation to that claimant. There was also a box which set out personal statements made by some, but not all, of the claimants. The law firm acting on behalf of the claimants had advertised online that it could bring data breach compensation claims where potential claimants had been notified of data breaches. The POC had been drafted on the basis of a standard form questionnaire completed by claimants containing a series of questions about the data breach, for example claimants could tick boxes to say that they had experienced “anxiety”, “shock”, “annoyance” etc on being notified of the potential data breach. The questionnaire also allowed claimants to comment in their own words. Before issuing the POC, the claimants’ law firm required the claimants to approve the wording of the POC applicable to them.
The defendant in the case argued that the way in which the claims had been brought amounted to an abuse of process and argued that the claims should be struck out. However, the judge concluded that there had been no abuse of process, commenting that counsel have broad discretion as to how to draft pleadings, and that the courts have found that barristers may draft documents containing specific factual statements subject to confirmation of their accuracy by the client.
This is not the only example of a bulk claim stemming from a pensions data breach that is currently making its way through the courts. It remains to be seen what level of damages the court will award in cases where an individual is found to have suffered distress as a result of the data breach, but no specific financial loss.
Get up to date with our latest news on LinkedIn
Follow nowSubscribe to receive legal insights and industry updates directly into your inbox
Sign up now
