21. September 2021
Disputes Quick Read – 23 von 68 Insights
In Darren Warren v DSG Retail Limited earlier this year, the High Court struck out misuse of private information, breach of confidence and negligence claims, ruling that failure to provide adequate data security is not a positive act that can form the basis of such claims.
DSG Retail Limited was the victim of a malware hack between 2017 and 2018 on 5,930 point of sale terminals. These terminals stored customer data, which the hackers compromised. The ICO investigated the attack and decided that DSG, as data controller, breached the seventh data protection principle (DPP7) – ie it failed to take appropriate technical and organisational measures against unauthorised or unlawful processing of data. The ICO issued a monetary penalty, which is currently under appeal to the FTT.
Darren Warren was a victim of the hack and discovered that the hackers had stolen his personal information. This included his name, address, phone number, date of birth and email address. Mr Warren claimed damages of £5,000 for distress via claims for:
In response, DSG applied under CPR 24 and CPR 3.4(2) for summary judgment/strike out of the first three claims. DSG argued that these claims had no realistic prospect of success based on the facts and were untenable as a matter of law.
The court noted that, when ruling on strike out applications, it assumes the primary facts alleged are true. This means that the court should not strike out a claim unless it's certain that the statements of case disclose no reasonable grounds for bringing the claim.
Mr Warren had argued that:
Justice Saini disagreed and struck out the first three claims. He said that:
The court also struck out Mr Warren's negligence claim. Justice Saini couldn't see the logic of imposing a common law duty of care when a statutory regime (ie the Data Protection Act 1998) was already in place, through which DSG owed duties to Mr Warren as the data controller. Warren had only claimed "distress", but a state of anxiety produced by a negligent act or omission – but which falls short of a clinically recognisable psychiatric illness – is not enough damage to complete a tortious cause of action.
Only Mr Warren's claim for breach of the Data Protection Act 1998 remained, which the court stayed pending the FTT case's outcome.
To discuss the issues raised in this article in more detail, please reach out to a member of our Disputes & Investigation team.
8. March 2023
2. March 2023
von Katie Chandler, Emma Allen
14. February 2023
13. February 2023
8. February 2023
von Jessie Prynne
19. January 2023
3. October 2022
von Gemma Broughall
22. September 2022
von Ben Jones, Emma Allen
9. August 2022
von Nick Maday, Katie Fry-Paul
25. July 2022
6. July 2022
von Emma Allen
Welcome news for those pursuing fraud claims in the English Courts
28. July 2022
21. July 2022
von Edward Spencer
27. July 2022
von Stuart Broom
29. July 2022
17. June 2022
von Stephanie High
13. June 2022
26. May 2022
31. May 2022
von mehreren Autoren
4. April 2022
5. April 2022
31. March 2022
von mehreren Autoren
21. September 2021
von mehreren Autoren
13. September 2021
von Edward Spencer
6. September 2021
von Stephanie High
2. August 2021
21. July 2021
15. July 2021
von Jessica Thomas
26. May 2021
von David de Ferrars
5. May 2021
von Stephen O'Grady
21. April 2021
von Stephanie High
31. March 2021
26. February 2021
von mehreren Autoren
24. February 2021
20. January 2021
von Stephanie High
12. January 2021
von Tim Strong
23. November 2020
16. October 2020
23. September 2020
von mehreren Autoren
7. October 2020
von Nick Storrs
26. May 2020
von Edward Spencer
12. May 2020
18. May 2020
von Katie Chandler
7. May 2020
von mehreren Autoren
9. April 2020
von mehreren Autoren
15. April 2020
27. April 2020
von mehreren Autoren
21. April 2020
von Stephanie High
11. March 2020
von James Bryden
17. March 2020
von Stuart Broom
26. March 2020
von mehreren Autoren
26. February 2020
von Tim Strong, Andrew Howell
21. February 2020
von Andrew Howell
2. June 2020
von Georgina Jones
16. June 2020
von Georgina Jones
2. July 2020
von Tim Strong, Georgina Jones
9. July 2020
21. July 2020
3. December 2021
24. November 2021
von Stuart Broom
8. October 2021
von Katie Chandler
10. January 2022
von Tim Strong, Jessica Thomas
20. January 2022
22. March 2022
7. April 2022
von mehreren Autoren
von mehreren Autoren
von Michael Yates
von mehreren Autoren