21. September 2021
Disputes Quick Read – 54 von 99 Insights
In Darren Warren v DSG Retail Limited earlier this year, the High Court struck out misuse of private information, breach of confidence and negligence claims, ruling that failure to provide adequate data security is not a positive act that can form the basis of such claims.
DSG Retail Limited was the victim of a malware hack between 2017 and 2018 on 5,930 point of sale terminals. These terminals stored customer data, which the hackers compromised. The ICO investigated the attack and decided that DSG, as data controller, breached the seventh data protection principle (DPP7) – ie it failed to take appropriate technical and organisational measures against unauthorised or unlawful processing of data. The ICO issued a monetary penalty, which is currently under appeal to the FTT.
Darren Warren was a victim of the hack and discovered that the hackers had stolen his personal information. This included his name, address, phone number, date of birth and email address. Mr Warren claimed damages of £5,000 for distress via claims for:
In response, DSG applied under CPR 24 and CPR 3.4(2) for summary judgment/strike out of the first three claims. DSG argued that these claims had no realistic prospect of success based on the facts and were untenable as a matter of law.
The court noted that, when ruling on strike out applications, it assumes the primary facts alleged are true. This means that the court should not strike out a claim unless it's certain that the statements of case disclose no reasonable grounds for bringing the claim.
Mr Warren had argued that:
Justice Saini disagreed and struck out the first three claims. He said that:
The court also struck out Mr Warren's negligence claim. Justice Saini couldn't see the logic of imposing a common law duty of care when a statutory regime (ie the Data Protection Act 1998) was already in place, through which DSG owed duties to Mr Warren as the data controller. Warren had only claimed "distress", but a state of anxiety produced by a negligent act or omission – but which falls short of a clinically recognisable psychiatric illness – is not enough damage to complete a tortious cause of action.
Only Mr Warren's claim for breach of the Data Protection Act 1998 remained, which the court stayed pending the FTT case's outcome.
To discuss the issues raised in this article in more detail, please reach out to a member of our Disputes & Investigation team.
6. December 2024
14. November 2024
von Tim Strong, Kate Hamblin
14. November 2024
von Emma Allen
8. November 2024
von Edward Spencer
30. October 2024
von mehreren Autoren
15. October 2024
von Emma Allen, Andrew Spencer
16. July 2024
von Tim Strong, Kate Hamblin
5. July 2024
von Stuart Broom, Tom Charnley
21. March 2024
von Emma Allen, Amy Cheng
1. February 2024
von Katie Chandler, Emma Allen
12. February 2024
von Tim Strong, Nicole Baldev
14. December 2023
13. December 2023
23. October 2023
von mehreren Autoren
17. October 2023
12. September 2023
von Tom Charnley
14. August 2023
von mehreren Autoren
4. August 2023
von mehreren Autoren
21. July 2023
10. July 2023
1. June 2023
von mehreren Autoren
3. May 2023
von James Bryden
20. April 2023
von James Bryden
8. March 2023
2. March 2023
von Katie Chandler, Emma Allen
14. February 2023
13. February 2023
8. February 2023
von Jessie Prynne
19. January 2023
von Georgina Jones
3. October 2022
von Gemma Broughall
22. September 2022
von Ben Jones, Emma Allen
9. August 2022
von Nick Maday
25. July 2022
von Edward Spencer
6. July 2022
von Emma Allen
Welcome news for those pursuing fraud claims in the English Courts
28. July 2022
21. July 2022
von Edward Spencer
27. July 2022
von Stuart Broom
29. July 2022
von Jess Thomas, Lucy Waddicor
17. June 2022
von Stephanie High
13. June 2022
von Edward Spencer
26. May 2022
31. May 2022
von mehreren Autoren
4. April 2022
5. April 2022
von Stephanie High
31. March 2022
von mehreren Autoren
21. September 2021
von mehreren Autoren
13. September 2021
von Edward Spencer
6. September 2021
von Stephanie High
2. August 2021
21. July 2021
15. July 2021
von Jess Thomas
26. May 2021
von David de Ferrars
5. May 2021
von Stephen O'Grady
21. April 2021
von Stephanie High
31. March 2021
26. February 2021
von Tim Strong
24. February 2021
20. January 2021
von Stephanie High
12. January 2021
von Tim Strong
23. November 2020
16. October 2020
23. September 2020
7. October 2020
von Nick Storrs
26. May 2020
von Edward Spencer
12. May 2020
18. May 2020
von Katie Chandler
9. April 2020
von mehreren Autoren
15. April 2020
27. April 2020
von mehreren Autoren
21. April 2020
von Stephanie High
11. March 2020
von James Bryden
17. March 2020
von Stuart Broom
26. February 2020
von Tim Strong, Andrew Howell
21. February 2020
von Andrew Howell
2. June 2020
von Georgina Jones
16. June 2020
von Georgina Jones
2. July 2020
von Tim Strong, Georgina Jones
9. July 2020
21. July 2020
3. December 2021
24. November 2021
von Stuart Broom
8. October 2021
von Katie Chandler
10. January 2022
von Tim Strong, Jess Thomas
20. January 2022
8. March 2022
von Jess Thomas, Lucy Waddicor
22. March 2022
7. April 2022
von Emma Allen, Georgina Jones
von mehreren Autoren
von Michael Yates
von mehreren Autoren