21 September 2021
Disputes Quick Read – 53 of 98 Insights
In Darren Warren v DSG Retail Limited earlier this year, the High Court struck out misuse of private information, breach of confidence and negligence claims, ruling that failure to provide adequate data security is not a positive act that can form the basis of such claims.
DSG Retail Limited was the victim of a malware hack between 2017 and 2018 on 5,930 point of sale terminals. These terminals stored customer data, which the hackers compromised. The ICO investigated the attack and decided that DSG, as data controller, breached the seventh data protection principle (DPP7) – ie it failed to take appropriate technical and organisational measures against unauthorised or unlawful processing of data. The ICO issued a monetary penalty, which is currently under appeal to the FTT.
Darren Warren was a victim of the hack and discovered that the hackers had stolen his personal information. This included his name, address, phone number, date of birth and email address. Mr Warren claimed damages of £5,000 for distress via claims for:
In response, DSG applied under CPR 24 and CPR 3.4(2) for summary judgment/strike out of the first three claims. DSG argued that these claims had no realistic prospect of success based on the facts and were untenable as a matter of law.
The court noted that, when ruling on strike out applications, it assumes the primary facts alleged are true. This means that the court should not strike out a claim unless it's certain that the statements of case disclose no reasonable grounds for bringing the claim.
Mr Warren had argued that:
Justice Saini disagreed and struck out the first three claims. He said that:
The court also struck out Mr Warren's negligence claim. Justice Saini couldn't see the logic of imposing a common law duty of care when a statutory regime (ie the Data Protection Act 1998) was already in place, through which DSG owed duties to Mr Warren as the data controller. Warren had only claimed "distress", but a state of anxiety produced by a negligent act or omission – but which falls short of a clinically recognisable psychiatric illness – is not enough damage to complete a tortious cause of action.
Only Mr Warren's claim for breach of the Data Protection Act 1998 remained, which the court stayed pending the FTT case's outcome.
To discuss the issues raised in this article in more detail, please reach out to a member of our Disputes & Investigation team.
14 November 2024
14 November 2024
by Emma Allen
30 October 2024
by Multiple authors
15 October 2024
21 March 2024
by Emma Allen, Amy Cheng
14 December 2023
13 December 2023
23 October 2023
by Multiple authors
17 October 2023
12 September 2023
by Tom Charnley
14 August 2023
by Multiple authors
4 August 2023
by Multiple authors
21 July 2023
10 July 2023
1 June 2023
by Multiple authors
3 May 2023
by James Bryden
20 April 2023
by James Bryden
8 March 2023
2 March 2023
14 February 2023
13 February 2023
8 February 2023
19 January 2023
3 October 2022
22 September 2022
by Ben Jones, Emma Allen
9 August 2022
by Nick Maday
25 July 2022
6 July 2022
by Emma Allen
Welcome news for those pursuing fraud claims in the English Courts
28 July 2022
27 July 2022
by Stuart Broom
29 July 2022
17 June 2022
13 June 2022
26 May 2022
31 May 2022
by Multiple authors
4 April 2022
5 April 2022
31 March 2022
by Multiple authors
21 September 2021
by Multiple authors
13 September 2021
6 September 2021
2 August 2021
21 July 2021
15 July 2021
by Jess Thomas
26 May 2021
5 May 2021
21 April 2021
31 March 2021
26 February 2021
by Tim Strong
24 February 2021
20 January 2021
12 January 2021
by Tim Strong
23 November 2020
16 October 2020
23 September 2020
7 October 2020
by Nick Storrs
9 April 2020
by Multiple authors
15 April 2020
27 April 2020
by Multiple authors
21 April 2020
11 March 2020
by James Bryden
17 March 2020
by Stuart Broom
26 February 2020
21 February 2020
2 June 2020
16 June 2020
9 July 2020
21 July 2020
3 December 2021
24 November 2021
by Stuart Broom
8 October 2021
10 January 2022
20 January 2022
22 March 2022
7 April 2022
by multiple authors
by multiple authors