Hundreds of police officers who brought data breach and misuse of private information claims where their pre-issue costs alone were £1.2m have seen their claims struck out.
Mr Justice Nicklin allowed just 14 of the 446 claimants to continue their cases and even then cast doubt on whether they would lead to damages at trial.
The ruling is an indication of the difficulties of bringing data breach claims where there is little or no evidence that the claimants suffered actual harm.
The claimants, current or former police officers of Sussex Police, sued after the defendant Equiniti – which manages their pension scheme – mistakenly posted their annual pension benefit statements (ABSs) to out-of-date addresses.
The information in each statement varied but broadly contained the officer’s name, date of birth, National Insurance number, and details of their salary and pension.
Each officer was informed of the error and offered the chance to sign up to a fraud protection service paid for by Equiniti.
The Information Commissioner was informed but told Sussex Police – which was not a defendant in the claim – that no further action was needed.
Each claimant initially claimed damages of £2,000 for misuse of private information, and between £1,065 and £2,606 for the data protection claim, although in court their counsel estimated that the total value of a typical claim would be in the region of £1,250 to £1,500, excluding 63 claimants who were also claiming personal injury.
Nicklin J said that the claimants’ pre-issue costs were around £1.2m, or just over £2,500 per claimant.
Their counsel acknowledged that such claims would normally be dealt with in the small claims track but contended that the only practical way for the claimants to obtain redress – and effective access to justice – was to pursue this claim on a class basis.
At the hearing last May (no reason why the ruling was only handed down last week was given), the claimants’ estimated budget for a trial of lead cases was £2.55m, with the defendant’s £2.7m.
The claimants had also taken out after-the-event insurance, with the claim for misuse of private information meaning they could seek to recover the premiums if successful.
The judge recorded that the envelopes the ABSs were sent in were marked ‘Private and Confidential’ and gave no indication that the intended recipient was a police officer.
Nicklin J held that each claimant had to show there was a real prospect of demonstrating that the ABS was opened and read by a third party.
He first struck out the claims of those who eventually received their envelopes unopened. “I reject the submission that these claimants can advance a claim on the basis that, until returned, their personal information/data was ‘in danger’ or ‘at risk’.
“The general law of tort does not generally allow recovery for the apprehension that a tort might have been committed.”
He then struck out the cases where the ABS was not safely returned but the claimant relied purely on inference that it had been opened and read; this was most of them.
This left 14 claims where there was positive evidence that the letter had been opened. From the information provided, they “would appear to be very far from being serious cases”, the judge went on. “Some may ultimately be found to be trivial and fall to be dismissed on the basis that they fail to surmount the threshold of seriousness.
“In particular, the 14 claimants may yet have to surmount the evidential hurdle that the ABS was read by the person who opened the envelope (or someone else). In all but one of the cases it is not clearly stated, in terms, whether the ABS was read, and if so, how much of it was read…
“Given the evidence as to the layout of the first page of the ABS, the claimants may also need to demonstrate that more than the first page of the letter was read.”
Nicklin J said some aspects of the individual claims “can be seen, even now, to be hopeless” – in one, for example, the letter was opened by the claimant’s father in error, who then forwarded it to him.
But he rejected an application to dismiss the remaining claims, as he could not say none had a real prospect of surmounting the threshold of seriousness – the letter “did contain some information that went beyond the banal and anodyne”.
“On first impression, it might seem unlikely that the opening of the ABS could have caused much distress to a police officer, but each claimant is advancing a claim, verified with a statement of truth, that s/he has been caused distress (or equivalent).
“A court could only reject evidence in support of such a claim after all the relevant evidence has been tested at trial.”
Nicklin J added that, in light of his conclusions, “it is not necessary (nor is it desirable) for me to reach a concluded view on the very interesting points as to whether the law in this jurisdiction imposes a threshold of seriousness in data protection claims”.
Leave a Comment