Member Article

Data protection update

Could you be in line for £6.67 data protection compensation from Equifax? This week Hayes Connor solicitors filed a landmark suit against Equifax looking for redress following its 2017 data breach which affected an estimated 15 million UK consumers. Unauthorised access to the personal information of around 147 million customers was discovered over a three month period. Already the firm has paid dear in the US, but escaped relatively lightly in the UK as the breach occurred before the introduction of GDPR and as a result the ICO fined the firm £500,000 – the highest amount possible under the Data Protection Act which was in force at the time.

This action is the first representative data breach claim in the High Court following precedence set by the Lloyd v Google case earlier this month which ruled that a law firm could bring a claim for compensation for just one affected individual following a data breach and be awarded compensation for the entire population. Hayes Connor is seeking £100 million, or £6.67 per affected customer and if awarded will be responsible for distributing the compensation to all relevant customers.

The law firm is also representing the interests of the entire population impacted by last year’s British Airways breach. This ruling spells even more misery for organisations found in breach of GDPR. Not only will they be liable for potentially large fines from ICO but increasingly likely they will also be hit for compensation claims from the growing pool of data protection legal practitioners such as Hayes Connor. Whilst class action does not exist in the UK in the same way it does in the US, it seems that group litigation under the guise of data protection will become the norm.

Unfortunately this situation makes it even more important for organisations to ensure that they have their data in order. It will be crucial that companies can prove their commitment to data protection in the event of a breach for instance demonstrating best practice data hygiene under Article 5 of GDPR. Such adherence will go a long way to reduce potential fines and limit compensation claims to follow up law suits.

Mike Fox, Founder of UKChanges

This was posted in Bdaily's Members' News section by Mike Fox .