Data breach litigation: Mitigating risks in the Tech space

19th November 2021

The curve

There is a marked increase in the volume of data breach claims being pursued by individual claimants and via proposed group/class actions.  This is likely to be partially related to a number of high profile group actions involving well-known brands/organisations, combined with the proactive recruitment of claimants by claims management firms.

Quite apart from regulatory concerns and requirements, the fallout from a data leak can be especially devastating for businesses operating in the Tech space.

Where either an organisation’s core business is tech, or a business’ main area focus is underpinned by a heavy reliance upon tech, there is a heightened expectation of IT capability, resilience and data security.  Even the slightest hint of a data breach can entail commercial and reputational consequences that may extend far beyond the value and merits of any individual or group claim.

The trajectory

The claims follow an all-too familiar trajectory. A business suffers a data breach relating to the personal data of its customers/employees. Consumer-focused claims management firms then seek to sign up affected parties and prepare pre-action correspondence with a view to either putting pressure on businesses to settle, or to issuing multiple claims for damages for breach of data protection legislation, breach of confidence, misuse of private information and negligence.  Many such claims are backed by conditional fee agreements and After the Event (ATE) insurance.

The answer

There are some proactive steps that businesses operating in the Tech space should take now:

Health Check.  We regularly carry out health check reviews of existing policies, procedures and training with a view to “future proofing” against claims of this nature.

Act Fast and Mitigate.  Ensure internal protocols and policies are implemented, monitored and followed. Where a breach has or is likely to arise, investigate quickly (maintaining records of any such investigation). Report breaches (or potential breaches) to your data protection team and involve specialist advisers as soon as possible, not least because a report may need to be made to the ICO. Taking quick action is not only a regulatory obligation, but may also prevent further loss and damage.

Talk to us.  The law in relation to data breach claims is developing apace [1].  Our team of commercial dispute resolution lawyers are highly experienced in resolving and robustly defending claims of this nature and are closely monitoring all key developments. This expertise, when combined with our regulatory and compliance team’s understanding of the related regulatory matrix and our technology & digital specialists’ up-to-the-minute sector knowledge, ensures that an informed and robust strategy can be adopted if and when a business faces the threat of data breach litigation.

[1] See our [recent briefing hyperlink to Warren v DSG briefing], for example