News and Events

Trivial Data Breach Claims

View profile for Richard Kerry
  • Posted
  • Author

A High Court judge has recently dismissed a claim for compensation, following a data protection breach describing the breach as “trivial”

Delivering judgment in Rolfe and others v Veale Wasbrough Vizards, Master McCloud confirmed that for the Claimants to succeed with a claim where their data protection rights had been breached, they must ‘establish that an actual loss has been suffered or that distress has been suffered above a de minimis level.’

The Claim

The Defendant solicitors accidentally sent an email in relation to unpaid school fees to an incorrect recipient who immediately informed the solicitors and subsequently confirmed that the email had been deleted.

Master McCloud dismissed the claim on the grounds that

  • There was minimally significant information, such as bank details or medical matters which was shared and there was no evidence of further transmission or misuse. As a result it would be hard to imagine what significant misuse could result, given the minimally private nature of the data.  
  • The Claimant’s claim that they lost sleep worrying about the possible consequences of the data breach”, which as a result made them feel ill, was dismissed, as “no person of ordinary fortitude would reasonably suffer the distress claimed arising in these circumstances in the 21st century, in a case where a single breach was quickly remedied.”

Although there are many situations in which data breaches occur, the question to be asked when considering a claim is what harm has been done?

Following Master McCloud’s approach, it will be interesting to see the court’s approach to future cases of a similar nature.