Data breach group action law: an expert overview

We’re now proudly fighting for the rights of victims in over 30 different data breach group action and multi-party cases as an established, leading law firm that has been representing clients in data cases for many years.

With there being so many breaches taking place, it can be confusing for victims to know what to do and where to turn to, or whether they even have a case. Let us give you an expert overview as to how they work, when they can win, and how our expertise can help you.

We’ve been involved in large group action cases for almost a decade, with our first data action launched 5 years ago. With Steering Committee appointments for actions that range from the thousands to the tens of thousands, here’s what you need to know.

How does a data breach group action work?

A data breach group action is where one or more victim of the same incident or action comes together to claim as a group.

What happens next can then depend on the size of the group, or whether the opponents is prepared to admit liability, and perhaps how unique the issues are to each case. Commonly, one of the following may happen:

Claims are pursued as singular cases, but the joint and similar issues can be narrowed as one. It may be that cases issued with the court will be issued together as one set of proceedings, but the individual issues in each case are resolved separately. It may also be that there’s one or a small number of Defendants (opponents) to claim against;
Claims are simply pursued separately with perhaps many different Defendants being pursued, but they stem from similar issues – sometimes known as multi-party actions;
Claims are formally brought together into a Group Litigation Order (GLO). This is where a Steering Committee is established of one or more law firms that will then be responsible for the overall conduct of the action. Each case is brought together into one action.

In any event, there can be precedents set to help resolve cases, and data breach compensation pay-outs can still be based on the individual aspects of a claim.

The first GDPR GLO in England and Wales is the BA Group Action. Given our experience in this niche and complex area of law and our experience in group actions, we were appointed (by order of the High Court of Justice) to the Steering Committee. This appointment reflected our commitment to justice having been fighting for victims since news of the cyberattacks broke back in 2018.

How do we succeed with an action?

Succeeding with a data breach group action isn’t easy, especially when there are many people claiming.

The larger the action, the more likely it can be that the opponent(s) will try to defend cases. They (or their insurers) don’t want to be paying out potentially millions or billions of pounds. The estimated combined pay-out for the British Airways action alone could hit the £3bn mark!

It can also be the case that big companies and multinational corporations will hire some of the best law firms in the world to defend them. We’ve seen this in actions we’ve been involved with, and it can make the process of succeeding with an action harder.

This is a good reason as to why it’s important that people claim with specialist group action lawyers like us. Big actions usually mean that clients need significant funding to fight some of the biggest companies in the world, and insurance is key to protect clients in the event a claim doesn’t succeed. We can tell you from considerable experience that these costs can be in the millions and can even hit the tens of millions mark in some of the bigger actions.

The law is clear in making sure that victims of a data breach can be entitled to make a claim for compensation, and there’s no room for big companies to hide. In actions like Equifax, we’re confident we can win because the breach stemmed from a known security vulnerability that they failed to patch. In fact, it was recently reported that US court papers stated that Equifax had set a username and password as “admin” (for both), which is just asking for trouble. It’s as bad as setting a password as “password”!

In other actions like the BA Group Action, the fact that the Information Commissioner’s Office (ICO) has set their intention to find at £183m shows how bad the breach was.

What victims need to do

Victims who wish to join a data breach group action can then be entitled to make a claim for compensation, and we offer No Win, No Fee representation.

We can also offer funding and insurance for actions that we’re taking forward and meet our criteria. With our lawyers working on over 30 different actions right now and having had Steering Committee appointments, we believe that our expertise and experience when it comes to data group actions is unrivalled.

We’re always happy to offer free, no-obligation advice, and there are a number of ways you can contact our team for help.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.