Back to the Library
The risk of regulatory action posed by a violation of data privacy legislation is now a well-publicised issue that companies face in the UK. This is in large part down to the apparent willingness of the Information Commissioner’s Office (ICO) to impose large fines for such conduct. For example, the proposed £183.5 million fine announced against British Airways in 2019 following its data breach (the BA Breach).
Recent developments suggest that companies now need to consider an additional risk: the instigation of collective litigation against a company by individuals who have been affected by a data breach. Such collective litigation has the potential to be as – or possibly even more – expensive than a fine levied by the ICO.
An example of such litigation arises out of the April 2020 announcement by EasyJet, that it had suffered a data breach (the EasyJet Breach).
To read the full alert, please click here.