Data protection claims: What does the future hold for landlords?

Data protection claims are on the rise.

A data protection claim can be brought by an individual against a third party who has failed to comply with data protection regulations, and as a result, the individual has suffered a loss.  Loss can be material, such as money, or a non-material, such as emotional distress.

In today’s world data is valuable! Data can provide insight and knowledge, which companies may use to their advantage when marketing products. There are also those who want your data for other nefarious purposes, and they may obtain that data by hacking a company’s computer system.

However, hackers are not the biggest risk to those who handle personal data, it is usually simple admin errors that can have large repercussions for data controllers. The argument for claimants in data breach claims is that there is a real risk that the breach led to data falling into the wrong hands, meaning possible identity theft and/or financial losses, which can have devastating long-term effects.

Landlords hold a great deal of personal data. This has led to a rise in expensive claims when mistakes are made. Many landlords will seek to try to resolve the matter quickly by making an early offer of compensation, so as not to risk increased costs as the case progresses, even with early settlement the costs can be eye-watering for something so simple.

There is hope though in the recent decisions of Rolfe & Ors v Veale Wasbrough Vizards LLP [2021] EWHC 2809 (QB) (Rolfe) and Johnson v Eastlight Community Homes.

In the case of Rolfe v Veale, the Claimants (the Rolfes) owed money to their daughter’s school. The school instructed the Defendant firm of solicitors, Veales, to chase this payment. Due to a human error the letter and supporting documents chasing the payment was sent to the wrong email address.

The third party who received the email responded quickly, stating they did not think the email was intended for them. The Defendant replied asking them to delete the message, following which the third party confirmed that the original message had been deleted. No phone numbers, bank details or details of the state of the Claimants finances were included in the letter. The Claimants made a claim under s.82 of the UK GDPR and s.169 and the Data Protection Act 2018 and claimed to have lost sleep with worry over the data breach. The Defendants applied for a summary judgment stating there were no real prospects of success and that the damage was too trivial. The Defendant was not denying that there was a breach, just that the information contained within the email was not substantial enough to cause real distress to the Claimants.

The High Court agreed with the Defendants, with Master McCloud stating that given the nature of the data shared and the quick remedy of the Defendant “no person of ordinary fortitude would reasonably suffer the distress claimed arising in these circumstances in the 21st Century.” Summary judgment was awarded to the Defendant and the Defendant was awarded their costs.

In similar circumstances, which are perhaps more relevant to landlords, the claim in Johnson v Eastlight Community Homes arose when a rent statement of the Claimant (amongst others) was sent to a third party by the Defendant in error. The Third party notified the Defendant and within 2-3 hours the original email had been deleted from the third party’s system. An apology and explanation was sent to the Claimant. When the claim was made in the High Court, the Defendant argued that the Claimant’s rent statement was at pages 880-882 of a bundle that was 6,491 pages in total, therefore it was highly unlikely that the third party saw the Claimant’s details.

The Judge stated: “I agree with the defendant’s submission that the claimant’s distress seems more in the realms of the unknown or the hypothetical than in reality…”. This case was moved to the County Court rather than the Claimant’s claim being struck out, however the move does seem to indicate that the costs could be small claims.

These recent decisions by the Court are a welcome dose of clarity and common sense when dealing with data breach claims and mean that Defendants should not rush to settle claims where the breach is minor in nature.

It is still important for social housing providers and all landlords to be aware of the risk Data Protection Claims present. Mistakes do happen, but if there is a breach swift action should be taken to rectify it and minimise any impact.

If you are a landlord and have queries about data breach claims, be sure to contact our team of experts.