Background

Mr Matthew McConville, the Head of our specialised Data Breach Department at Irvings Law has successfully represented a client in a data breach compensation claim. The said client wishes himself to be unnamed for the purposes of this case report (as well as his opponent) and as such will be referred to as ‘Mr E’ whereas his opponent will be named as ‘D’.

In July 2018, Mr E approached D to complete a Cyber Security Career Transformation Programme. Mr E paid for the said programme but was unable to complete the same due to family issues. Mr E asked for a refund as a result of his situation but D was unwilling to provide one to him. Mr E then concentrated upon his family and engaged no further with D.

On the 30^th September 2019, Mr E was contacted by a friend asking about D as a company. Mr E’s friend suggested to Mr E that Mr E had completed such training with D and Mr E questioned why his friend thought this. Mr E’s friend then provided Mr E with a snapshot of D’s website which had Mr E’s full name, a photograph of him as well as a description of him too. The said description of Mr E upon D’s website stated ‘[Mr E] was an IT analyst with years of experience in major companies in London. Once he realised that he was stuck in his role which pays much less than what he deserves, he signed up for Cyber Transform to become a Cyber Security Analyst. ‘It made a lot of sense simply because starting rates for cyber security contractors are 400 GBP/day (700GBP/day) and beyond within a couple of years, [Mr E]’’.

Representation

As D had done this, Mr E sought assistance from Mr McConville. Without hesitation, Mr McConville offered to act for Mr E on a no win, no fee basis and once instructed, Mr McConville lodged a complaint to D. In response, D said ‘thanks for letting us know about the situation. We investigated the issue and realised that his [Mr E’s] details were not used intentionally. Sorry for the trouble. We can confirm that his [Mr E’s] details are not available on our website now’.

After this, Mr McConville submitted a Letter of Claim to D stating that the said information that they had placed upon their website was not only untrue (as Mr E did not become a Cyber Security Analyst with D) but it also contained very sensitive and personal information relating to Mr E which was uploaded without Mr E’s consent and left on their website for a considerable amount of time with the sole purpose of promoting their business. It was only when Mr McConville lodged a complaint to D did they remove the same from their website. Mr McConville specifically alleged that D had not kept Me E’s sensitive information safe and secure, they had breached / invaded his privacy under the Human Rights Act, had breached the Data Protection Act 2018/the General Data Protection Regulation (GDPR) as well as confidence following their misuse of private information pertaining to Mr E.

Resolution

Following receipt of this Letter of Claim, D did not admit any breach but wished to engage in resolution. In response, and on Mr McConville’s advice, Mr E put forward an offer in full and final settlement which, after negotiation, was accepted by D.