Mr Matthew McConville, the Head of our specialised Data Breach Department at Irvings Law has successfully represented a client in a data breach compensation claim against Boldmere Swimming Club. Mr McConville’s client wishes to remain unnamed so will be referred to as ‘Mrs I’ for the purposes of this case report.
Mrs I is a parent of a child that was a member of Boldmere swimming club. Mrs I was the subject of disciplinary proceedings in respect of breaches of the club’s policies on safeguarding and welfare, parents’ conduct and volunteer conduct. The said disciplinary proceedings culminated in a Conduct and Outcome Meeting but Mrs I did not attend but a decision was taken by Boldmere swimming club that she be excluded from membership. For the avoidance of doubt, Boldmere swimming club confirmed that this meant that Mrs I was permanently dismissed from the club as a volunteer and parent.
Following this said meeting, a member of Boldmere swimming club sent an email which attached a letter detailing the outcome of the said meeting to a third party (who was unknown to Mrs I) by error. On the same day, the said third party informed Mrs I by copying her into a response email to the person from the swimming club who made the said error.
Subsequently to this, Mrs I lodged a complaint to Boldmere swimming club. The said person who made the referred error emailed Mrs I to confirm that this said data breach was ‘regrettable’ and he apologised for any inconvenience this may have caused her. Further to this, he also confirmed that he was ‘notified of the breach at the same time’ as the third party and as such, he immediately wrote to the said third party to request that she deletes the said correspondence. The third party has subsequently confirmed that they had done this and shortly after this, the said person ‘followed ICO guidelines and used their self-assessment tool to determine whether or not this was a reportable incident within the 72-hour timeframe’ so did not refer the matter to the ICO.
Wanting further recourse, Mrs I so instructed data protection expert Mr McConville to assist. Without hesitation, Mr McConville offered to act for Mrs I on a no win, no fee basis and once instructed, Mr McConville lodged a Letter of Claim to Boldmere swimming club as they inherently failed to adequately keep Mrs I’s personal information secure and confidential which resulted in details of Mrs I personal and sensitive information being disclosed to a stranger without her knowledge and consent. Specifically, Mr McConville alleged that Boldmere swimming club had breached / invaded Mrs I’s privacy under the Human Rights Act, had breached the Data Protection Act 2018/the General Data Protection Regulation (GDPR) as well as confidence following their misuse of private information pertaining to Mrs I.
In response to the presented claim, Boldmere swimming club did not specifically
respond on liability but wished to engage in without prejudice correspondence regarding settlement. Unfortunately, as resolution was not agreed, Mr McConville threatened to issue and serve Court proceedings.
Following such a threat from Mr McConville, Boldmere swimming club, instructed Solicitors whom requested for the same not to be issued/served. Further without prejudice correspondence ensued between Mr McConville and Boldmere’s Solicitors which culminated in a Settlement Agreement being agreed. The terms of the same were that Boldmere swimming club pays Mrs I £1,000.00 in compensation as well as her legal costs and also that they accept that they sent a letter to a third party containing Mrs I’s name, address and the fact that she had been dismissed from the Defendant swimming club. In addition, Boldmere swimming club apologised to Mrs I for this error too and these terms regardless of compensation level to Mrs I were enough for her to be overjoyed with her settlement following Mr McConville’s work.