Hayes Connor Solicitors in Widnes is instructing Louis Browne QC and Ian Whitehurst of Exchange Chambers on the landmark case against credit agency Equifax. Tony McDonough reports

Liverpool-based barristers Louis Browne QC and Ian Whitehurst are advising on a High Court claim that could see credit agency Equifax pay up to £100m to 15m UK customers.

Hayes Connor Solicitors in Widnes is instructing the Exchange Chambers duo on the UK’s first representative data breach claim. The action follows the Court of Appeal’s decision on the Lloyd v Google case on October 2

It ruled that a law firm could bring a claim for compensation for just one affected individual following a data breach and be awarded compensation for the entire affected population.

Kingsley Hayes, managing director at Hayes Connor Solicitors, data breach and cybersecurity specialists, said: “We estimate the total value of the claim to be £100m which, if won, Hayes Connor would distribute to all affected individuals.

“Equifax was found by the Information Commissioner’s Office to have failed in its data protection obligations on multiple levels including failing to comply with how customers’ personal information can be processed and stored and how that private data should be secured.

“Following hackers successfully accessing its systems in America to steal the personal information of a reported 143m individuals, the personal data of its UK customers was also exposed including email addresses, usernames, passwords, security questions, phone numbers and credit card details.”

Mr Hayes added that this was the first time that a data breach claim has been issued in the UK on behalf of all affected parties. The Court of Appeal ruling has made it easier for all data breach victims to be fairly compensated.

Louis Browne added that in Lloyd v Google, the Court of Appeal provided important guidance on three key points:

• Firstly, that a claimant can recover damages without proving pecuniary loss or distress under section 13 of the Data Protection Act 1998.   This removes an important barrier to class actions.
• Secondly, that the class members have the “same interest” on the facts under CPR 19.6 given that control over browsing data has value.
• Thirdly, that the High Court ought to have exercised its discretion to allow this representative action to proceed as a result of alleged ‘wholesale and deliberate misuse of personal data without consent, undertaken with a view to commercial profit’.

“Lloyd v Google is a ground breaking ruling with wide-ranging implications for litigants and organisations as it opens the door for data breach victims to be fairly compensated through representative data breach claims,” he explained.