English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack
Steven Baker, Vishnu V. Shankar, and Julia Bihary of Proskauer write:
In the recent and significant Warren v DSG Retail Ltd  EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for compensation for distress relating to a cyber-security breach where the proposed defendant was itself a victim of a third-party cyber-attack. The decision has made it harder to bring free standing/non-statutory cyber-security breach claims in England and Wales where the proposed defendant has not positively caused the breach, and has also brought into question how such claims may be funded going forward (particularly, via “After-the-Event insurance” (“ATE insurance”)).
Read more on Privacy Law Blog.