As in many jurisdictions, class actions are becoming more frequent in the English courts. A body of case law is building up, and that will be added to by three cases which are to go to the Supreme Court, as discussed on this recent post on our Litigation Blog.
Significant disputes of all types frequently give rise to insurance issues and they are worth keeping under review from this perspective. By way of example, cases of “class action tourism” have implications for global insureds and those insuring them.
Of particular note from this perspective is the Morrisons judgment, which focused on whether Morrisons was vicariously liable for the acts of a rogue employee in unlawfully disclosing personal information of 5500 employees. The Court of Appeal held that it was, with the implication that an organisation can be liable even if it has taken appropriate measures to comply with the legislation (which was pre-GDPR) and even if it was the intended victim of the breach. Notably for the purposes of this update, the Court of Appeal suggested that insurance could be the answer to “doomsday” implications of the decision so far as liability for such release of data was concerned. There is much written about cyber cover, and many different perspectives held and expressed, but it is still early days so far as claims experience is concerned. Either way, the outcome of this Appeal (as well as the recent publicity on possible GDPR fines, see our recent blog post) will no doubt need to be factored in by businesses when it comes to how to assess and manage data risk. The current reliance we all place on technology suggests that no company is immune from cyber risks and the myriad of ways they can arise.