It is common-place for straightforward lower value claims issued in the High Court for data breach to be transferred to the County Court and allocated to the small claims track. But what approach will the court take when assessing costs for such claims that settle without proceedings.

DACB’s specialist data breach costs team regularly challenge such claims and contend that the costs should be assessed with reference to the small claims track. When costs fall to be assessed on the standard basis, the Civil Procedure Rules expressly provide the assessing court the power to restrict costs to the track that a claim would have been allocated to. This provision applies even where a claim concludes before allocation takes place. All too often, arguments are advanced on behalf of claimants’ firms that agreeing to pay costs on the standard basis prevents this issue being raised within costs proceedings. Such a stance is plainly wrong and there are encouraging signs that courts are prepared to take a robust stance when assessing such costs.

DACB’s data breach costs team has recently obtained a provisional assessment outcome in the Liverpool County Court limiting costs claimed to those that would have been allowed had the claim been allocated to the small claims track. Recoverable costs in this instance are currently therefore extremely limited and in reality if such an assessment were to be established as the routine outcome, data breach work would soon be commercially unviable. The circumstances of the claim itself were fairly typical for a straightforward data breach claim; no expert evidence, damages of £750, settled without the need to issue proceedings and the factual circumstances of the breach undisputed. There is no doubt that low level data breach claims are seen as a costs gravy train and we regularly tackle bills of costs 10 or even 20 times the level of damages agreed in even the most straightforward of cases.

There has been some mounting speculation concerning the applicability of fixed costs for data breach claims. It is certainly apparent that the largely formulaic nature of data breach claims would be suitable for a fixed costs system. However, there are already two functioning and well established fixed costs regimes that should be referenced when challenging costs. Firstly, where a claim for an injury is made such as exacerbation of depression or anxiety, there is no reason why the Low Value Personal Injury Claims Protocol could not be used. Secondly, the Small Claims Track already adequately controls costs for cases such as these by significantly limiting costs that can be recovered.

DACB’s data breach costs team accepts instructions to deal with all aspects of costs arising from data breach and cyber claims. Our specialist lawyers regularly reduce costs claims by over 50% and employ various arguments to disrupt the costs gravy train. If you require the support of costs expertise in this area, please contact Adam Burrell.