Protecting Yourself After a Data Breach: A Comprehensive Guide

In this article, Ruby Keeler-Williams of Elysium Law aims to clarify what your first steps should be if you have been affected by a personal data breach.

In recent years, data breaches have become increasingly common, and unfortunately, any individual is at risk of falling victim, however carefully they safeguard their data. If you have recently suffered from a breach of your personal data, it’s important to understand what steps you should take to protect yourself and your data.

7 Essential Steps to Take After a Personal Data Breach

  • Gather all the information related to the breach. This includes any emails or messages you’ve received about the breach, the type of data that has been compromised, and any other relevant details that may help in identifying the extent of the breach.
  • Contact the company or organisation responsible for the breach. They have a legal obligation to inform you of any data breaches that occur, and they should be able to provide you with more information about the breach and how it occurred. You can also ask them what steps they are taking to prevent future breaches and what measures they have put in place to protect your data.
  • If you’ve suffered any financial loss or identity theft as a result of the breach, you should report this to the relevant authorities immediately. In the UK, you can report these incidents to Action Fraud, which is the UK’s national fraud and cybercrime reporting centre. They will investigate the incident and provide you with advice on what to do next.
  • Consider contacting CIFAS, a not-for-profit organisation that offers protective registration services to help protect individuals from identity theft. This involves placing a warning flag on your credit file, alerting lenders to the potential risk of fraudulent applications.
  • Monitor your bank accounts, credit reports, and any other financial information for any unusual activity. If you notice anything suspicious, you should contact your bank or financial institution immediately.
  • You may be entitled to compensation for the damage caused by the breach. You should seek legal advice from a reputable law firm that specialises in data breach claims to determine whether you have a case and what steps you should take. Elysium Law have extensive experience in these matters and can assist you with this.

In conclusion, data breaches can be stressful and overwhelming, but there are steps you can take to protect yourself and your data. By gathering information, contacting the relevant authorities, monitoring your financial information, and seeking legal advice in addition to protective registration services from CIFAS, you can mitigate the damage caused by a data breach and protect yourself from future incidents.

If you have been affected by a Data Breach, please call Elysium Law via 0151 328 1968 or contact us via clerks@elysium-law.com to see if we can assist you.

Artificial Intelligence in the Legal Industry

In this article, David Brogelli of Elysium Law examines the increasing use of Artificial Intelligence in the Legal Industry and its practical applications going forward.

Artificial intelligence (AI) has been increasingly used in the field of law both in the United Kingdom and across the globe. There are a number of ways in which AI is being used to improve the legal process, including legal research, document review, and case prediction.

Uses

One of the main ways in which AI is being used in UK law is in the area of legal research. AI-powered legal research tools can quickly and accurately search through vast amounts of information, such as case law and statutes, making it easier for lawyers to find relevant information and make decisions. This can save time and money for both lawyers and more importantly their clients.

Another key area where AI is being used is in document review. This process is typically time-consuming and laborious, as it involves reading through large amounts of text to identify relevant information. AI-powered document review tools can help to automate this process, making it more efficient and accurate. This can be particularly useful in the context of e-discovery, where large volumes of electronic documents need to be reviewed in the context of litigation. Elysium Law uses powerful software which can help us sift through hundreds of thousands of pages to get the information we require.

Interestingly AI is also being used to predict the outcome of cases. By analysing patterns in past cases, AI algorithms can be trained to predict the likelihood of a particular outcome in a future case. This can be useful for lawyers and clients in planning their strategy and making decisions, although practically this is still in its infancy.

In addition, AI is being used to automate the contract review process, helping lawyers to identify errors, inconsistencies and identify missing information. This is particularly useful in the area of due diligence, where large numbers of contracts need to be reviewed.

However, it’s worth noting that AI isn’t without its limitations and challenges, such as bias and lack of transparency, etc. In order to ensure that AI is used in a responsible and ethical way, it’s important to have proper governance and regulations in place.

Risks

Of course, with any new development comes risk below are some of the limitations and concerns regarding the use of AI in the legal industry.

  1. Bias: AI systems may perpetuate and even amplify existing biases in the data they are trained on. This can lead to unfair or inaccurate decisions and is of course a very important consideration as the use of AI evolves. It also highlights the importance of human involvement.
  2. Lack of accountability: It can be difficult to determine who is responsible for errors made by AI systems, which can make it challenging to hold anyone accountable for those errors.
  3. Loss of jobs: The use of Artificial Intelligence in the legal industry may lead to job loss for lawyers and other legal professionals, as tasks that were previously done by humans may be automated. This is of course a global issue that will need addressing over the coming years as automation continues to increase and society develops.
  4. Complexity: The legal field is complex and nuanced, which can make it challenging for AI systems to accurately understand and interpret legal information.
  5. Lack of transparency: Some AI systems may be difficult to understand or explain, which can make it challenging for humans to understand how they are making decisions.

Regulation

Overall, AI has the potential to significantly improve the legal industry both in the UK and globally, making it more efficient, accurate and cost-effective. As technology continues to develop, it’s likely that we will see more and more applications of AI in the legal field and we are certainly seeing significant investment from the UK Legal Industry. This of course will require regulation and the EU is leading in that regard. The European Commission already has a regulatory framework proposal that identifies the risks and uses of AI in the legal sector.

At Elysium Law we use several sophisticated programs to help us deal with clients’ matters efficiently and to save costs to the client. We continue to watch this development with interest.

Contractors – the ‘loans’ you never needed to repay

In this article, Ruby Keeler-Williams and Richard Gray Barrister of Elysium Law consider claims made against loan charge contractors and the litigation which subsequently ensued and is contemplated going forward.

The ‘Contractor Loan Scheme’ Planning

The ‘contractor loan scheme’ was part of a large-scale marketed tax avoidance scheme. The user would usually be an individual working for what is called an umbrella company or for their own personal service company. Normally, that would attract tax and NICs on a PAYE basis. The responsibility for paying such statutory deductions falls upon the employer. However, in an attempt to reduce tax liability, the employer, who would be acting under a contract of employment would pay the employee the minimum wage and then do one of two things:

  • Pay lumps sums to a trustee who would ‘loan’ the employee (now beneficiary under a trust) money (remuneration) with the arrangements setting out the terms of the repayment.
  • Alternatively, the employer would directly loan the monies collected and then assign the loans to a trust later.

By way of example; if an employee was paid a salary of £150,000, only a basic minimum wage would be paid. Then 85% of what was left (collected by the umbrella company) was ‘loaned’ to the employee and the umbrella would take what was left. It was argued under these schemes that the loan did not constitute earnings and as such was not taxable. “Don’t worry we have Counsel’s advice” was the normal selling point.

Another and more significant inducement was made to the employee that the loan would never need repaying. We have a particular legal view on that arrangement but at he very least it was a misrepresentation which materially induced the employee to enter the contractual arrangements.

The Assignment out of the Trust

Unusually, the purported ‘loans’ in many cases have been assigned out of the Trust and have either directly or via other companies ended up being assigned to a company named Felicitas Solutions Ltd, which was formed and based in the Isle of Man. The company appeared to be purposely set up to receive these assignments and pursue claims for reimbursement from behind the corporate veil, as they threatened to do.

The users of these schemes were then contacted with demands for repayment and as a result many sought advice from Elysium Law and we were instructed by a large group to defend these claims.

The Claims

The ‘demand for repayment’ letters received by Our Clients did not constitute a compliant Letter of Claim under the Pre-Action Protocol. As such, we insisted that prior to providing a response, a compliant Letter of Claim must be produce supported by evidence.

In early 2021, this was provided to us and some 107,000 pages of documents were disclosed and reviewed.

It was clear from the review of these documents, together with evidence from Our Clients, that the loans were ‘circular’ and were never intended to be repaid. This was clearly a tax avoidance arrangement, and the loans were, in our view, unenforceable.

Our stance  was to offer a mediation in order to narrow the issues in dispute.

Following that Mediation, Elysium Law subsequently served upon Felicitas a comprehensive letter of response that rebutted the claims on the following grounds:

  • Collateral Contract and/or Misrepresentation, in that a legal assignment is subject to existing causes of action which are not avoided by assignment (Bibby Factors Northwest Ltd v HFD Ltd). This means that the Beneficiaries may raise against the assignee, any defence, set-off or counterclaim which they could raise if sued by the assignor. Here, there was a verbal collateral contract made that this was a tax avoidance arrangement and that the ‘loan’ would never be enforced against them.
  • Breach of Trust, in that the Trusts into which the user’s money paid was subject to both express and implied fiduciary obligations. The assignment would likely have substantially devalued the assets of the trust and has exploited the beneficiaries.

After service of the letter of response, to which we received no reply, the threat of litigation seemed to disappear.

However, Elysium Law are now aware that last week, a large number (if not all) of these ‘loans’ have been assigned by Felicitas to a company known as West 28th Street Limited, who have subsequently sent letters demanding repayment, albeit they have made an offer to settle at a reduced rate of 50% adding that if the offer is not accepted they will instruct Solicitors to claim from the recipients. We have been contacted by our previous clients seeking further advice and have organised conferences after hours to assist them.

Our view is that action must be taken to ensure that these demands for repayment and subsequent assignments do not continue.

Elysium Law have a litigation strategy to bring these claims to an end. If you have received one of these demands from Felicitas or West 28th Street Limited and wish to have advice on this matter, please contact Elysium Law on 0151 328 1968 or via clerks@elysium-law.com.

Loan Charge Contractors – have you received debt claims?

We have been approached by many clients who have had demands for payment from a Company known as West 28th Street Limited.

Many of these individuals have been previously pursued by FS Capital and Felicitas Solutions regarding these former ‘loans’.

Elysium Law have had success in stopping these pursuits of these claims and are now looking to take action against the Claimants to prevent these claims from continuing.

If you have been affected by this, please contact us via telephone on 0151 328 1968 or via email at clerks@elysium-law.com to have a discussion with the team. We will have a free, no obligation discussion with you to help determine the merits of your claim and can advise you on the next steps if you wish to pursue it further.

Data Breach: What Are My Rights

In this article, Ruby Keeler-Williams of Elysium Law considers the consequences of a personal data breach and what rights you have. The article briefly looks at the legislation and considers quantum and case law.

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 set out rules as to how data is collected, used, stored, and protected.

Under the legislation, any organisation which holds and determines the purpose of the processing of personal data must implement appropriate technical and organisational measures to ensure that the processing of personal data complies with the rules.

A breach of personal data can occur if appropriate measures are not in place. A breach of security may lead to the destruction, loss or unauthorised access to personal data.

This infringes your rights as an individual and can have serious consequences. We have been instructed on matters where a breach in the security of a company led to the unauthorised disclosure of employee identity documents and bank details. These details were then distributed to criminal groups and companies were fraudulently set up in the employees’ names.

If a company that holds your data processes it in breach of the legislation or holds your data in such a way that it is disclosed in an unauthorised way, whether accidentally or deliberately, then you are entitled to claim for compensation.

If your claim is successful, you will receive damages, also known as compensation. You will be able to claim for any identifiable losses which have arisen from fraudulent transactions caused by identity theft. You will also be able to make a claim for general damages if the breach in your data has caused you distress. We will discuss your case at length and identify which damages are relevant to your specific matter.

Your level of compensation will depend on the nature of the data breached. If the data breached does not contain sensitive information (such as name alone) and/or is quickly remedied, then whilst you have a right to claim, in reality the claim will be worth very little and may not be worth pursuing. It is for this reason why you should seek legal advice at the earliest possible opportunity.

Decisions in recent years illustrate that the High Court will not condone claims that are exaggerated and unnecessarily complex. An example is Stadler v Currys Group Ltd [2022] EWHC 160 (QB), whereby a refurbished device was resold without a factory reset to remove the previous users purchase details, leading to a £3.49 purchase being made on the user’s account. The Claimant issued high court proceedings seeking £5,000 in damages for breach of confidence, misuse of private information, negligence and breach of data protection law, seeking injunctive relief. The defendant made an application to strike out the claim and was successful save for the breach of data protection law. The judge also transferred the claim down from the High Court to the County Court and suggested that the small claims court was the appropriate allocation.

In some cases the data breached is sensitive, such as medical records, identity documents, bank details, etc. In these cases, there will be a substantial claim for damages.

Due to the relatively recent developments in technology and the sensitive nature of such claims, there is limited case law detailing the quantum of awards of damages. Many cases settle before they reach the courts. Each case will be assessed on its own merits and due to the individual nature of a claim for distress, a group of individuals who have suffered the same category of data being breached may receive different awards.

Generally, damages for breach of data will be awarded within the following guidelines

  • Personal details (home or email address, date of birth, etc) – £1,000 to £1,500
  • Medical information (depending on who it is disclosed to/the nature of the information) – £2,000 – £5,000
  • Financial information (depending on who it is disclosed to/the nature of the information) £3,000 to £7,500

If you have suffered as a result of a breach of your personal data, please contact us via telephone on 0151 328 1968 or via email at clerks@elysium-law.com to have a discussion with the team. We will have a free, no obligation discussion with you to help determine the merits of your claim and can advise you on the next steps if you wish to pursue it further.