Carolan: A clear win for insurers
The High Court has cleared defendant law firm DWF of data protection breaches in collating evidence about the way North London solicitors pursued personal injury claims.
DWF argued that Ersan & Co’s real aim was to undermine its ability to use the details of past claims brought by the firm to allege fundamental dishonesty in future ones.
Mrs Justice Eady found that DWF undertook the data processing “for a specified, explicit and legitimate purpose, carried out in performance of the defendant’s professional (and regulatory) obligations to its clients, for the public interest task of ensuring the proper administration of justice, and for the purpose of the legitimate interests of the defendant’s clients”.
The processing was necessary, proportionate and fair.
Back in 2021, DWF’s then head of organised fraud, James Stevens, created a witness statement (referred to as ‘JS1’) which was used to plead fundamental dishonesty in five low-value road traffic claims where Ersan acted for the claimants.
It detailed 372 claims submitted by the firm, which he said showed that 95% contained an allegation of psychological injuries and 68% of claimants served a psychological or psychiatric report.
All 207 reports provided by a particular doctor diagnosed a recognised psychiatric condition, with two-thirds of them estimating a recovery period of two years or longer.
In a second statement, Mr Stevens said the data “strongly indicates that all of the claims have been cynically managed so as to contrive an outcome whereby in every case, and irrespective of the true circumstances of that case, the claimant is presenting a claim that they have suffered psychiatric harm as a result of the relevant index event”.
The claimants failed in an effort to debar reliance on JS1 – although in one ruling Mr Justice Freedman stressed that it did not prove dishonesty on the part of Ersan & Co – and Ersan subsequently undertook not to make further debarring applications.
Eady J said DWF represented 18 insurers who were defendants to a large number of road traffic accident claims where Ersan was acting. Though 137 Ersan clients initially made data breach claims, all but three discontinued.
She noted: “Each claimant was asked whether Ersan was supporting these claims financially; none admitted this was the case, but equally none was prepared to explain how the case was being funded or who had paid the earlier costs orders, with reference being made only to there being ‘an arrangement’ with Ersan, which none of the claimants was willing to detail.”
Each testified that they were very concerned about what they saw as a serious data breach, which they did not see as mitigated by the fact that they were just one of 372 people named on a spreadsheet.
While the judge accepted that the trio each had “some sense of grievance” about the processing of their data, “I am nevertheless left with a question as to whether that grievance has been encouraged in some way”.
They sought a declaration of unlawfulness/breach of the UK GDPR in relation to the use of their names in JS1, saying they could have been anonymised.
DWF did not dispute that it was a data controller but argued that the litigation was an attempt by Ersan to undermine its and its clients’ ability to rely on JS1 in future claims.
Eady J held that collating the data to support claims of fundamental dishonesty was legitimate, while it was, at least initially, necessary to include the names, as Mr Stevens had reason to expect Ersan would ask for the case details if he had not.
The data was only disclosed by DWF to the court and to Ersan, and subsequently anonymised, she noted.
She continued: “I do not consider that the interests or fundamental freedoms of the claimants took precedence over the legitimate interest of the defendant’s insurer clients in putting the data contained within JS1 before the court to support pleas of fundamental dishonesty in the county court proceedings.”
The limited disclosure meant the impact on the interests of the claimants was “minimal” and the processing had not given rise to an unjustified detriment.
Eady J concluded: “Having identified the lawful purposes for which the defendant undertook the processing involved in JS1, I am satisfied, that, having regard to the requirements of fairness and transparency, this was limited to that which was necessary and proportionate to those purposes, and was not outweighed by the fundamental rights and interests of the claimants.”
Lorraine Carolan, global head of fraud at DWF, welcomed the ruling: “The judgment reinforces the legality of DWF’s strategy, finding our actions in this matter to be for the purposes of the legitimate interests of our clients and both necessary and proportionate.
“This was an important case, for the 18 insurers who sit behind the claims giving rise to these proceedings, and for the industry more broadly.
“The judgment will support efforts to challenge claims which raise suspicions of exaggeration and fraud. It is a clear win for insurers and their policyholders and should serve as a cautionary note to those contemplating bringing, or facilitating, such claims.”
Ersan & Co said in a statement that it was seeking counsel’s opinion on the ruling. “This judgment raises significant points of law, particularly concerning data protection, the handling of sensitive information, and the legal safeguards in place for minors [one of the claimants was a minor until last year].
“As the case involves the protection of vulnerable individuals, including minors, we are carefully considering the implications of the judgment on data protection practices and are exploring the possibility of an appeal.
“Once we have had the opportunity to thoroughly review the judgment and consult with our legal advisors, we will be in a position to provide a more detailed statement on the matter.”
Leave a Comment