A claim against a housing association for a data breach is too trivial for the High Court and should be heard in a county court, a judge has said.
Master Thornett said that if the claimant wanted to pursue her case - which he called in its original forum as “a form of procedural abuse” - against the provider of low-cost social housing, it should be in the lower court.
Ms Johnson issued a Part 7 claim form in the High Court seeking damages limited to £3,000 for misuse of private information, breach of confidence and negligence, together with damages for breach of Article 8 ECHR rights damages pursuant to Article 82 GDPR and section 169 of the Data Protection Act 2018.
She also sought injunctive relief to prevent the recurrence of this type of breach and declaratory relief stating that the association breached the principles enshrined in this legislation.
Her solicitors filed a Precedent H Form confirming over £15,000 had been incurred in costs and a total figure for costs just in excess of £50,000.
In Johnson v Eastlight Community Homes Ltd  EWHC 3069 (QB) Master Thornett said Eastlight had sent a rent statement to a tenant that had inadvertently included those of other tenants including the claimant.
The tenant who received this immediately notified Eastlight and then deleted the email as requested.
Eastlight told tenants what had happed, apologised and self-reported to the Information Commissioner's Office.
Master Thornett said the claimant’s data appeared on pages 880-882 of a document of 6,941 pages and so it was highly unlikely that the recipient read it.
Eastlight denied that the claimant was entitled to any damages for a purely a technical breach of Article 5 of the GDPR as she suffered no loss or damage above the de minimis threshold, and therefore had no real prospect of success on the claim such that the court should enter summary judgment for Eastlight.
Master Thornett said the disclosed information “plainly was not of an obviously sensitive nature in itself” and could not have given rise to any fraudulent purpose. It comprised the claimant’s name, address and postcode, her account reference number, account balance and details of recent rent transactions.
The claimant said she moved to her current home in 2017 to escape an abusive relationship and feared that inclusion of her address in the email might lead to her being traced by her former partner.
She admitted though: “I was aware that the chance of such an occurrence was extremely low.”
Master Thornett said the former partner had had three years in which he could have found the claimant by consulting the telephone directory, since she had not chosen to be ex-directory, and her full address appeared unreacted on the claim form, which was publicly accessible.
“I struggle to understand how the claimant can maintain this is a case where relief other than damages could realistically be under consideration,” Master Thornett said.
“The claim for an injunction seems misconceived…there is no evidential basis put forward to maintain that this was anything other than a one-off error. There cannot realistically be suggested to exist an ongoing threat to the claimant's personal data, such as to justify an injunction.
“The prospect of an award of an injunction seems non-existent. I am quite satisfied the pleading of a claim for an injunction is merely an attempt to add credibility to the claim and to convey a greater impression of its importance.”
Master Thornett saw “no basis for this claim having been issued in the High Court”, where the threshold for a damages claim was £100,000.
He said: “No serious privately paying litigant would contemplate spending over £50,000 in costs, not all of which may prove recoverable even in the event of success, and similarly expose themselves to the risk of a significant adverse costs order following High Court litigation if unsuccessful, for a damages claim less than £3,000.
“The presentation and processing of this case to-date in this forum has, I am satisfied, constituted a form of procedural abuse.”