Two recent cases demonstrate two very different privacy issues arising out data breaches suffered by the telecommunications company TalkTalk in 2014 and 2015. Smith v TalkTalk Telecom Group plc  EWHC 1311 (QB) (27 May 2022) concerned claims for damages for both breaches; whilst Sterritt v Telegraph Media Group Ltd  NIQB 43 (09 June 2022) concerned the privacy of one of the hackers involved in the second breach. In my previous post, I looked at the limits of claims for misuse of private information for both breaches in Smith. In this post, I want to look at Smith (again) and at Sterritt, to consider the limits of a claim in negligence in such cases.
2. Negligence claims in Smith
The main problem in Smith is that TalkTalk did not take steps to secure the data involved in the 2014 breach and the 2015 hack. This sounds like a failure to take reasonable care. But a negligence claim in such circumstances was not pleaded, as it was probably precluded by authority.
In Swinney v Chief Constable of Northumbria Police Force  QB 464,  EWCA Civ 1322 (22 March 1996), the plaintiff saw a car which had hit and killed a police officer, and provided that information to the police.…