Data Hacked - Court dismisses claim

[Aysha]

Jurisdiction

United Kingdom

Our company gmail (Gsuite) account was accessed by a person without our authorization and certain emails were accessed and downloaded to use as evidences and presented to the courts by this person. When an email is downloaded in gmail you can find the email address and the date it was downloaded on top of the page. Therefore on the email this person had downloaded and presented to the courts had our company email address with date/time it was downloaded which was accessed without our consent.

When this was pointed out to the judge that the email presented to the courts was accessed illegally from our email servers without our consent, the judge dismissed it inquiring from us why our security systems were not stronger and dissmissed the claim without even investigating on it.

What type of corrective action can we make in this instance? Can we make a complaint? What is the best course of action in this case?

 

[Zigner]

I'm sorry but, although you have the option to enter other jurisdictions into the form, this forum is intended to help people who have questions related to US law matters.

 

[adjusterjack]

What is the best course of action in this case?

The best?

Consult an attorney, of course.

You already failed by doing it without one.

 

[Tax Counsel]

What type of corrective action can we make in this instance? Can we make a complaint? What is the best course of action in this case?

You didn't say so explicitly but I assume you sued this person for the wrongful access. While you are in the UK and UK and US law differ in some respects, there are some general observations I can make.

First, in common law jurisdictions (UK, US, Canada, Australia, New Zealand, Ireland, and other nations that inherited their legal system from the UK) judges generally do not conduct investigations. Instead they act as referees ensuring that the parties follow the applicable court rules in their case.

In a number of civil law countries, however, judges do open up and conduct their own investigations of possible criminal activity. Judges in Spain in particular are infamous for attempting to use their courts to try to prosecute people who have not even ever set foot in Spain and have no real legal connection to Spain.

Second, in the UK you generally want to hire a barrister to represent you in litigation, though in some cases a solicitor is authorized to appear in court as well. If your firm represented itself (which would not be possible in the US, but I don't know about the UK) that was likely a mistake.

Third, data theft is a risk of all businesses who rely on computers for their business. Those businesses need to keep up with the latest in security protocols and carry sufficient insurance to cover losses that may occur from hacks like this.

Fourth, in the common law system generally the losing party has a right to at least one appeal of the trial court decision. You may want to ask your barrister/solicitor if it might be worthwhile to do that in your case. In the US there is often no appeal from small claims court, and that may be true of courts hearing small claims in the UK, too.

You may, of course, report the hack to the relevant law enforcement agency that covers this kind of act, whether that's Scotland Yard or someplace else.

Finally, your post does not say what damages (harm) your business suffered from the hack. As a general rule under the common law your lawsuit must allege that some significant harm was suffered by the defendant's conduct, e.g. money lost, damages to computer equipment, etc. If your business has not yet suffered harm from the hack then it is generally premature to sue over it and the judge will dismiss it without prejudice (meaning that you could refile it again should you later suffer damages).

I think it would be a good idea to sit down with a solicitor and review your business practices and get advice on what you need to do in the UK to protect your business as much as possible from this kind of problem.