What does the future claims landscape look like?
According to Bluefin Professions, IR35 and data breaches are the most likely area for new strains of claims against the accountancy profession, but what steps can be taken to mitigate such claims?
The legislation surrounding this area is complex. Perhaps surprisingly HMRC has not been particularly vociferous in their challenges in this area but perversely this has left a gap in their usual additional guidance and commentary which might otherwise inform certainty in future advice and recommendations to clients.
This, coupled with the fact that April 2020 sees the extension of the IR35 “off-payroll rules”, could be laying the groundwork for a flurry of claims arising from historical misunderstandings and errors.
Data breaches and GDPR
We have not been alone in warning of the rise in claims arising from increasing incidents of cyber-attacks and data breaches. 2019 has seen a marked increase in cyber and GDPR issues and we strongly expect 2020 to see this increase further and break into the “Top 5” by 2021.
Accountants generally have a wealth of data which makes them vulnerable to external cyber-attacks and internal malicious data breaches. Unfortunately, the financial consequences of these incidents could be about to be exacerbated due to recent case law Lloyd v Google LLC  EWCA Civ 1599.
This judgment, when given at first instance, paved the way for claimants in principle to claim damages for data losses irrespective of whether they had suffered financial loss. In October 2019 this potential increased as the Court of Appeal confirmed that claimants as part of a class action did not each individually need to prove their losses but that it was sufficient for one “test” case to prove their losses which would then apply to all other claimants in the class action (irrespective of their own particular circumstances).
In short, potentially paving the way for something more akin to the US-style of group litigation. A somewhat worrying trend and something that no-one other than claimant lawyers should relish!
Damages for loss of data are notoriously difficult to predict but figures per claimant of between £2,500 to £12,500 are not uncommon. Assuming data records of 40,000 have been breached this could equate to potential claims in the realms of £100m to £500m.
Against this backdrop it is certainly within the realms of possibility that the claims companies casting their nets for a replacement for the PPI miss-selling saga will latch on to this possibility with vigour. Therefore, another timely reminder to carefully revisit your potential exposures both in terms of prevention (software and training) and cure (insurance – risk transfer).
How to mitigate some of the most common claims
- Send an engagement letter – sounds simple but this will be the starting point in assessing the validity of any claim:
- Who is the client (avoiding any conflict scenarios)
- What was the scope of your work?
- What did you expressly state you would not be advising on (e.g. tax implications of a transaction)
- Keep accurate file notes – this can be key in any dispute and can reduce the likelihood of a ‘he said/she said’ scenario. At best, they can prevent a claim getting traction and at worst you have evidence supporting the advice that you gave.
- As regards cyber attacks/data breaches, prevention is better than cure. Ensure that data management and training of all staff who have access to data is as good as it can be.
That said, there is very much an air of inevitability in this arena – if even the large multi-national companies are being compromised what hope is there for businesses with much smaller IT and training budgets? Perhaps the key is to ensure that you have adequate protection in the event of a breach.
Transferring the risk with the purchase of a cyber insurance policy designed to respond to these specific risks can be very cost-effective and provide that piece of mind should the worst happen.
If you would like to find out more about our Professional Indemnity Insurance, click here. To discuss any of the above or your Professional Indemnity Insurance requirements in more detail, please contact Bluefin Professions on 0345 894 4684.
Liked this? Read these:
Go to London Accountant for more features, news and opinion.
Follow us on Twitter @ICAEW_London and join us on LinkedIn: LSCA and Croydon.
Subscribe to ‘regional updates’ to receive more articles.