Court of Appeal rules on what amounts to direct loss in an IT dispute

The recent Court of Appeal in GB Gas Holdings Limited v Accenture (UK) Limited and others has looked at the types of losses that are covered by the term direct loss in the context of a dispute over an IT system. 

Accenture contracted with GB Gas Holdings, part of the Centrica Group, to provide a new IT system to support billing and customer services for Centrica.  Implementation of the new IT system didn't go smoothly, with Centrica claiming that a number of failings with the system resulted in customer accounts being billed inaccurately and declining customer satisfaction.  Centrica sued Accenture because it had, amongst other things, to compensate customers and pay increased gas distribution charges due to incorrect gas consumption data.

One of the central issues before the Court was whether the losses suffered by Centrica came within the scope of the exclusions of liability in the contract.  The contract excluded liability for:

• Loss of profits or of contracts arising directly or indirectly;
• Loss of business or of revenues arising directly or indirectly; and
• Any losses or damages to the extent that they were indirect or consequential or punitive.

Direct loss has traditionally been held to be such loss that flows naturally from a breach in a contract.  While indirect or consequential loss is loss which does not arise naturally from the breach, but is specific to the contract concerned and the contracting parties must have known that it might arise as a result of a breach.

Accenture argued that the claims for customer compensation, increased gas distribution charges and other charges that Centrica had to pay were consequential loss, and thus explicitly excluded by the terms of the contract.

The Court of Appeal agreed with the view of the High Court which was that, given the system failure and the context of the agreement, customer compensation was a direct loss, as Accenture had accepted that the purpose of the system was to improve customer satisfaction. Regarding the various charges, the Court of Appeal held that these were also direct losses - specifically in relation to the gas distribution charges it held that this was not a loss of revenue but a charge Centrica would not have had to pay but for the IT system failures.  

The contract also stated that Accenture would only be liable if it failed to rectify a "fundamental default", which was defined as a fundamental breach of warranty "which causes a severe adverse effect on the British Gas Business".  The Court of Appeal found that a fundamental breach of warranty could arise by aggregating a number of smaller individual breaches to produce a "severe adverse effect" for the purposes of constituting a fundamental default. 

So what does this mean?

Firstly, it is apparent that compensation payments made by the injured party to customers can in principle be direct loss, even where the size and frequency of such payments are entirely at the discretion of the injured party.

Secondly, it is interesting to see how a string of relatively minor breaches can be aggregated to produce a single fundamental breach. This is especially important in relation to contracts for IT systems – where it can often be the case that a number of minor faults within in a system could result but only when looked at as a whole could they be viewed as causing serious problems across the business.

Lastly, it shows the importance of clear and precise drafting in terms of the liabilities to be included or excluded. If parties wish to exclude certain agreed types of loss, then a list of liabilities to be excluded should be explicitly stated in the contract.

08 September 2010

Anonymous bloggers identities revealed

A recent decision of the High Court has reinforced the principle that websites can be forced to reveal the identities of anonymous posters of defamatory messages.

Allegedly defamatory statements about two AIM-listed oil companies and their management, Nighthawk Energy and Nostra Terra Oil and Gas, had been posted on bulletins boards by anonymous posters. The companies claimed that the comments about the companies and their management were untrue and extremely damaging.

The High Court granted the court orders forcing bulletin board operators, Interactive Investor (iii) and ADVFN, to provide the identity of the individuals who anonymously posted the comments about the companies. It was noted by the court that false messages are often posted deliberately by people to try and profit from rises or falls in a company's share price.  As a result of the court orders the individuals' identities have been provided to the two oil companies, who are considering whether to take action against the individuals for defamation.

This case echoes that of Sheffield Wednesday Football Club Limited and others v Neil Hargreaves in 2007 in which the High Court ordered the owner of a football club fan website to disclose the identities of four users of the website in relation to the posting of allegedly defamatory statements regarding the football club's management. In that case, the High Court set out some clear guidelines as to when a court can require a website operator to disclose the identities of posters of defamatory messages. In reaching its decision the High Court took into account the gravity of the defamatory allegations, the fact that the directors of the football club did not have any other means of discovering the identities of the website users, the website's restrictions on the use of defamatory language and the fact that the website operator did not have a confidentiality policy for website users.

Due to the gravity of the defamatory allegations the High Court held that the right of the website users to maintain anonymity and express themselves freely was outweighed by the directors' entitlement to take action to protect their reputations. That case illustrated that the courts will not reach a decision to require disclosure lightly, as it will have an impact upon an individual's rights of privacy and freedom of expression.

Court orders obliging websites to disclose the identities of users posting anonymous defamatory remarks began in 2001. The operators of websites have protection from having to disclose information about anonymous posters under confidentiality laws and the Data Protection Act 1998.  However in certain circumstances the courts can make orders which require the disclosure of the identity of wrongdoers and this latest case reaffirms this position.

08 September 2010

Government call For evidence on UK Data Protection Regime as Europe seeks reform

In July 2010 the Ministry of Justice (the "MoJ") issued a call for evidence seeking views on the data protection law in the UK to prepare it for negotiations on reforming the European Data Protection Directive. The call for evidence presents an ideal opportunity for interested parties to express their views on the reform of data protection laws.

UK Data Protection Regime

In the UK, the collection and use of personal data is regulated by the Data Protection Act 1998 (the "DPA"), which implements the European Data Protection Directive (95/46/EC).

The Directive, which was intended to harmonise data protection law across the European Union, gives extensive rights to individuals whose personal data is collected as well as imposing fairly stringent obligations on those who process such personal data.

Government call For evidence

The MoJ has launched this call for evidence to help the government form its position on the European Commission's (the "Commission") original plans to produce a legislative proposal for reform of the Directive, as well as to help it in its future negotiations.  The call for evidence invites opinions on issues such as:

(i)  whether current data protection legislation provides adequate protection to individuals whose personal information is processed;
(ii)  whether data controllers should be required to notify all data breaches to affected individuals;
(iii) whether the Information Commissioner's powers are sufficient and appropriate;
(iv) the effectiveness of current provisions for international transfers of personal data; and
(v) whether biometric personal data, such as fingerprints or DNA samples, should be specially protected as "sensitive" personal data.

Interested parties may also provide relevant evidence about any other aspect of the data protection framework which is working well or which is not working and could be improved. 
Responses to the MoJ call for evidence are sought by 6 October 2010.  Further details are available on the MoJ Call for Evidence web page.

Timetable

The Commission originally intended to publish a legislative proposal for reform of the Directive before the end of 2010, with the aim for EU negotiations to start in 2011.  However the Commission has now confirmed that the proposal will be published in late 2011.  The Commission was keen to stress that the delay was due to its need to take account of the results of the public consultation, as the changes it wants are significant, rather than simply being delayed as a result of lobbying from countries who thought the original timetable unrealistic.

ICO's powers criticised

On a separate issue, earlier in the summer the Commission formally requested that the UK government strengthen the powers of the Information Commissioner's Office (the "ICO").  The Commission believes that the DPA does not properly implement certain provision of the Directive, leaving the standard of protection in the UK lower than required under EU legislation.  In particular the Commission stated that the ICO cannot monitor whether third countries' data protection is adequate before there are transfers of data outside the EEA, and that the ICO does not have power to perform random spot checks on those using or processing personal data, nor enforce penalties following the checks.  In reference to the ICO, the Commission said: "Having a watchdog with insufficient powers is like keeping your dog tied up in the basement."

The UK government was meant to have informed the Commission of the measures it intends to take to ensure full compliance with the Directive by 24 August 2010, but at present nothing has been released.

08 September 2010

...Just one more thing...

The Information Commissioner’s Office (“ICO”) has recently announced a tougher approach on enforcement of FOI matters.  This comes at the same time as two conflicting decisions of the Information Tribunal (the "Tribunal") on the question of late reliance by public bodies on exemptions available under the Freedom of Information Act 2000 ("FOIA").

Home Office v Information Commissioner EA/2010/0011

The case of Home Office v Information Commissioner EA/2010/0011 was decided in June.  In that case the Tribunal held that the Home Office was entitled to raise new exemptions in proceedings before the Tribunal, which it had not cited in its initial response to an FOIA request and that the Tribunal was obliged to consider them.

The case related to a request for the disclosure of information on the introduction of legislation abolishing successful asylum seekers' rights to back-payment of income support. Initially, the Home Office refused to provide the information, relying on section 35(1)(a) of FOIA (the development of government policy exemption). The requestor appealed to the Information Commissioner, who held that the exemption was engaged but that public interest favoured disclosure of the information.

The Home Office then appealed to the Tribunal, no longer relying on section 35(1)(a) but citing instead exemptions for internal communications (section 35(1)(b)), personal data (section 40(2)) and legal professional privilege (section 42).

The Tribunal held that certain elements of the information requested were protected by the sections 35(1), 40(2) and 42 exemptions and should not be disclosed.

The decision has attracted comment because the Tribunal held that it was not open to it to refuse to consider the late exemptions.  This approach departed from the previously established position that the Tribunal had discretion to decide whether to permit late exemptions where justified and in exceptional circumstances.

The Commissioner of Police of the Metropolis v The Information Commissioner EA/2010/006

Days after the Home Office decision, the Tribunal issued a further decision contradicting its somewhat controversial approach in that case.

In The Commissioner of Police of the Metropolis v The Information Commissioner EA/2010/006, the Tribunal refused to consider late reliance by the Commissioner of Police on an exemption raised for the first time before it. The Tribunal held that there must be a "reasonable justification" to allow late reliance on an exemption as it would otherwise unfairly prejudice the requestor by making the appeal process unclear.

An unconnected appeal by the Department of Environment, Food and Rural Affairs on the same issue is currently pending before the Upper Tribunal.  It is hoped this will clarify the position on late reliance, as this leaves the position unclear for both the public authority and the requesters.

ICO Gets Tougher on Enforcement

The decisions roughly coincide with an ICO press release outlining its new and "tougher approach" to enforcement of FOI matters. Mick Gorrill, Head of Enforcement at the ICO is quoted issuing a warning that:
 
"the public bodies that continually fail to meet their legal obligations will face regulatory action…. After monitoring authorities' compliance with the Act, we will take action against those that abuse the system."

The press release focuses in several areas on timely response to FOI requests, noting that compliance with timelines is a key target. At present, between 20 and 25% of complaints made to the ICO relate in some respect to the response times of public bodies.

Consultation on Freedom of Information (Scotland) Act 2002 (FOISA)

In contrast the recent focus of FOI in Scotland has been on the question of potential extension of FOI.  Following on from an announcement at the end of 2009 the Scottish Ministers have commenced a formal consultation on whether FOISA should be extended to the following bodies:

• Contractors who build and maintain hospitals;
• Contractors who build and maintain schools;
• Contractors who run privately managed prisons and provide prisoner escort and court custody services;
• Contractors who operate and maintain trunk roads under private finance contracts;
• The Glasgow Housing Association;
• The Association of Chief Police Officers in Scotland; and
• Bodies used by local authorities to provide leisure, culture and sport services.

The consultation opened on 28 July 2010 and responses are requested by 2 November 2010. Full details can be found on http://www.scotland.gov.uk/consultations.  For further information about the implications of such extension please contact Alison White or Paul Carlyle.

08 September 2010