Claims club

December 2016, London

Asbestos claims

What do you need to know?

Mesothelioma claims

Represent about 80% of the cost of asbestos basedclaims to the insurance industry

Mesothelioma is a type of cancer that develops in thelining that covers the outer surface of some of thebody's organs (often the lungs). It is linked toasbestos exposure.

Mesothelioma

Typically develops more than 20 years after exposureto asbestos.

Mesothelioma claims - what ischanging?• 2002 – 1,600 claims• 2006 – 2,500 claims• 2010 – 3,250 claims• 2014 – 3,500 claimsRecent experience shows a stable but increasingnotification trend of claimsThe increases in claims notified appears to be slowingdown

Mesothelioma claims – what’schanging – average costs2002 - £69,0002006 - £75,0002010 - £87,5002104 - £97,500

Inflation is running at about 3-4% per annumPaid at nil are running at between 21% and 23%

Mesothelioma – what’s changing –Claimant age at notification2002 – 672006 – 692010 – 732014 – 74

Which means that you are dealing with older claimsfor your authority (or a predecessor authority)

Mesothelioma claims – what’schanging - % of living Claimants2002 – 20%2006 – 18%2010 – 61%2014 – 69%

NHS mesothelioma framework 2007 – increasedawareness and improved diagnosis

Mesothelioma claims –Male/female % Claimants• 2002 - 96% male/4% female• 2006 - 96% male/4% female• 2010 – 94% male/6% female• 2014 – 95% male 5% female

The proportions are relatively consistent with a slightincrease in claims from women

Mesothelioma claims – what’schanging – deaths HSE projection2002 – 1,5002006 – 1,7502010 – 1,9002014 – 2,5152020 – 2,0002024 – 1,8002028 – 1,500

Mesothelioma claims – deathratesHSE projection peaks in 2016

Other projections peak higher and later (2018)

Revised HSE projection moved back to 2015 butpeaked higher (about 1%)

Mesothelioma claims – whatmight changeMedical advances –longevity (40% of sufferers survive one year, 20%survive two years)Cure – impact on claims depends on how the cost ofthe cure compares to the cost of death benefits

A double lung transplant costs £360,000,chemotherapy cost £26,000

Mesothelioma claims – whatmight change?Mortality improvements – increased longevity meansmore exposed lives develop mesothelioma

Exposure pattern – the long latency period means weknow little about underlying exposure from late1970’s onwards

Mesothelioma – what mightchange

Inflation –

Medical - costs eg drugs

Legal – court fee increases, changes to Ogdendiscount rates, case law

Mesothelioma claims – MMI

Annual Report and Accounts for year ending 30 June2016

“An increase in the provision for mesothelioma claimshas not been required this year as reportingpatterns for new mesothelioma claims havestabilised”

Mesothelioma claims – MMI

“The Employers Liability mesothelioma accountremained stable due to slightly fewer new claimsbeing reported compared with the previous year, butthe very nature of these claims makes futureprojection uncertain”

Lord Justice Brown: 2011defending a mesothelioma case: “a lostcause”• Sienkiewick v Grief & Wilmore v

Knowsley MBC

Prescott v University of StAndrews 2016• Evidence of exposure to be positively proved by the

CLAIMANT• ONLY THEN consider if exposure negligent.

Smith v Portswood House 2016

• Burden of proof remains with the claimant• “substantial dust” is more than “not negligible” (FA

S63 1961)• Expert evidence: exposure as proved v relevant

HSE guidance and standard of care• Williams v University of Birmingham

Heneghan –v- Manchester DryDocks Ltd & 5 others 2016

• 2 stage test: “what” and “who”• “Fairchild” exception applies to “who”• Damages divisible = conventional apportionment• Barker v Corus 2006 applied

Carder v University of Exeter2016• A cautionary tale……• Lord Dyson:“I recognise that Mr Carder has been awarded a sumwhich is small when compared with the costs of thislitigation. That is regrettable. But litigation of thiskind is often necessarily factually complex.Defendants faced with claims whose costs are likelyto be out of proportion to the damages likely to beawarded after a trial should try to settle them early.”

Sanderson v City of Bradford MBC

• Cautionary tale 2….• Genuine reason for delay• No prejudice to defendant• Prejudice caused by defendant• Good case on the merits• S33 Limitation Act applied.• ..how to avoid?

Clark v Enfield Council (as successorsin title of Middlesex County Council)and Balding & Mansell Ltd

• Claim for malignant mesothelioma in livingClaimant

• Caretaker from 1958 to 1962/3 with E• Employed by B&M from 1969/70 to 1992/93• Likely repeat low level exposure with both E and

B&M

Date of knowledge of link between lowlevels of exposure/mesothelioma?

• Need for expert evidence – Occupational hygienist• Newhouse and Thompson report (1965) published in

Sunday Times 31/10/65• Prior to 31/10/65, concern was of link with substantial

exposure (e.g. stripping lagging from boilers)• Claimant’s exposures not “substantial” judged by the

standards of the time – i.e. not foreseeable• Claim has discontinued against E with B&M paying all of

C’s damages and costs.

Talk to us…

Matthew Harpin| 0121 237 3970matthew.harpin@brownejacobson.com

Bridget Tatham| 0121 237 3916bridget.tatham@brownejacobson.com

David Maggs| 020 7337 1005david.maggs@brownejacobson.com

General Data Protection Regulation

Megan Larrinaga

Will GDPR apply to the UK?

• Yes• No information as to how it will apply• Tinkering with GDPR post-Brexit?• Favourable exemptions?

General Data ProtectionRegulation(GDPR)• New definitions• New principles for Data Processing• Data Subject Rights• Consent• Information to be provided to Data Subjects• New Data Controller Obligations• Data Processor Obligations• Data Protection Officers• Mandatory Breach Notification• Increase in Liability and Sanctions

Aim of the Reform

• A uniform regime• Greater rights for data providers• Enhancing confidence in security• Increased accountability• Reduction in bureaucracy

Territorial Scope

• All data controllers and processors– Operating within the EU – whether or not the

processing takes place in the EU– Outside the EU that offer goods and services to data

subjects in the EU– Outside the EU that monitor the behaviour of data

subjects to the extent that the behaviour takesplace in the EU

Definitions – personal dataCurrentData relating to a living individual who can be identifiedfrom those data or from those data and other informationwhich is in the possession of, or likely to come into thepossession, of the data controller.FutureAn identifiable person who can be identified directly orindirectly, in particular by reference to an identifier suchas name, identification number, location data, onlineidentifier or to one or more factors specific to the physical,cultural, physiological, genetic, mental, economic, culturalor social identity.

Special categories of data• Data revealing- Race or ethnic origin Political Opinions Religious or Philosophical Beliefs Trade Union Membership Health or Sex Life and Sexual Orientation Genetic or Biometric data in order to uniquely identify

a person• Processing of any/all of the above prohibited subject to

exceptions

Definitions – data processing• Current – obtaining, recording or holding the

information or data or carrying out any operationor set of operations on the information or dataincluding altering, retrieving, disclosing, blockingerasing or destroying the information

• Future – any operation or set of operations whichis performed on personal data whether or notautomated including collecting, recording,organising, structuring, storing, adapting, altering,disclosure, erasure or destruction.

Principles for data processing• Data must be processed lawfully, fairly and in a transparent

manner• Data must only be collected for a specified, explicit and

legitimate purpose• Data must only be processed to the extent that it is adequate,

relevant and limited to what is necessary in relation to thepurpose for which they are processed

• Data must be accurate and up to date. Data which is inaccurateshould be erased or rectified without delay

• Identifiable data should not be kept longer than is necessary• Ensure appropriate security of the data• Ensure compliance with the Regulations.

Lawful basis of processing

• Consent• Contractual necessity• Legal Obligation• Vital Interests of the data subject or of another

natural person• Public Interest or exercise of official authority• Legitimate interests of data controller or third

party to whom data is disclosed (but not to a publicauthority).

Consent• Must be freely given, specific, informed and unambiguous• Must be given by a statement or a clear affirmative action• If written, should be distinguishable from any other

matter• Withdrawal of consent should be as easy as grant of

consent• Purpose limited – loses validity when the purpose ceases

to exist• Burden of proof on the data controller to show consent

freely given

Data subject rights

• Data subjects can require: Inaccurate personal data be corrected or incomplete data be

completed including by way of supplementing a correctivestatement

Personal data in a machine readable and structured formatcommonly used by the data subject and allows for furtheruse

The data controller to delete their personal data wherecertain conditions are met

Data subject rights: continued Restriction of processing of personal data – so that this can

only be held by the controller and used for limited purposes Transfer of personal data from one data controller to

another (“data portability”) Processing of personal data not take place for direct

marketing, including profiling Not to be subject to a decision based solely on automated

processing, such as in connection with insurance premiums

The rights of access, rectification, erasure and the right toobject must be given effect free of charge

Information to be provided• Data controllers must provide the following to data subjects on

request: Identity and contact details of data controller and data protection

officer Intended purpose of processing and period for which data will be

stored Existence of rights: access, rectification, object and erasure Right to lodge a complaint internally and to a supervisory authority Recipient or categories of recipients to whom data will be disclosed Intention to transfer to another country or international organisation• Information must be concise, transparent, intelligible and easily

accessible• Must be provided in writing unless otherwise requested.

Controller vs Processor

• The GDPR applies to ‘controllers’ and ‘processors’• Broadly the same as under DPAData controller says why and how personal data is

processedData processor acts on behalf of the controller• Data processors now have direct obligations

Data controller obligations• Designate a data protection officer (where required)• Appoint a sub-processor• Adopt policies and implement appropriate technical

and organisational measures to ensure and be able todemonstrate compliance with GDPR

• Implement security requirements• Deal with privacy impact assessments• Comply with requirements of supervisory authority• Report breaches to the supervisory authority and

affected data subjects

Data processor obligations• Designate a data protection officer (where required)• Appoint a sub-processor only with authorisation of a data

controller• Adopt policies and implement appropriate technical and

organisational measures to ensure and be able to demonstratecompliance with GDPR

• Implement security requirements• Comply with requirements of supervisory authority• Maintain a written record of all personal data processing carried

out on behalf of a data controller• Notify data controllers without undue delay after becoming aware

of a breach

Non-compliance by dataprocessors• Sanctions by regulator• Damages claims from data subjects

– failure to comply with lawful instructions of datacontroller

– apportionment between data controller and dataprocessor

• Damages claims from data controllers

Data Protection Officer

• Data controllers and data processors mustdesignate a Data Protection Officer where:– The processing is carried out by a public authority– The processing requires regular and systematic

monitoring of data subjects on a large scale– The core activities consist of processing large scale

special categories of personal data

Responsibilities of DataProtection Officer

• Inform and advise the data controller/processor• Monitor the implementation and application of the

Regulations and the data protection policies• Monitor Impact Assessments and breaches• Point of contact for Supervisory Authority

Mandatory breach notification

• Notify data protection authority without undue delayand, where feasible, within 72 hours of awareness –reasoned justification required where timeframe is notmet

• Notify the affected data subjects without undue delay –where there is a “high risk” to their rights andfreedoms

• Not required if breach is unlikely to result in a risk tothe rights and freedoms of individuals

• Adopt internal procedures for data breaches

Consequences of a data breach• Level 1: €10,000,000 or 2% total worldwide annual

turnover• Level 2: € 20,000,000 or 4% total worldwide annual

turnover• Factors taken into account when determining fine:Nature, gravity and duration of the breachWhether breach intentional or negligent Previous breaches by the data controller/processor Technical and organisational measures in place.

Next steps• Enforceable from 25 May 2018• Where consent is relied upon as the basis for processing, consider

whether this is valid under the GDPR• Review all communication and information to ensure all necessary

information is stated• Review systems to ensure that new obligations can be met, such as

data portability• Review processes and procedures for reviewing and reporting data

breaches, and implement appropriate policies• Consider whether it is necessary to appoint a DPO

Next steps

• Consider the relationship between various parties to anagreement, who is the data controller/processor in relation towhat personal data, and the obligations on each

• Review agreement between controllers and processors to ensureappropriate arrangements are in place

• Consider the rights of the data subject. How will you deal withrequests for erasure?

• Consider the impact of Brexit, including which parts of youroperations are within the UK or elsewhere

• Consider where personal data of individuals within the EU andoutside of the EU is processed and how this impacts on yourobligations

Questions…

Megan Larrinaga| 020 7871 8504megan.larrinaga@brownejacobson.com

• All information correct at time of production.

• The information and opinions expressed within this documentare no substitute for full legal advice. It is for guidance only andillustrates the law as at the published date. If in doubt, pleasetelephone us on 0370 270 6000.

• © Browne Jacobson LLP 2016 – The information containedwithin this document is and shall remain the property of BrowneJacobson. This document may not be reproduced without theprior consent of Browne Jacobson.