Legal Action Against Grant Thornton the liquidator of Cryptopia
We have had communications with the Privacy Commission in New Zealand over quite a period regarding the breach of privacy by the High Court and Grant Thornton when account holders data was released in April this year. The High Court in New Zealand has certain ammunity and so the focus has gone back on the liquidator.
The thing to look at is the actions of the liquidator when they supplied the files to the High Court. Did their actions meet the expected standards? (Microsoft Security Best Practice) The Privacy Commission has pointed us to the legislation in New Zealand. Principle 5.
http://www.legislation.govt.nz/act/public/2020/0031/latest/LMS23376.html
Information privacy principle 5
Storage and security of personal information
An agency that holds personal information must ensure—
(a) that the information is protected, by such security safeguards as are reasonable in the circumstances to take, against—
(i) loss; and
(ii) access, use, modification, or disclosure that is not authorized by the agency; and
(iii) other misuse; and
(b) that, if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorized use or unauthorized disclosure of the information.
Clearly the Liquidator has failed under principle 5.
This raises two major issues for the Liquidator. The first is negligence, and the lawyers are now preparing an opinion on that with anticipation of a class action.
The second question we have had is can the Liquidator be liable to a breach of privacy when a 3rd party (in this case the High Court) has released confidential information. Clearly Principle 5 (b) states they can.
The next steps.
For many this breach will be an opportunity for the majority of account holders to hold the liquidator accountable and potentially receive entitled compensation. For most the likely compensation will be more than the value of coins held in their wallets. The matter we are working through is whether this should be a class action, or we make each claim on behalf individually, or whether the Liquidator (or their insurers) may enter into a global settlement.
Importantly for account holders the legal opinion we have is the Liquidator can not claim the costs of rectifying his mistakes against the assets of Cryptopia.
Why should you join the data recovery action?
1. The cost to obtain copy of the data that was leaked by the Liquidator is only 10 euro.
2. It is important for everyone to know what data the liquidator has leaked.
3. For many people this will be the first data from the Liquidator enabling you to have any idea of the value of your coin holdings.
4. From our experience this information has confirmed for many people that the Liquidators data is incorrect and there needs to be a consultation process.
5. The Privacy Commission website indicates that a financial compensation should start at around $5,000 per person. here
6. If we take individual claims the second phase will be to the Human Rights Tribunal who can award damages.
7. Instead of incuring high legal costs Cryptopia Rescue has structured the claim process so 30% of what is awarded is the cost to you, so no win no fee in that regards.
You can register here to join this action.