New data protection legislation
The issue of data protection has been difficult to avoid in the last few months. Like most of us, it is likely you received emails earlier this year from companies requesting permission to use your data.
Many of these were not actually required by new laws (the General Data Protection Regulations – GDPR – were brought in by the Data Protection Act 2018 and came into effect on 25 May 2018).
The emails probably resulted from either a misunderstanding of the new legal position or, the cynic in me might suggest, some were actually a method of marketing by the business concerned.
I personally received some emails asking me to “renew” my permission for a company to use my data when I had never had dealings with them – a rather underhand way of signing me up to their marketing list.
But what to do when there has been a serious breach of your data? The Information Commissioners Office (ICO) regulates this area. Although the ICO cannot compensate you for loss suffered they now have the power to impose even greater fines on organisations who have not handled your data correctly. Fines can now be a maximum of £17million or four per cent of an organisation’s global turnover. Unfortunately my experience of the ICO’s decisions is that enforcement appears variable. If the breach was serious involving sensitive data and caused you significant distress/worry then a claim direct to the organisation may be possible. There has been a number of high profile data breaches recently including a large case involving Morrison’s employees. Their payroll data was disclosed on the web and copies sent to national newspapers by a rogue employee. The data included employees’ names, addresses, dates of birth, gender, phone numbers, bank details and salary information. Following a trial in late 2017, Morrison’s were found liable for the actions of the (by then former) employee. It is understood approximately 5,500 employees pursued this joint claim. We currently act for nearly 90 clients regarding a data breach by Newcastle City Council when an email was sent by a council employee to 77 people containing third party child adoption information. Other recent data cases concern a police file which was recently found in a skip in Hartlepool containing sensitive details of individuals. In the national news Cliff Richard featured last week when the High Court awarded him £210,000 for a breach of his private life. This arose from the BBC reporting on a police investigation into non recent sexual abuse and a search of a house belonging to Cliff Richard. The BBC flew a helicopter over his house broadcasting the search live with camera footage including pictures through the house windows. The case raises the dilemma between what the public have the right to know in a free, open, democratic society and the rights of an individual to a private life. Should suspects be named during investigations by the police when there is not even a prosecution never mind a conviction? On occasions in the past this has caused innocent people significant distress. Ben Hoare Bell LLP has a team of lawyers specialising in this work. If you believe you have suffered as a result of your sensitive information being disclosed, contact either Richard Hardy or Andrew Freckleton on 0191 565 3112 or email advice@ benhoarebell.co.uk