Distressed by Loss of Personal Data

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

It has been announced today that Morrisons’ employees are suing their employer for loss of their personal data, which they are likely to argue has caused or is causing them distress.

Earlier this year one of Morrisons’ employees was reported to have shared the personal data of 100,000 employees with newspapers and uploaded the information on data sharing website. The information shared included salary information, national insurance numbers, dates of birth and bank account details. The employee, Mr Skelton was prosecuted for a number of different offences including unauthorised access to personal data with the intent of committing an offence and disclosing personal data and was jailed for 8 years. For further information on this case see our earlier blog.

Under the Data Protection Act it use to be the case that you could not claim compensation unless you suffered financial loss. This meant that if you were distressed by a situtation such as loss of your personal data by a data controller but did not lose out financially, you were not able to bring a claim. However, this very issue of claiming compensation for distress was considered by the Court of Appeal in the case of Google Inc. v Vidal-Hall, Hahn and Bradshaw and the Court decided that a data subject could seek compensation for any damage suffered as a result of a breach of the legislation by the data controller. This decision is pending an appeal to the Supreme Court.

In the case that the Supreme Court agrees with the Court of Appeal, this makes it easier for data subjects affected like the Morrison’s employees to bring a strong claim forward. With the recent cyber-attack that Talk Talk has been hit with, it is likely that many more claims will follow.

Businesses and organisations when collecting and storing data as a data controller or processor have very specific responsibilities to fulfil. It is critical that these responsibilities are taken seriously and appropriate action taken. In one of our earlier blogs we have looked at research that has been conducted in relation to security of data. This is an integral part of the Data Protection Act and organisations should be thinking about whether their procedures and processes are sufficient in securing their data from loss or attack, whether it happens internally or externally.

Forbes Solicitors assist a range of businesses, organisations and public authorities with issues relating to data protection law and practice. If you have a query about data protection law that you would like advice on please contact Daniel Milnes.

Nat Avdiu

About Nat Avdiu

Nat Avdiu is a Paralegal in the Contracts and Projects team at Forbes Solicitors. Nat provides updates for clients on a range of issues including: governance, data protection and freedom of information, procurement and charity law.
This entry was posted in Corporate & Restructuring, Debt Collection, Dispute Resolution, Employment Law, Family Law, Housing Litigation, Personal Injury and tagged , , , , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *