Legal Eagle: What you need to know about the new Data Protection Act

A laptop contains personal information.
A laptop contains personal information.

The issue of data protection has been difficult to avoid in the last few months. Like most of us, it is likely you received emails earlier this year from companies requesting permission to use your data.

Many of these emails were not actually required by new laws (the General Data Protection Regulations (GDPR) were brought in by the Data Protection Act 2018 and came into effect on May 25, 2018).

The emails probably resulted from either a misunderstanding of the new legal position or, the cynic in me might suggest, some were actually a method of marketing by the business concerned.

I personally received some emails asking me to “renew” my permission for a company to use my data when I had never had dealings with them – a rather underhand way of signing me up to their marketing list.

But what to do when there has been a serious breach of your data?

The Information Commissioners Office (ICO) regulates this area. Although the ICO cannot compensate you for loss suffered they now have the power to impose even greater fines on organisations who have not handled your data correctly. Fines can now be a maximum of £17million or four per cent of an organisations global turnover. Unfortunately my experience of the ICO’s decisions is that enforcement appears variable.

If the breach was serious involving sensitive data and caused you significant distress/worry then a claim direct to the organisation may be possible.

There has been a number of high profile data breaches recently including a large case involving Morrison’s employees. Their payroll data was disclosed on the web and copies sent to national newspapers by a rogue employee. The data included employees’ names, addresses, dates of birth, gender, phone numbers, bank details and salary information.

Following a trial in late 2017 Morrison’s were found liable for the actions of the (by then former) employee. It is understood approximately 5500 employees pursued this joint claim. The exact level of compensation which may be awarded to each employee is as yet unknown. Often the issue of the amount of compensation is settled on a confidential basis.

We currently act for nearly 90 clients regarding a data breach by Newcastle City Council when an email was sent by a Council employee to 77 people containing third party child adoption information. Other recent data cases concern a Police file which was recently found in a skip in Hartlepool containing very sensitive details of individuals some of whom were survivors of child abuse.

In the national news Cliff Richard featured last week when the High Court awarded him £210,000 for a breach of his private life. This arose from the BBC reporting on a Police investigation into non recent sexual abuse and a search of a house belonging to Cliff Richard.

The BBC flew a helicopter over his house broadcasting the Police search live with camera footage including pictures through the house windows. Cliff Richard was never arrested or charged in relation to the matter.

He stressed his innocence and the BBC made a statement stating issues around the matter could have been dealt with differently, but only after they lost the court case. There may be an appeal by the BBC in due course.

The case raises the interesting dilemma between what the public have the right to know in a free, open, democratic society and the rights of an individual to a private life.

Should suspects be named during investigations by the police when there is not even a prosecution never mind a conviction?

On occasions in the past this has caused innocent people significant distress e.g. Christopher Jefferies who was arrested on suspicion of the murder of Jo Yeates in Bristol in 2010. He stated he was “vilified” by the media following his arrest. He later successfully sued a number of newspapers for libel. Another person was later convicted of the murder.

Many argue however, with some justification, that the naming of individuals prior to conviction, particularly in sexual offence cases, results in other victims coming forward. In non-recent sexual abuse cases this can significantly strengthen a prosecution case; one person without witnesses or physical evidence claiming abuse say 20 years ago can be very difficult to prove, a number of separate individuals making similar allegations against the same person is far more persuasive.

The Cliff Richard case is likely to result in people who are suspects in police investigations, save in exceptional circumstances, being entitled to reasonably expect the matter is kept private and not covered by the media.

Ben Hoare Bell LLP has a team of lawyers specialising in this work. If you believe you have suffered as a result of your sensitive information being disclosed without your permission please contact either Richard Hardy or Andrew Freckleton on 0191 565 3112 or email advice@benhoarebell.co.uk