Information Security and Data Protection Newsletter for Financial Services - April 2015
Published 15 April 2015
RIP s.13 (2)
Landmark data protection decisions are few and far between but this month the Court of Appeal handed down a decision which will have far reaching data protection consequences. In Google v Vidal-Hall the Court of Appeal have confirmed that misuse of private information is a tort, and that claimants may recover damages under the Data Protection Act 1998 ("DPA") for distress without having to prove pecuniary loss. You can read further information on the facts and reasoning of this case below. However in summary this means that s.13 (2) of the DPA is no more. We now predict a flood of data protection litigation since every breach of the DPA risks an affected data subject seeking damages.
Combined with the proposed text of the new regulation which may increase fines for data breaches to up to 5% of annual worldwide turnover, never before has it been so important that data protection is on the board room agenda. Clients should be looking to put their houses in order now as compliance with current ICO best practice guidance goes a long way to compliance with the proposals of the new law. Clients should also be looking at their contracts with companies with whom they share personal data whether as a data controller, or a data processor assessing whether the liability clauses and indemnities cover tortious, as well as statutory claims related to breach of data protection.
We will be sending out sector specific guidance on the consequences of this case for our clients in the next few weeks.
Colleagues can sign up to the alerter here.
Follow us on twitter @DACBprivacy.