Angelus Law is now dealing with a number of cases relating to breach of GDPR/DPA, breach of privacy and misuse of private information by public authorities and private companies which have led to great distress to those clients involved. These types of cases very often involve the need for remedies beyond simple compensation; for example, seeking an injunction to stop an individual or organisation from continuing to share personal data without authority, or, seeking a declaration or guarantee to ensure that any past instances of data leaking or misuse are not repeated.

One such case is that of Mr L, who came to Angelus Law late in 2019 with serious concerns over the handling of his personal information by his NHS Trust. Mr L had been undergoing transition from Female to Male and had been attending a Gender Reassignment Clinic for roughly 4 years. There was a heavy emphasis upon privacy and security at the Clinic; access to the building could only be gained by the visitor providing their full name and reasoning for attending and correspondence was always marked ‘Strictly Confidential’ given the sensitive nature of the Clinic’s work.

In September 2019 Mr L was checking his e-mails and noted an e-mail received from the Clinic; this was fairly unusual and so Mr L’s attention was immediately drawn to it. Upon opening the e-mail, Mr L noted that a large number of recipients were carbon copied into the e-mail including himself and were fully visible to one another. The e-mail clearly identified that those copied into it were patients of the Clinic.

Mr L had kept his transition a private matter with only a select few close family and friends knowing about it and so was distraught at the disclosure of his identity in this manner. A simple Google search of the private e-mail address quickly revealed Mr L’s LinkedIn and Facebook profiles and so he became extremely concerned about details of his transition spreading without his knowledge or control. Mr L told us that he found himself becoming increasingly anxious as time went on, often Googling his name and e-mail address to see if anything had been posted about him. Moreover, Mr L told us his trust and confidence in the Clinic as a place where he could express himself freely regarding his transition had been lost.

Following our initial investigations with Mr L, Angelus Law commenced a claim against the NHS Trust for breach of confidence and for its unlawful use and unauthorised disclosure of Mr L’s personal data. After negotiations with the Trust, we were able to negotiate a settlement of £2,000.00 to compensate Mr L for his loss of control over the personal data, and for the distress, embarrassment and suffering he endured as a result of the Clinic’s actions.