Who can YOU turn to for GDPR/DPA breaches?
In a world in which society is becoming increasingly dependent upon digital media and technology, personal data is rapidly become a valuable resource for businesses, governments, law enforcement and intelligence services. In the past few years this increasing trend towards a digital economy has raised significant questions about individuals’ privacy and the importance of secure data storage and processing by organisations as criminals also seek to exploit peoples’ personal data for financial gain.
In the UK, the processing of personal data has in the recent past been governed by a statutory regime starting with the Data Protection Act 1998 and, more recently, the European Union’s General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018 (‘DPA’).
Unfortunately, despite the extensive laws in place to keep peoples’ data secure and confidential, many businesses and organisations continue to get things wrong and there have been a number of high-profile instances of companies’ weak IT security systems being compromised by criminals, leading to vast amounts of personal data being leaked and sold for profit. Moreover, very often through simple human error or a failure in a business or organisations processes, peoples’ information can be leaked into the public domain leading to significant stress and anxiety for those affected who face the uncertainty of not knowing who holds their data and who may be at risk from nuisance, financial crime and even identity theft.
Angelus Law is now dealing with a number of cases relating to breach of GDPR/DPA, breach of privacy and misuse of private information by public authorities and private companies which have led to great distress to those clients involved. Examples of this so far have included a range of circumstances such as:
- A GP surgery sending patient records to an incorrect address;
- An employer detailing an employee’s serious illness diagnosis on its TripAdvisor page;
- The DVLA sending a client’s new driver’s licence to the wrong address;
- An NHS clinic revealing the confidential identities of dozens of its patients to one another in an e-mailed competition invitation;
- A well-known UK retailer suffered a cyber-attack affecting up to 14 million people due to a continued failure to detect malicious software within its computer systems.
These types of cases very often involve the need for remedies beyond simple compensation; for example, seeking an injunction to stop an individual or organisation from continuing to share personal data without authority, or, seeking a declaration or guarantee to ensure that any past instances of data leaking or misuse are not repeated.
This is a new area of law and we are working closely from the outset on all of our cases with leading, specialist barristers in order to ensure our clients have the best advice as these cases progress and the law in this area develops.