, ,

Is the law is evolving when it comes to data protection?

hayes connor

Last year, our managing director Kingsley Hayes revealed the key data privacy trends that our firm has seen since the General Data Protection Regulation (GDPR) came into force. You can read more about these trends here.

One of these insights is that the law is still evolving when it comes to data protection.

What are we seeing?

Data privacy is still a relatively new area of law. So alterations are to be expected. But, over the past two decades, privacy and data protection laws have changed significantly. Not least because of advancements in technology which have transformed the way we all use personal data.

Certainly, the GDPR altered the legal landscape forever. The most significant change to data privacy regulations in over two decades, its purpose is to strengthen and unify data protection for all. But the GDPR was only the start of the data privacy evolution. And recently we have seen even more amendments.

Data privacy and data protection are more closely connected

Data privacy and data protection are very closely interconnected, but they are not the same thing.

  • The Data Protection Act (the UK’s interpretation of the GDPR) provides rules for how an organisation can collect, use and disclose personal information
  • Privacy laws in the UK create a balance between an organisation’s need to collect personal information and an individual’s right to maintain their personal privacy.

Today there is more emphasis on the relationship between privacy rights and data protection from a legal perspective. And this is good news for individuals as it means we can start a claim based on more than one ground (i.e. for the misuse of private information and for breach of data protection obligations).

It is possible to bring a compensation claim for distress?

Until recently, a person who suffered damage (e.g. a financial loss) might have had their compensation increased to take into account any associated distress, but in most cases, payment would not have been awarded for suffering alone.

However, in December 2017, the landmark High Court ruling in the Morrisons supermarket data breach case paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss.

Organisations can be held accountable for breaches caused by employees

The Morrison’s data breach case had another far-reaching implication. In this case, a disgruntled employee published the payroll data of almost 100,000 staff online.

Despite acknowledging that Morrisons had taken all the appropriate steps to prevent a breach, the High Court found that the company was primarily liable for its own acts and omissions (such as not ensuring the proper security measures to protect the data).

Crucially, the judge also ruled that Morrisons was “vicariously liable” for the employee’s actions. In a workplace context, an employer can be vicarious liability for the actions of its employees, as long as it can be shown that they took place in the course of their employment.

This means that it is now possible to hold organisations to account for data breaches caused by employees.

Furthermore, the Ticketmaster data breach case is also addressing the issue of whether it is possible to hold a company responsible for violations by third-parties.

Indeed, over the last few months we’ve talked to hundreds of people who have been affected by this shocking privacy breach, and our Ticketmaster compensation claim on behalf of 650 claimants is now ready to proceed. So, if you want to be included in our NO WIN, NO FEE claim, it’s vital that you act now.

No two cases are the same

Crucially the law now realises how important it is that cases are assessed in detail and on their unique merits. As such, the courts looking at a wider-range of factors when deciding on appropriate compensation (e.g. the consequences of the misuse of data, what information was breached, etc.).

Leading by example

At Hayes Connor, we want to reduce the number of data breaches taking place across the UK. To do this, we are helping to raise awareness of this issue and educating people and businesses to prevent data privacy violations from happening.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0330 995 0070 to discuss your case in more depth.