By Andy Petherbridge, Associate of Chartered Institute of Legal Executives, Hudgell Solicitors
Handing over our personal details to third parties is now part and parcel of day-to-day life.
As individuals, we are increasingly asked to share our private and sensitive information with lots of different organisations, which we know will be entered into an extensive database and kept on record, possibly forever.
It’s commonplace in modern society, and although a large number of people object to the ever-increasing ‘big brother’ approach, most of us reluctantly agree to share our personal details in the belief and understanding that they will only be used by those we agree to give them to, and that the information will be strictly protected at all times.
Unfortunately, that is not always the case, and where personal or sensitive information gets into the wrong hands, there can be very serious and damaging consequences.
There has been a number of cases in recent times which have been highlighted in the national media, where personal details have been mistakenly exposed to others. At times the information has been accessed through computer systems being hacked, but on other occasions, simple human error has allowed personal information to be exposed.
Just the week, the NHS had to send a letter of apology to more than 3,000 patients after a computer memory stick containing their personal information was found by a member of the public.
East Sussex NHS Trust said the memory stick had been left by a member of staff near a trust building. All information contained on it had not been protected by a password.
The trust, of course, said it took the issue of data security “extremely seriously” and fully apologised for the error, saying it was an “isolated incident”. But that is too little, too late. The data has been exposed.
Patients affected have already spoken of their worry, as information such as credit card details are highly sought after by gangs of organised criminals, who are willing to pay large amounts of money to get their hands on such information.
It could also have put all those people with details on the memory stick at of people using their information to commit identity fraud.
Of course, data held by a health trust is sensitive because of its very personal nature, whilst other types are sensitive because of what might happen if it is misused, such as bank account details.
Other incidents could include personal correspondence being posted to a wrong address in error by an organisation, with the information contained inside compromising the individual’s privacy, or even their standing in the local community.
Imagine being wrongly accused of a crime, and a legal letter relating to that false allegation then being sent to a number of your neighbours.
Our experts at Hudgell Solicitors have already been contacted by some victims of this error by East Sussex Healthcare NHS Trust, as the victims have been seeking legal advice on their position and what action they can take.
Compensation can be claimed for breaches of the Data Protection Act for any distress suffered, or if a person has suffered damage as a result of the data breach.
Steps should always be taken to and reach an agreement with the organisation involved, before taking any matters to court, and that is where our team can help those who believe they may have a claim in advising and supporting through those negotiations.
There are no guidelines about levels of compensation for a claim under the Data Protection Act, but like any compensation claim, it will reflect the seriousness of the breach and the impact it has on the victim.
Should you feel you may have a case to claim compensation, our team is able to provide free initial advice and guidance.