In a world where everything is available at the tap of a screen or button, data is now deemed more valuable than gold. As we enter the automation age, the information age has been and gone and that information fuels big and small businesses just like the steam engine catapulted the industrial age.
You can order medicine, food, clothes, homeware and more with a tap of a button. Technology has reached the point where a lot of us barely use our cards or even have to remember our passwords as we store it all within our phones, laptops and other devices. AI makes decisions for us and schedules our meetings and tells us the status of our well being based on data they gather from our devices.
We trust businesses to hold, manage and process our data (some so sensitive that we would not disclose to some of our closest relatives) all on the cloud in accordance with their privacy policies and terms of use. But how secure are they and how many manage and process our data in accordance with their own privacy policy and terms of use and of course the laws of our land?
Companies have a duty to store our data safely and process it only for the permitted use agreed by us and allowed by law; whether that be our name, email address, credit card details or other sensitive data such as medical history. Over the past few years, numerous organisations have had data breaches affecting thousands of people. These organisations include some household brands such as Virgin Media, Nintendo, British Airways, and Greater Manchester Police. Okay, the last one is not a household name, but the Police have suffered a data breach!.
These organisations are well known, and big organisations and it leads to the question, if big organisations like these do not hold our data securely, how do other small companies handle our data?
There have been reports of employers, charities, GP surgeries and other relatively smaller organisations failing to secure data. This has in some cases resulted in personal information such as medical history, bank details etc. being disclosed to the incorrect person. Some people have even had fraudulent transactions made on their accounts which has resulted in a financial loss.
Organisations are not the only ones capable of Data Breaches. The recent case of Reid v Price [2020] [https://www.bailii.org/ew/cases/EWHC/QB/2020/594.html] shows that a partner is capable of breaching data laws and regulations. In this matter the well known mixed martial arts fighter Mr Alexander Aristides Reid brought a claim for breach of confidence, misuse of private information, breach of contract and compensation under Data Protection Act 1998 against Ms Katie Price for disseminating video recordings and photographs of Mr Reid’s private sexual practices. Mr Reid was awarded £25,000 for the distress and hurt caused.
As time goes on it seems that Data Breach claims will be brought in relation to any instances in which personal information is disclosed without a person’s consent. As initially a lot of the case law was in relation to organisations, claims are now being brought against individuals. This again evidences that data is worth more than gold and requires protection regardless of whether it is a company or an individual. When that data is no protected as required, then the aggrieved individuals do have a right to be compensated.
