Whilst regulatory action by the U.K. Information Commissioner’s Of?ce (‘‘ICO’’) is relatively commonplace and well reported following data breaches, particularly since the ICO was granted powers to issue on the spot ?nes for serious breaches by data controllers of up to £500,000 back in 2010, private actions for data breaches could be described as occurring ‘‘once in a blue moon’’.
Nevertheless, in what is a rare and groundbreaking case, the Court of Appeal recently awarded compensation to an individual for distress following a breach of Section 13(2) of the Data Protection Act 1998 (‘‘Data Protection Act’’).
Originally published in World Data Protection Report in November, 2013.
Please see full publication below for more information.