In a recent consumer credit case the Court of Appeal (CA) has awarded an individual £750 in damages under the Data Protection Act 1998 (DPA) for “distress” caused by a breach of the DPA.
Mr Halliday had purchased a television set through a credit arrangement with CCF Ltd. CCF then wrongly disseminated information about Mr Halliday to a third party, which included providing incorrect data concerning Mr Halliday to a credit referencing agency. Mr Halliday discovered this and brought a claim against CCF Ltd under the DPA alleging breaches of the DPA and claiming compensation for damage to his reputation and for distress.
The relevant provisions of the DPA state that an individual who suffers distress due to breaches of the DPA can claim compensation for the distress caused so long as they also suffered damage as a result.
The court found the breach to be limited in its nature, that it did not lead to a loss of credit or reputation, and was a single error by CCF Ltd. However it also found that as a result Mr Halliday had suffered distress.
The case went all the way to the CA which held that Mr Halliday had suffered distress as a result of the breach and awarded him damages in the form of compensation of £750. Lady Justice Arden noted that, as a matter of general principle, it was not the intention of the legislation that substantial awards for damages should be made. Therefore in such claims the level of damages is not likely to be substantial unless the Claimant can show that the breach caused them significant loss.
Although this was not an employment law case its ruling has an impact on employers who often handle personal data. Employers therefore need to be careful that they have processes in place to ensure that when handling personal data they do not breach the DPA as such a breach could result in a claim by an employee.
For further information, please contact the Employment team