Data protection - why more powers are needed to protect privacy
This month's amendments to the Data Protection Act have attempted to address important deficiencies in legislation; they give the Information Commissioner the power to carry out compulsory inspections of government departments and the power to fine data controllers. While these developments are welcome, they fall short of what is required to achieve a properly functioning legal regime.
April 22, 2010 at 07:42 AM
6 minute read
This month's amendments to the Data Protection Act have attempted to address important deficiencies in legislation; they give the Information Commissioner the power to carry out compulsory inspections of government departments and the power to fine data controllers. While these developments are welcome, they fall short of what is required to achieve a properly functioning legal regime.
The Act is designed to protect both citizens' privacy and their personal data, but to do this it must offer them a clear route for seeking redress of grievances through the courts. But even following April's amendments, the Act fails to offer sufficient opportunity for citizens to claim financial compensation following a data privacy breach. As it stands, they can only do so if they can prove direct financial loss. There is no self-standing route to make a compensation claim for distress in most cases. This has many negative implications for legal compliance. Firstly – it is very difficult for individuals to prove financial loss in the majority of circumstances because, often because they have no idea where their information has been accessed, how many times, by whom and how. Secondly, if the public does not have a sufficient remedy for the stress caused by data breaches, they cannot hold data controllers to account in the vast majority of situations. Effectively, the law is allowing for the minority of claim situations, and not the majority. This serves no one's purpose. It is bad for individuals because it reduces their ability to seek redress. It is bad for the Government because once the true nature of the problems are finally revealed it will require further administrative time and taxpayers' money to remedy them. And it is bad for UK plc because it does not offer a strong financial sanction to encourage data controllers to work harder at avoiding breaches. This, in turn, will mean a failure to reduce the numbers of privacy failings.
So under the current legislation citizens have no choice but to rely on the regulator. This is where the problem intensifies. The Information Commissioner's Office (ICO) simply does not have the clout to solve the overarching problems. The amendments to the Act now offer the ICO a new financial penalty regime – it can impose a fine of up to £500,000 if a data breach has caused either substantial damage or substantial distress. But this is not sufficient for two reasons. Primarily, it isn't enough money. Too many large data controllers would consider such a fine an acceptable cost of doing business; half a million pounds just does not qualify as a suitable deterrent. Secondly, once this fine is levied, and it hasn't deterred the data controller, what happens next? There is nothing more severe in the ICO's armoury. Unfortunately, when we find out that a limited fine will not have enough impact, the Government will once again need to go back to the legislation, which means more time in committees, more cost to the taxpayer, and a longer wait for a resolution.
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Trending Stories
- 1'I'm Staying Everything': Texas Bankruptcy Judge Halts Talc Trials Against J&J
- 2What We Know About the Kentucky Judge Killed in His Chambers
- 3Judge Blasts Authors' Lawyers in Key AI Suit, Says Case Doomed Without Upgraded Team
- 4Ex-Prosecutor and Judge Fatally Shot During Attempted Arrest on Federal Corruption Charges
- 5Federal Judge Won't Stop Title IX Investigation Into Former GMU Law Professor
Who Got The Work
Burr & Forman partner Garry K. Grooms has entered an appearance for 4M Acquisitions and Wallace D. Tweden in a pending environmental lawsuit. The action, filed July 22 in Tennessee Middle District Court by the McKellar Law Group and Mark E. Martin LLC on behalf of Tennessee Riverkeeper, contends that the defendant's violated the Clean Water Act and Tennessee Water Quality Control Act by allowing for the discharge of pollutants into waters of the U.S. without obtaining a National Pollutant Discharge permit. The case, assigned to U.S. District Judge Aleta A. Trauger, is 3:24-cv-00886, Tennessee Riverkeeper, Inc. v. Tweden et al.
Who Got The Work
Ramsey M. Al-Salam, Gene W. Lee and Stevan R. Stark of Perkins Coie have entered appearances for R-Pac International in a pending patent infringement lawsuit. The case, filed Aug. 12 in New York Southern District Court by PinilisHalpern LLP and Friedman Suder & Cooke on behalf of Adasa Inc, asserts a single patent related to wireless sensors used for tagging products. The case, assigned to U.S. District Judge Alvin K. Hellerstein, is 1:24-cv-06102, Adasa Inc. v. R-Pac International LLC.
Who Got The Work
Walmart has tapped lawyer Nicole M. Wright of Zausmer PC to defend a pending product liability lawsuit. The action was filed Aug. 12 in Michigan Eastern District Court by Wolfe Trial Lawyers on behalf of a plaintiff claiming burns from a defective propane tank. The case, assigned to U.S. District Judge Matthew F. Leitman, is 2:24-cv-12100, Hill v. Ferrellgas, Inc. et al.
Who Got The Work
Kevin Simpson and James Randall of Winston & Strawn have stepped in to represent Comcast in a pending consumer class action. The case, filed Aug. 11 in Georgia Northern District Court by Kaufman PA, contends that the defendant placed pre-recorded debt collection phone calls to the plaintiff in violation of the Telephone Consumer Protection Act. The case, assigned to U.S. District Judge J.P. Boulee, is 1:24-cv-03553, Pond v. Comcast Cable Communications LLC.
Who Got The Work
Potter Anderson & Corroon partners Christopher N. Kelly and Kevin R. Shannon have stepped in to represent cloud computing company Fastly and its top executives in a pending shareholder derivative lawsuit. The complaint, filed Aug. 23 in Delaware District Court by deLeeuw Law and Bragar Eagel & Squire on behalf of Mark Sweitzer, accuses the defendant of failing to disclose that revenue growth in 2023 was primarily driven by a 'consolidation trend' in which companies simplified operations by reducing the number of content delivery network vendors under management, thereby reducing competition and increasing the defendant's market share. The case, assigned to U.S. District Judge Gregory B. Williams, is 1:24-cv-00969, Sweitzer v. Nightingale et al.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250