In October 2018, HNK Solicitors were approached by a client ‘K’ who had been the victim of a breach of data protection after Midlands Partnership NHS Foundation Trust (the Defendant) had released personal medical information to the Chief Constable of Staffordshire Police (CCSP), without K’s permission. HNK Solicitors are specialists in pursuing data breach protection claims and have years of experience holding public bodies to account for the misuse of individuals private information.
On 18th March 2016, an email request was made on behalf of the Chief Constable of Staffordshire Police (“CCSP”) to Midlands Partnership NHS Foundation Trust (“the Defendant”) for information relating to K’s mental health.
On 23rd March 2016, the Defendant’s employees complied with the request and disclosed K’s personal data to CCSP without his consent. The information disclosed was his sensitive and personal medical data.
Making the data protection breach claim
After hearing the background of the case, HNK Solicitors were happy to accept instructions on a no-win, no-fee agreement. We had concerns that the Defendant’s employees breached the Data Protection Act 1998 (“DPA 1998”) by providing his personal data to CCSP. HNK claimed that the Defendant processed the data in a manner incompatible with the intended purpose and disclosed his personal data to CCPS without his written consent.
On 3rd January 2019, the Defendant admitted to a breach of duty and made an offer in the sum of £1,000. This was not accepted by the Claimant and a counteroffer was made on his behalf.
Given the Defendant was reluctant to make/accept a satisfactory offer to the Claimant, HNK issued Court proceedings on his behalf.
The outcome of the claim
Before the matter proceeded to trial and following detailed submissions by HNK on why the Defendant had breached K’s data protection and the adverse effects this had on the Claimant, the Defendant made a much-improved offer of £20,500 for damages and legal costs. We believed this was a much more reasonable sum for the breach of data protection, and following our advice, K accepted the offer.
Data protection law
The Data Protection Act 1998 (now replaced by the General Data Protection Regulation and the Data Protection Act 2018) sets out provisions and requirements on processing the personal data of individuals.
Those that control your personal data must:
- Process the data fairly and lawfully;
- Have appropriate technical and organisational measures to protect the data they collect to prevent unlawful processing;
- Use the data for specified and explicit purposes that is relevant and limited to only what is necessary
- Ensure that the information is accurate and kept up to date (where necessary)
- Obtain consent for its collection and disclosure where required
An individual’s personal data should always be used for a specified purpose and limited to what it is collated for. Before the disclosure of the data is given to third parties, the individual’s consent must be obtained.
HNK Solicitors can help with your data protection breach claim
If your data has been misused or disclosed without your consent, and you have suffered financial loss or distress as a result, then it may be possible for you to claim compensation. You have up to six years to make a data protection claim, but the sooner you take action the better. To find out more about pursuing a claim for a data protection breach, visit our Data Protection Claims page. Alternatively, call us on 0151 203 1104 or email us at firstname.lastname@example.org.