Feeds

Consumers warned on data loss compensation packs

'Little chance for success'

High performance access to file storage

Victims of Government data loss are being encouraged to buy packs claiming to help them claim compensation. Thousands have paid out, but privacy lawyers have warned that success is very unlikely.

One arbitration company is selling £5.99 packs that it claims will help some of the 25 million victims of the HM Revenue and Customs data loss last year make a compensation claim.

But privacy specialists at Pinsent Masons, the law firm behind OUT-LAW.COM, have warned that there is a heavy burden of proof on compensation claimants under the Data Protection Act (DPA), and that any information people might need is already available for free.

"Compensation cannot be awarded by a Court just because an individual is very upset or angry about the loss of personal data, or because they think they may have been damaged by the loss," said Dr Chris Pounder, a privacy specialist at Pinsent Masons.

"The DPA requires individuals to prove the link between the damage that was caused by the loss of personal data to the particular incident where the loss occurred. If this link is proved, then compensation for the actual damage can be awarded. However, this damage has to be measurable and quantifiable and damage cannot be "created" in support of a claim."

Claimants must be able to meet the burden of proof said Rosemary Jay, one of the Pinsent Masons specialist privacy lawyers.

"Even where there has been a loss of personal data such as name, address and bank account details, and the victim subsequently finds that there has been a misuse of personal data, it may be difficult to show a causational link because such data can be obtained elsewhere, maybe from the Electoral Roll or a cheque book," she said. "There needs to be some evidence that links the identity theft to a data loss incident."

Pounder said he found "alarming" reports that "tens of thousands of individuals are paying for advice on the matter of compensation, in circumstances when taking the law into consideration, there is very little prospect of success".

Alternative Dispute Resolution Services is a Newcastle-based company which is currently selling £5.99 packs that claim to help would-be claimants.

"The Inland Revenue have now written to each family effected apologising for the incident and admitting responsibility for the loss of the personal data," said the website set up to sell the packs.

"However the letter has omitted to mention that the loss of this personal information constitutes a breach of the Data Protection Act 1998 and under the provisions of that legislation those affected by the loss of their personal data are entitled to claim compensation from those responsible for the mishandling of the data.

"Payment of compensation is not automatic and those claiming redress do so on the basis that they have suffered damage and also possibly distress."

Company director Philip Knight told the Daily Mail newspaper that 14,000 people had registered with it in relation to the pack. The company did not respond to requests for comment.

The Information Commissioner's Office freely publishes information on how someone can seek compensation for any damage suffered from a breach of the DPA.

"You can normally only claim for any distress you have suffered if you have also suffered damage," says its guidance (pdf). "However, if the organisation broke the Act when they used your information for journalism, artistic or literary purposes, you can claim for distress alone.

"Even when you can show the court the exact sum of money you have lost as a result of the breach of the Act, it is still up to the judge to make the award and he may reduce your claim or award nothing at all."

Guidance is also available at OUT-LAW.COM on the DPA and the rights people have under it.

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.