Feeds

Consumers warned on data loss compensation packs

'Little chance for success'

High performance access to file storage

Victims of Government data loss are being encouraged to buy packs claiming to help them claim compensation. Thousands have paid out, but privacy lawyers have warned that success is very unlikely.

One arbitration company is selling £5.99 packs that it claims will help some of the 25 million victims of the HM Revenue and Customs data loss last year make a compensation claim.

But privacy specialists at Pinsent Masons, the law firm behind OUT-LAW.COM, have warned that there is a heavy burden of proof on compensation claimants under the Data Protection Act (DPA), and that any information people might need is already available for free.

"Compensation cannot be awarded by a Court just because an individual is very upset or angry about the loss of personal data, or because they think they may have been damaged by the loss," said Dr Chris Pounder, a privacy specialist at Pinsent Masons.

"The DPA requires individuals to prove the link between the damage that was caused by the loss of personal data to the particular incident where the loss occurred. If this link is proved, then compensation for the actual damage can be awarded. However, this damage has to be measurable and quantifiable and damage cannot be "created" in support of a claim."

Claimants must be able to meet the burden of proof said Rosemary Jay, one of the Pinsent Masons specialist privacy lawyers.

"Even where there has been a loss of personal data such as name, address and bank account details, and the victim subsequently finds that there has been a misuse of personal data, it may be difficult to show a causational link because such data can be obtained elsewhere, maybe from the Electoral Roll or a cheque book," she said. "There needs to be some evidence that links the identity theft to a data loss incident."

Pounder said he found "alarming" reports that "tens of thousands of individuals are paying for advice on the matter of compensation, in circumstances when taking the law into consideration, there is very little prospect of success".

Alternative Dispute Resolution Services is a Newcastle-based company which is currently selling £5.99 packs that claim to help would-be claimants.

"The Inland Revenue have now written to each family effected apologising for the incident and admitting responsibility for the loss of the personal data," said the website set up to sell the packs.

"However the letter has omitted to mention that the loss of this personal information constitutes a breach of the Data Protection Act 1998 and under the provisions of that legislation those affected by the loss of their personal data are entitled to claim compensation from those responsible for the mishandling of the data.

"Payment of compensation is not automatic and those claiming redress do so on the basis that they have suffered damage and also possibly distress."

Company director Philip Knight told the Daily Mail newspaper that 14,000 people had registered with it in relation to the pack. The company did not respond to requests for comment.

The Information Commissioner's Office freely publishes information on how someone can seek compensation for any damage suffered from a breach of the DPA.

"You can normally only claim for any distress you have suffered if you have also suffered damage," says its guidance (pdf). "However, if the organisation broke the Act when they used your information for journalism, artistic or literary purposes, you can claim for distress alone.

"Even when you can show the court the exact sum of money you have lost as a result of the breach of the Act, it is still up to the judge to make the award and he may reduce your claim or award nothing at all."

Guidance is also available at OUT-LAW.COM on the DPA and the rights people have under it.

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Combat fraud and increase customer satisfaction

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.