Man gets £12,500 after girlfriend probes his medical data
Nurse ex-partner's data breach cost him a job
This is a rare event indeed: a data subject has taken successful action for compensation under section 13 of the Data Protection Act. Normally what happens if a data controller has caused damage is that there is an out-of-court settlement with a gagging (sorry "confidentiality") clause so no-one is the wiser.
The claimant brought an action following an unauthorised disclosure of his personal medical data from the Plymouth Hospital NHS Trust, in or about December 2007. The partner of the data subject had unlawfully accessed his medical records in the course of her employment as a nurse and thereby committed a breach of the Act. This and the handling of his resultant complaint caused a four-and-a-half year exacerbation of a pre-existing paranoid personality disorder and prevented him also from accepting an offer of employment.
Honour Judge Cotter QC, sitting at Plymouth County Court, assessed damages for personal injury under section 13 of the Data Protection Act 1998. He awarded £12,500 for exacerbation of the claimant’s pre-existing condition and £4,800 for loss of earnings on the premise that he had been offered six months' work. However, this was awarded in light of the medical evidence – viz, that he would have been unable, probably, to sustain employment for any length of time and would have been likely to have held a job down for only eight weeks.
A claim for aggravated damages failed. ®
This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.
It just goes to prove...
...Just because you have a pre-existing paranoid personality disorder, doesn't mean that someone isn't out to get you !
So, nothing for the illegal access?
The article explains that the sums awarded were for the losses the victim sustained as a result of the access to his records - but no mention is made of any award as a consequence of the unauthorised access itself.
So if you or I had our medical records downloaded (by a partner, stalker, nosey bugger or just randomly), but we didn't suffer any losses as a result, this story doesn't sound like we'd be eligible for any remuneration.
It would be interesting to know if the person who accessed this information has been prosecuted and punished for their acts.
I expect the nurse has been disciplined (presumably meaning she lost her job). Medical confidentiality is taken pretty seriously.
Whoever is in charge of security is probably doing their job fine. You'd expect nurses to be able to access patient records, right?