In a recent case about 450 annual pension benefit statements containing the personal details of current and former police officers were erroneously sent to their out-of-date addresses in August 2019 by the defendant, the administrator of Sussex Police's pension scheme (D)
This resulted in a large number of court claims for compensation for breach of data protection law and misuse of private information. The High Court dismissed the vast majority of these claims as they had not produced any evidence showing that their statements had, in fact, been opened and read by someone other than the individuals themselves. The court only allowed 14 claims to proceed.
The court decided that for a valid claim for misuse of private information or data protection, a claimant must show that they had a real chance of proving the statement was opened and read by a third party. If they had received their statement unopened or it had been returned unopened to the sender, there was no claim, their privacy had not been compromised, and they could not proceed purely on the basis of being "in danger" or "at risk".
The claims asserted that data had been processed unlawfully when it was sent to the wrong address, and that this had caused the claimants to suffer non-material damage, however the court decided there had been no "real processing" unless the statement had been opened or read by a third party.
The judge said that the question of whether the 14 claimants could surmount a threshold of seriousness was a factual one that could only fairly be resolved at a further trial.
For FSB members this procedural step may come as a form of reassurance. Clearly one must do all one can to comply with your data protection obligations, and to keep personal data secure. However it is important to note that the courts will look, amongst other things, at whether any harm has actually been done, and even if it has, at how serious that harm is. There is further useful information on the topic of data protection in this guide.