In January 2014, Andrew Skelton, an apparently disgruntled employee of Morrisons Supermarket posted a file containing the personal data (including salaries, bank details, and National Insurance numbers) of 99,998 Morrisons’ employees on a file-sharing website. It seems his intention was to cause mass-scale damage to the supermarket. In March 2014, a CD containing the data was sent to three UK newspapers, one of whom alerted Morrisons. Chief among the company’s concerns was the possibility of the data being used to aid theft or identity theft from the staff concerned. They acted quickly to get the file removed from the Internet within a few hours.
Miles Savory, the director of Accident Claims Handlers Ltd, has been convicted of breaching the Data Protection Act 1998 following a prosecution brought by the Information Commissioner’s Office (‘ICO’) for unlawfully obtaining the name and address of the owner of personalised number plates that he was seeking to purchase.
If one recent survey is to be believed, nearly a quarter of Britons use dating apps. A dating app is a smart phone application which typically allows the user to search or “swipe” through other singles – often presented like a never-ending deck of cards. If the user swipes right, this indicates that they ‘like’ the person. When the same person swipes right, this generates a “match” and each individual has the facility to instant message one another, thus enabling – in theory – a romance to blossom. The best known app of this type is Tinder, but it is a model that has been used or varied by several different platforms.
Much has been made of the imposition of the General Data Protection Regulation (“GDPR”), to be integrated into UK law via the Data Protection Bill (“DPB”), in anticipation of its coming into force on 25 May 2018. The rationale behind the GDPR is to provide a legal framework that acknowledges the sensitivity of personal data (such as names, NI numbers, IP addresses and personally identifying information) and its misuse in the digital era. One feature of the GDPR is a far greater focus on fines.
Snapchat is a multimedia messaging mobile application (app) that allows users to send videos and photos to their contacts. The recipient can normally only view an image/video for a limited period of time (perhaps just a few seconds). This encourages some users to send risqué (sometimes explicit) images/videos to one another. This feature is far from foolproof. A receiving party may take a screenshot of the image or a photo and/or video of the screen with a separate digital camera/phone.
The University of East Anglia (UEA) has admitted accidentally sending an email containing students’ highly sensitive personal information to 298 American Studies undergraduates. The email in question attached a spreadsheet which contained “extenuating circumstances” justifying extensions for work and other academic concessions. These are understood to include details of illnesses, bereavements and other personal matters.
Following a high-profile, televised police raid on his Berkshire home in 2014, Sir Cliff Richard issued claims against the BBC and South Yorkshire Police for the misuse of his private information, infringement of his Article 8 ECHR right to a private life, and breach of the Data Protection Act 1998. In a recent hearing before Mr Justice Mann, Sir Cliff’s legal team stated that they had reached a settlement agreement with South Yorkshire Police and had agreed to stay proceedings against the BBC for one month in an attempt to reach a settlement.
An Edinburgh couple have been awarded £8,634 each by a Scottish court as a result of round-the-clock extremely intrusive CCTV surveillance that had been carried out by a neighbour over a number of years.
In the case of TLT and others v Secretary of State for the Home Department, the Home Secretary was ordered to pay a total of £39,500 to six asylum seekers whose confidential information was accidentally published on the Home Office website. The information remained on the website for two weeks before being taken down. Mr Justice Mitting gave judgment on 24 June 2016 after a trial which lasted for 3 days.