I have recently acted for a number of adoptive parents who, whilst in the process of adopting children, have been victims of data protection breaches by either the local authority or the courts.
In all of these cases, sensitive personal information about the adoptive parents was sent to the birth parents in error resulting in the safety of the adoptive family being put at risk because the birth parents were opposed to the adoption.
Unfortunately, the consequences in many of these cases have been that the adoptive family has had to urgently flee their existing home and relocate to another area of the country in order to safeguard themselves and their newly adopted children.
Having to move home quickly and unexpectedly can clearly be an incredibly stressful experience particularly when your family’s safety could also be a risk. This can be ever more frustrating knowing that such a drastic change is necessary because of a simple but careless error made by an organisation entrusted with your personal data.
If this has happened to you, it will usually be possible to claim damages against the organisation that is responsible for unlawfully passing your personal information to a third party. This is because the Data Protection Act 1998 imposes obligations on organisations that control a person’s personal data to ensure that the information is held securely and processed only in accordance with the law. The Data Protection Act 1998 allows a person to claim compensation when a data breach has caused them loss and distress.
Damages for a successful breach of data protection claim, in adoption and other similar cases, can be considerable given that the party responsible for the data protection breach will probably be required to pay out for all of the financial losses necessarily sustained by the injured party in restoring them to the position they enjoyed prior to the breach occurring. Clearly, these costs could be substantial if it is necessary for the injured party to move home and relocate to a new area. Further, the injured party is entitled to claim damages for the distress caused. These amounts can be significant where a family has been up-rooted from their home and forced to relocate knowing that their safety may be in jeopardy.
In addition to having to potentially pay significant damages to the injured party, the party responsible for the breach may also face a substantial fine from the regulator responsible for ensuring compliance with data protection laws – the Information Commissioner’s Office (“ICO”) – should the injured party choose to complain.
For example, a local authority that unlawfully discloses sensitive personal information about the adoptive parent to a third party in adoption proceedings, could face a damages claim and associated legal costs totalling several hundred thousands of pounds together with a separate fine from the ICO of anything up to £0.5 million.
It is, therefore, crucial public bodies and private companies take great care in ensuring that an individual’s sensitive personal data is safeguarded and only processed lawfully and securely.
If you have been the victim of a data protection breach, Stephensons Solicitors LLP have a specialist team who can assist you to claim compensation. Alternatively, if you represent an organisation that is responsible for controlling personal data and would like advice on how to ensure that such data is handled lawfully, securely and in accordance with data protection law, contact us now so that we can help.