Beware new data protection breach rules
Accountants could now be hit with compensation claims if they breach data protection rules, even if no financial loss occurs, a law firm is warning.
John Warchus, partner at commerical and technology law firm Moore Blatch said the change in law was due to the Google Inc. v Vidal-Hall Court case in which the Court of Appeal recently clarified the rules under the Data Protection Act 1988.
Previously, the rules were interpreted as allowing compensation claims only if a data breach caused a financial loss. In addition, compensation was not available for most breaches even though individuals had suffered stress or embarrassment.
Following clarification by the Court, Clause 13 of the Data Protection Act will means that financial loss no longer needs to be shown for a compensation claim for emotional impact on the claimant, i.e. anxiety or distress.
The firm also warns that stricter practices and better security infrastructure needs to be in place for data where a financial risk might be exposed by a data breach. For example, where an accounting firm or business holds bank or credit card details, as “appropriate measures” will be tougher in the financial sector.
The decision is likely to have a number of potentially wide-ranging implications, including an increase in claims for compensation under Clause 13, and a likely rise in class actions, in which a large number of individuals have suffered emotional distress or invasion of privacy due to the same data breach.
Such claims could be very costly to accountants in terms of damages, legal fees and business disruption.
Warchus added that accountants will now have an even stronger incentive to comply with data protection rules.
"The Google decision by the Court of Appeal is also consistent with the likely future trend of data protection legislation – the draft EU Data Protection Regulation will mean that someone can seek damages regardless of a financial loss.
"Accountants should urgently review their data protection procedures and strengthen where necessary as more compensation claims are likely and the amount of damages awarded is also likely to increase.”
Wachus added that accountants need to get informed consent from clients that they’re holding and processing their data in a particular manner.
“There is now greater potential for class action than ever, as a potential breach could affect hundreds or in larger accountancy firms’ cases, thousands of clients and potentially the accountants could be subject to a class action.”