We previously recovered £10,000 in damages for a client whom we represented in a case where there had been an incident of inappropriately accessing medical data that belonged to them.
This was a serious and flagrant breach of GDPR that had a significant impact on our client, which is why we agreed to pursue the case for them on a No Win, No Fee basis. We are pleased that we were able to succeed with the claim and recover substantial damages on behalf of our client.
£10,000 settlement achieved for significant medical data breach
We previously recovered £10,000 in damages for a client we represented in a matter where there had been an incident of inappropriately accessing medical data that belonged to our client.
In this particular matter, the perpetrator responsible for inappropriately accessing medical information about our client subsequently attempted to use the data against our client. This was a clear breach of the GDPR and we knew right from the start that our client would be entitled to pursue compensation. That is why we were able to represent them on a No Win, No Fee basis.
We are pleased that we were able to recover £10,000 in settlement of the case to reflect the distress that our client had suffered from that arose from the loss of control of their personal information.
Issues over inappropriately accessing medical records
Unfortunately, incidents involving inappropriately accessing medical records, data and information have been going on for quite some time. We have represented many people in cases of this nature in which employees have accessed healthcare data, usually for people that they know. These are often referred to as “snooping incidents” and commonly involve employees looking at the healthcare information of partners, former partners, friends, family, or even neighbours.
Access to healthcare information is important for patients to be cared for and looked after. However, no employee has the right to abuse their right of access to snoop on medical information or process such data without any good reason or authority to do so. Unless that medical information is required for a very specific purpose and is required for an employee to do their job, there is absolutely no reason at all as to why they should simply just be looking at the data out of curiosity.
ICO prosecutions and privacy compensation claims
The UK’s data watchdog – the Information Commissioner’s Office (ICO) – has had to issue several prosecutions in recent years against employees who have inappropriately accessed data. In fact, not so long ago, the ICO issued a general warning on its website in respect of employees making sure that they do not abuse their right of access, owing to the number of cases that it had been involved in.
The punishments can be quite severe. Employees caught inappropriately accessing data that they had no authority or reason to access can not only lose their jobs, but they could also be prosecuted. Prosecutions can lead to criminal convictions, fines and court costs being levied against perpetrators.
Separately, anyone who has been affected as the victim of such an incident could be entitled to pursue compensation for any distress caused by the loss of control of their personal information. ICO prosecutions are separate matters from privacy compensation cases in which victims will need to engage solicitors on a private basis.