Direct, data and digital marketers could face a tsunami of compensation claims from disguntled customers in the event of a data breach even if consumers occur no financial loss, following a reinterpretation of UK data laws.
The warning follows last month’s Google Inc. v Vidal-Hall court case, in which the Court of Appeal clarified the rules under the Data Protection Act, in a move which is likely to send shockwaves through the industry.
The ruling turns the previous interpretion – which said compensation was only payable if there had been a financial loss – on its head.
The rather mundane sounding “Clause 13 of the Act” will now be interpreted so customers will not have prove they have been hit in the wallet to bring a legal case against a company.
Even those firms which follow good data protection policies will need to ramp up their practices where a financial risk might be exposed by a data breach, such as bank or credit card details, as “appropriate measures” will be tougher in the financial sector.
Experts reckon the decision could open up the floodgates for claims for compensation under Clause 13, and a potential rise in class actions, enabling individuals to join forces to get compensation from the same data breach.
John Warchus, a partner at law firm Moore Blatch, said: “Anyone in control of customer or client data, will now have an even stronger incentive to comply with data protection rules. The decision by the Court of Appeal is also consistent with the likely future trend of data protection legislation – the draft EU Data Protection Regulation will mean that someone can seek damages regardless of a financial loss. Companies should urgently review their data protection procedures and strengthen where necessary as more compensation claims are likely and the amount of damages awarded is also likely to increase.”
Industry faces breach pay-out hell http://t.co/cNbKfzpxbj #directmarketing #digitalmarketing #datamarketing #databreach #dataprotection