Failing to anonymise – the cost

A woman has received £75,000 in an out-of-court settlement after details of domestic abuse she had suffered were revealed by Greater Manchester Police (GMP) without her permission.

In 2014, the woman agreed with the GMP that it could use her experience in a training session for police officers and support agencies. She hoped this would help improve the support given to victims of domestic violence in the future but gave her consent on the understanding that the materials would be anonymised.

However, she later discovered that her identity and medical history had been disclosed in full and to a wider audience.  Also, those attending the session heard a recording of a 999 call she had made after she had been assaulted.

The woman alleged that she had suffered psychiatric harm and brought a claim for misuse of private information, breach of confidential information and non-compliance with the Data Protection Act 1998.

GMP admitted breaching her privacy but refused to admit that she was entitled to any damages (arguing that she had suffered no loss).  However, just days before the hearing, it settled out-of-court for £75,000.

This is believed to be one of the largest payments by a British force in a privacy case and serves as a reminder that employers should ensure that they have adequate training in place on data protection obligations .  Mistakes in this area can prove to be costly.  Earlier this year, Chelsea and Westminster Hospital NHS Foundation Trust was fined £180,000 after it revealed the email addresses of 781 users of an HIV service.

For useful data protection factsheets, checklists and templates, please visit employmentbuddy.com

For further advice on how to protect your business against data protection and privacy claims, please contact our employment lawyers on employment@clarkslegal.com