An overview of current issues surrounding data protection

Data protection issues continue to gather increasing prominence with the introduction of forthcoming new legislation from Europe (which is still likely to affect the UK, despite Brexit) and several key decisions being made in the courts.

Pre-litigation subject access requests

Back in our winter 2015 we reported on the case of Dawson-Damer and others v Taylor Wessing and others in which a group of claimants were in a dispute with a trustee company based overseas. Each individual in the group had submitted individual subject access requests to the trustee’s firm of solicitors based here in the UK, asking for details of all personal data held by the solicitors relating to them.

The solicitors declined to comply on the basis of professional legal privilege, and so the group applied to the High Court for an order to require compliance. The High Court held that the requests were made with the improper motive of seeking documents related to the litigation, and therefore refused the order on the basis that the purpose of a subject access request is not as a pre-litigation disclosure tool.

However, the Court of Appeal has recently overturned this decision, ruling that the High Court was wrong to decline to enforce the request. This suggests that the courts will be increasingly tolerant of subject access requests being used as a tool to obtain disclosure of information pre-litigation. The Court of Appeal has stated in a separate case, though, that the search itself can be limited by what is proportionate to the facts and circumstances.

ICO prosecution for stealing client information

A key asset to any business is its confidential data, in particular its database of clients and potential clients. This information can often end up being the focus of confidentiality clauses and post-employment restrictions in contracts of employment, but is also governed by the Information Commissioner’s Office (ICO) in its regulatory role of enforcing the provisions of the Data Protection Act.

The ICO has recently successfully prosecuted a former recruitment agency employee, who emailed the personal data of approximately 100 existing and potential clients to her personal email address as she was leaving the company to start a new role at a rival recruitment company. She then used that personal data to contact individuals in her new job. She pleaded guilty to the offence and was fined £200, ordered to pay costs of £214 and a victim surcharge of £30.

Matthew leads our employment law department. A Chambers-rated partner, he is praised by clients for his “down-to-earth, practical and common-sense approach”. He handles the full range of contentious and non-contentious employment law issues for clients, with specialisms including complex staff restructurings and employment issues concerning business transfers.