Warwick Ashford reports:
The single most important change required in UK data protection regulation is to bring the law into line with European legislation, says Stewart Room, partner at law firm Field Fisher Waterhouse.
Section 13 of the UK Data Protection Act (DPA) is totally out of kilter with the EU directive on personal data, he told the annual privacy conference hosted in London by the UK Digital Systems Knowledge Transfer Network.
Article 23 of the EU directive calls for compensation for damage suffered by anyone as a consequence of a data breach – which includes any kind of damage, such as emotional distress or loss of reputation – but compensation under these circumstances is currently blocked by UK law, he said.
Section 13 of the DPA states that compensation for distress is payable only if there is damage, but damage is strictly defined as financial loss, as per the ruling in Johnson vs Medical Defence Union in 2007, said Room.
Read more on ComputerWeekly.com