A court verdict over a ‘trivial’ data breach should offer comfort to businesses when taking action on minor breaches of data protection rules.
Since the introduction of the General Data Protection Legislation (GDPR) in 2018, people are increasingly aware of their rights with regard to personal data, and there has as such ben an increase in individuals taking legal action against organisations for minor breaches. However, a recent court verdict has ruled in favour of an organisation which promptly sought to rectify the data breach by deleting any offending information.
A law firm, Veale Wasbrough Vizards, mistakenly sent a demand for payment to an incorrect email address, missing the intended recipient’s middle initial. While recipient of the email raised the breach with the law firm, and confirmed her deletion of it at the firm’s request, the Rolfe family brought a claim against the firm, claiming damages under GDPR for the breach.
When brought to the High Court, Master Victoria McCloud ruled in favour of Veal Wasbrough Vizards, finding there was no credible case for distress or damage, given that no bank details or medical data was shared and the breach was ‘quickly remedied’ by the firm.
Christian Mancier (pictured), a partner in the Corporate/Commercial team at Gorvins commented,
“The judgement in Rolfe & others v Veale Wasbrough Vizards is one of the few GDPR/Data protection cases to reach a higher court. The verdict handed down by Master McCloud is a common-sense verdict that will be welcomed by organisations up and down the country. Organisations that have taken appropriate steps to contain trivial data breaches will now be reassured that these minor breaches will result in adverse legal outcomes for their business”.
Expert Opinion: Securing your business through an Employee Ownership Trust 
Gorvins to sponsor North West Family Business Conference 
Expert Opinion: The dangers of using AI for HR advice