Wednesday 5 October 2011
Compensation for distress? Or sometimes plain greed?
None of us are perfect. Every data controller makes mistakes. But most data protection professionals I know are quite prepared to put their hands up when things go wrong, and admit that an error has occurred.
What interests me is the attitude of the person who is the focus of the error. How many times do they tend to shrug their shoulders and accept that, in an electronic world, things occasionally go wrong, but life goes on regardless? And how many times do they adopt a "victim" mentality for which a significant compensation payment is the only acceptable solution? Even if the "offence" was to take a little time before recognising that they had objected to the receipt of a direct marketing message?
I guess we ell see a fair smattering of both ends of the spectrum. Indeed, that's what makes the job so interesting. How can one person value their privacy so greatly that only an offer of several hundred pounds will stop them from going to the county court to claim damages for having been sent an unwanted marketing message? Incidents like this light up my day.
I wish I could send them a copy of the presentation that Rosemary Jay made to members of the Data Protection Forum in September 2010. It was very revealing, as it set out the levels of compensation that the courts award victims for distress and inconvenience in other areas (spoilt holidays, awful wedding photos, and banking errors - those sorts of things). Without wishing to steal her thunder, the general message is that claimants don't often get much. If you want to hit the jackpot these days, you need to be seriously inconvenienced (I'll deliberately avoid using the phrase "hacked off") by the likes of the News International group.
Perhaps we should mount a annual awards ceremony, in order that those who make the most outrageous claims can be properly recognised. Whether they would turn up to receive their awards would be another matter. But we would all enjoy a good dinner, and the after dinner speaker (hopefully a top comedian) would have plenty of new material from which he could poke fun at those who were so deserving.
Perhaps there could also be categories for the most ridiculous reportable personal data breach, too. We could have a special "my dog ate my data stick" prize, where entrants could send pictures of their pets and the awards panel could vote on the cutest pooch. And we could have an award for the NHS Trust that has managed to lose the greatest numbers of patient records. And, perhaps, we could offer a complimentary invitation to the data controller that had received (and paid) the largest monetary penalty in the past year.
I'll ask those who will be attending the next Data Protection Supper Club for their ideas on other awards categories too. Will there be fierce discussion amongst the judging panel when they review the nominations for "the most useful Opinion from the Article 29 Working Party"? Will judges storm out in disgust when other members of the panel disagree with their assessment of the strangest undertaking offered by a data controller to the Information Commissioner?
No, I don't think so. I expect that they will all share a similar sense of humour.