DWF seminar considers potential for data breaches to become ‘the personal injury claim of the future’

Following the implementation of the Data Protection Act 2018, panellists DWF partner Eimear Collins, Paul Anthony McDermott SC and Professor Eoin O’Dell explored the question: “Will data become the new ‘claim’, not just for infringement of data rights, but in all kinds of civil disputes?”

The event considered the questions arising from this new cause of action, the damages claims that may arise from such an action, and how businesses can take steps to avoid the risks.

Ms Collins, litigation partner at DWF Dublin, said: “Under the new Data Protection Act 2018, the people identified or identifiable from the data that is processed are now empowered to seek compensation.

“This a real game changer. Before May, claims could not be brought about for non-material damage - injury to feelings was not considered something worthy of compensation. Post GDPR, the new legislation will now mean potential expansion of liability claims to both controllers and processors of data.”

She continued: “Businesses must now look at options to mitigate risk. This includes considering specialist cyber security insurance and making sure data breach management is factored into incident response plans and processes.”

Paul Anthony McDermott SC added: “In addition to the new statutory cause of action it is possible that a business could be sued for breaching someone’s constitutional right to privacy or for the tort of misuse of private information. A public body could also be judicially reviewed in respect of how it has handled data. Finally, there remains the possibility of a complaint being made to the Data Protection Commissioner.”