Man & Mother’s Information Breached by North Wales Fire & Rescue Services

Background

Mr Matthew McConville, the Head of our specialised Data Breach Department at Irvings Law has successfully represented a client and his mother in a data breach compensation claim against North Wales Fire & Rescue Services. The identity of the Mr McConville’s client will be named as ‘Mr B’ and his mother referred as this where appropriate for the purposes of this blog and North Wales Fire & Rescue Services abbreviated for ease to ‘NWFARS’.

Mr B was a previous employee of NWFARS. Unfortunately, Mr B faced disciplinary action from NWFARS following allegations which gave rise to gross misconduct proceedings against him whereby he was suspended from his employment with them and a hearing scheduled to determine whether a finding of gross misconduct had been met.

On approach to this, Mr B submitted a Subject Access Request Form for his personnel file to assist with his Defence which was to be posted to him at his address where he has lived all of his life. A few days prior to the hearing, Mr B chased the progress of this said Subject Access Request and NWFARS’ Data Protection Officer conceded that the same had been posted but it transpired that it had done so to an incorrect address.

Mr B then went to the address where his significantly and sensitively detailed information was sent to and upon obtaining the same, it had been opened by the incorrect recipient. Whilst Mr B was going through his disciplinary, he complained to NWFARS whom accepted that a breach had taken place, which they apologised for and confirmed that internal processes had been changed to avoid reoccurrence.

Representation

Unhappy with this, Mr B approached Mr McConville for specialist advice and without hesitation no win, no fee terms were offered. Once instructed, Mr McConville lodged a formal Letter of Claim to NWFARS as clearly, they sent significantly and sensitively detailed information to a stranger to Mr B in error which was accepted, apologised for and changes made to prevent reoccurrence. Mr McConville alleged that NWFARS had breached / invaded Mr B’s privacy under the Human Rights Act, had breached the Data Protection Act 2018/the General Data Protection Regulation (GDPR) as well as confidence following their misuse of private information pertaining to Mr B. In addition to Mr B, Mr McConville realised that contained within the paperwork was information relating to Mr B’s mother and so another file was set up and claim submitted.

Resolution

In response to this, NWFARS admitted the claims brought by Mr B and his mother. After this, settlement discussions were had between Mr McConville and NWFARS which culminated in settlement being achieved for Mr B and his mother in a sum over £30,000.00 without Court proceedings being needed to be served.