Discovery

Mr A was previously employed by a care home provider. Mr A left this employment in June 2019 and upon leaving the said employment, he requested that his personnel file was returned to him. The reason why Mr A did this was because his ex-employee no longer needed to hold his personal information which included incredibly sensitive medical information.

Due to the lack of response/provision of his personnel file, Mr A made a complaint to the care home provider. Unfortunately, the care home provider’s response confirmed they had been unable to locate Mr A’s personnel file and accepted this had been a breach of his personal data. Further, the said care home informed the ICO about the data breach incident themselves.

Representation

Due to the above failing by his ex-employer, particularly regarding the loss of this sensitive information, Mr A was caused with significant distress and concern. Mr A instructed data breach/GDPR specialists Irvings Law to assist him. Without hesitation, Mr McConville, who is the Head of this expert department, agreed that Mr A’s  privacy and personal data had been unlawfully handled and so offered ‘no win, no fee’ terms to them to enable a claim to be pursued.

Following this admission that was obtained by Mr A, Mr McConville then sent a Letter of Claim to the care home provider on behalf of Mr A which alleged that there had been a Loss of Control / Breach and/or Invasion of Privacy / Breach of Article 8 of the Human Rights Act 1998, a Breach of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, a Breach of Confidence / Breach of Article 8 of the Human Rights Act 1998 and a Misuse of Private Information.

Resolution

In response to this claim, the said care home provider instructed their insurance company to deal with Mr McConville on their behalf and they confirmed once more that the care home provider ‘had been unable to locate’ the above-mentioned information relating to Mr A. In light of the missing information, the insurance company also added that the care home provider had reviewed their Data Protection policies and procedures and updated the same to reduce the risk of a similar situation occurring again.

Due to this said admission, the care home provider instructed their insurance company to make an offer of settlement to Mr A in the sum of £2,500.00. Mr McConville did not think that this was enough so engaged in further discussions with the insurance company. After these, the care home provider increased their offer of settlement to £3,250.00 and this was subsequently accepted by Mr A.