Google v Gore-Vidal ‘Safari-Gate’: implications for corporate risk.


Google v Gore-Vidal ‘Safari-Gate’: implications for corporate risk.

Unfair processing of personal data has implications for corporate risk management.

Google has recently (2016) waived it’s right of appeal at the UK Supreme Court, and allowed the previous (2015) Court of Appeal ruling to stand unchallenged. It settled its dispute with Gore-Vidal and others, out of court.

So what for corporate risk?

The earlier Court of Appeal ruling firmly established that a data subject has, following a breach of the Data Protection Act 1998, the right to seek compensation from a data controller if he/she has suffered distress without pecuniary or material loss Section 13(2) of the UK Data Protection Act 1998 is to be dis-applied, at least until Brexit unwinds.

Predictions last year that the law suit floodgates would open, has not yet materialised, but the threat of significant compensation payments following data breaches remains an important corporate risk factor for data controllers and processors.

Combine mandatory data loss disclosure (General Data Protection Regulation), with the possibility of financial pay outs for distressed-only data subjects, and you have a corporate financial risk that should be driving investment in information security and data protection awareness and training.

It’s not difficult in this day-and-age to ‘misplace’ 100,000 records. Even a paltry compensation pay-out of £100 per data subject creates a £10 Million corporate risk that should grab someone’s attention!

We are teaching staff today to use the requirement for Privacy Impact Assessment to improve risk reporting and identification mechanisms in organisations. It's a no brainer.