This has been a very high-profile event but the signs are that it arose for no other reason than that a Government employee made a simple but avoidable mistake. As we enter a new decade it is a stark reminder of the great care that must be taken by any organisation, however large or small, when handling personal data. A simple error may prove extremely costly.

One of the key features of the General Data Protection Regulation (GDPR) is the level of fine that may be levied against an organisation for failing to protect the personal data it controls. The current maximum fine is set at 4% of global annual turnover or €20m, whichever is the higher.
Both British Airways and the Marriot Hotel chain are already under notice from the Information Commissioner’s Office (ICO) that they face penalties of £183m and £98m respectively for infringements which leaked details of their customers. Now we have the Government in trouble for inadvertently publishing not only the names of those receiving honours in the New Year’s Honours List but also their addresses.
Having regard to the serious nature of this breach and the number of people affected, it seems inconceivable that a very red-faced Government Department will not now face an extremely high fine. Assuming that in due course such a fine is levied, it might be thought that the money will be going around in a circle, i.e. straight into the coffers of an organisation set up by (although independent of) the state. However, there is also the risk of a large number of claims against the Government by those individuals affected by the breach, many of whom may have genuine fears for their safety or that their privacy is put at greater risk than before.
This has been a very high-profile event but the signs are that it arose for no other reason than that a Government employee made a simple but avoidable mistake. As we enter a new decade it is a stark reminder of the great care that must be taken by any organisation, however large or small, when handling personal data. A simple error may prove extremely costly.
The Brexit Withdrawal Bill expressly preserves the GDPR in UK domestic law during the transition period and its provisions are likely to be maintained in future legislation. This is not a problem area for businesses that is going to go-away.
You may also like

Hot off the press from the CJC’s “sweatbox”
140 people converged on a poorly air-conditioned room (affectionately referred to as a “sweatbox” by one leading High Court Judge),...

CJC publishes consultation on key aspects of the Jackson reforms
Hot on the heels of the recent consultation on QOCS and vulnerable parties the CJC has published its own consultation...

Landlords be aware – 10% uplift in damages can apply to breach of repairing covenant
The Court of Appeal has held that the 10% uplift in the Legal Aid, Sentencing and Punishment of Offenders Act...

Changes to mobile phone rules in The Highway Code
As of 25th March 2022 any UK motorist will break the law if using a mobile phone, or other handheld...