Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Stolen Laptops

  • 11-10-2008 3:41pm
    #1
    Spike440
    Registered Users, Registered Users 2 Posts: 527 ✭✭✭


    This one has been annoying me since all these stories of companies and State bodies announced that so many laptops with personal information had been stolen. What cause of action would a person whose confidential information was on the laptops have when the information has not been used to their detriment?

    I think there must be something under the Data Protection Acts but I'm far from an expert on that particular topic. Any thoughts?


Comments

  • #2
    johnfás
    Registered Users, Registered Users 2 Posts: 1,342 ✭✭✭johnfás


    Data Protection Act makes provision for various fines and also criminal liability for the incorrect storage of data. I would imagine that you are correct and that it would be based on the Data Protection Act.

    There is a Data Protection Commissioner though and I would presume it is that office which takes most actions, on foot of a complaint, rather than an individual who feels that their rights have been infringed.

    It would certainly be difficult to ground a personal action where there has been no damage. Particularly when you are dealing with a State Authority and there are thousands of people in a like situation.


  • #3
    Tom Young
    Legal Moderators, Society & Culture Moderators Posts: 4,338 Mod ✭✭✭✭Tom Young


    Actually, there is a specific tort in the Data Protection Act 1998, Section 7.

    [GA] Duty of care owed by data controllers and data processors.
    7.—For the purposes of the law of torts and to the extent that that law does not so provide, a person, being a data controller or a data processor, shall, so far as regards the collection by him of personal data or information intended for inclusion in such data or his dealing with such data, owe a duty of care to the data subject concerned:
    [GA]
    Provided that, for the purposes only of this section, a data controller shall be deemed to have complied with the provisions of section 2 (1) (b) of this Act if and so long as the personal data concerned accurately record data or other information received or obtained by him from the data subject or a third party and include (and, if the data are disclosed, the disclosure is accompanied by)—
    [GA]
    ( a ) an indication that the information constituting the data was received or obtained as aforesaid,
    [GA]
    ( b ) if appropriate, an indication that the data subject has informed the data controller that he regards the information as inaccurate or not kept up to date, and
    [GA]
    ( c ) any statement with which, pursuant to this Act, the data are supplemented.


  • #4
    Maximilian
    Legal Moderators, Society & Culture Moderators Posts: 5,400 Mod ✭✭✭✭Maximilian


    Plus wouldn't the fact the laptop was stolen be a novus actus & cause a causation problem?


  • #5
    sh_o
    Closed Accounts Posts: 198 ✭✭sh_o


    Tom Young wrote: »
    Actually, there is a specific tort in the Data Protection Act 1998, Section 7.

    [GA] Duty of care owed by data controllers and data processors.
    7.—For the purposes of the law of torts and to the extent that that law does not so provide, a person, being a data controller or a data processor, shall, so far as regards the collection by him of personal data or information intended for inclusion in such data or his dealing with such data, owe a duty of care to the data subject concerned:
    [GA]
    Provided that, for the purposes only of this section, a data controller shall be deemed to have complied with the provisions of section 2 (1) (b) of this Act if and so long as the personal data concerned accurately record data or other information received or obtained by him from the data subject or a third party and include (and, if the data are disclosed, the disclosure is accompanied by)—
    [GA]
    ( a ) an indication that the information constituting the data was received or obtained as aforesaid,
    [GA]
    ( b ) if appropriate, an indication that the data subject has informed the data controller that he regards the information as inaccurate or not kept up to date, and
    [GA]
    ( c ) any statement with which, pursuant to this Act, the data are supplemented.

    That section establishes a duty of care on the Data controller and processor, the other elements of the Tort of Negligence would need to be established before it could be successfully relied upon.


  • #6
    Tom Young
    Legal Moderators, Society & Culture Moderators Posts: 4,338 Mod ✭✭✭✭Tom Young


    sh_o wrote: »
    That section establishes a duty of care on the Data controller and processor, the other elements of the Tort of Negligence would need to be established before it could be successfully relied upon.

    Indeed, like failure to encrypt, failure to advise clients that personal data would be conveyed outside the banks main servers (on laptops), creating risk of damage, failure to notify etc.

    There are a number of matters where negligence could be proven. Actual damage, no but negligence, breach of duty and breach of statutory duty - Oh yes.

    Tom


  • Advertisement
  • #7
    Spike440
    Registered Users, Registered Users 2 Posts: 527 ✭✭✭Spike440


    The English Data Protection legislation provides for a remedy in damages including for mental distress suffered as a consequence. The Irish legislation makes no such provision. A Plaintiff would have to go down the nervous shock route, which presents a whole host of difficulties.


Advertisement