expectation of privacy in relation to him being investigated by the police . The newspaper argued that the matter was one of public interest , but the Judge did not consider that the newspaper ’ s freedom of expression was likely to prevail over the businessman ’ s privacy rights , and an injunction was therefore necessary .
The injunction did not cover reporting of the fact that the company was under investigation , but it was noted that , given that the businessman was closely associated with the business , care would need to be taken in any such reporting .
The Judge accepted that , as the investigation was ongoing , matters may change and therefore the order provided for the newspaper to apply on 24 hours ’ notice to discharge or vary the injunction , for example if the businessman were arrested or charged .
This is an interesting case , as the question of to what extent police investigations are private matters – and also constitute sensitive personal data – has not as yet been resolved by the courts . Media outlets may be familiar with reporting investigations , interviews and arrests as soon as they are certain they have the identity of the individual correct , and so are not at risk of a libel claim . This case shows that privacy rights must also be considered .
Injunction granted by court over extramarital affair – but may not always be
n A married man (‘ TRK ’) and his lover have obtained an injunction to prevent the lover ’ s ex-boyfriend from revealing their affair . The ex-boyfriend (‘ ICM ’) ‘ hacked into ’ his ex-girlfriend ’ s email account , and used what he found to threaten to tell TRK ’ s wife . The Judge said that a person who finds out someone is having an affair may have every right to tell their spouse , but ‘ it is improbable that the court would consider it legitimate to disclose the details of the unfaithful spouse ’ s correspondence . Still less if access to that correspondence was only gained surreptitiously , without consent .’
In the circumstances of threatened publication , it was legitimate not to inform ICM of the application for an injunction in advance , in case he made the disclosure before the court could hear the case . The Court was also satisfied that there remained a threat to publish the private information , such that an injunction was required .
The Judge balanced the privacy rights of TRK and his lover against the rights of ICM and TRK ’ s wife . In all the circumstances an interim
Data Protection & the ICO
n Data protection law protects ‘ personal data ’, which is any data relating to an identifiable living person . In addition to individuals being able to sue under the Data Protection Act where their personal data has been misused , the Information Commissioner ’ s Office ( ICO ) operates a regulatory system of compliance with data protection laws . The ICO has strong powers at its disposal , including the power to fine up to £ 500,000 for serious breaches of the Data Protection Act .
There is a specific statutory journalistic exemption , but media companies and individuals can still be fined for data security lapses . Accordingly , it is important that media companies have a corporate data protection policy in place and that staff abide by it . Abbas Media Law advise clients on all aspects of policy and procedure in order to minimise risk in connection with breaches of the Data Protection Act and the ICO ’ s regulatory regime .
Other data breach news :
• The ICO has fined Talk Talk £ 400,000 for failing to prevent a cyber-attack that resulted in over 15,000 customers having their details accessed . The Information Commissioner said : ‘ Talk Talk ’ s failure to implement the most basic cyber-security measures allowed hackers to penetrate TalkTalk ’ s systems with ease . Yes hacking is wrong , but that is not an excuse for companies to abdicate their security obligations . TalkTalk should and could have done
more to safeguard its customer information . It did not and we have taken action .’ The fine is one of the largest issued by the ICO , and shows its power to act where companies fail to comply with the Data Protection Act .
• A former employee at Solent NHS Trust was convicted of breaching the Data Protection Act 1998 by accessing the medical records of her partner ’ s ex-girlfriend without the consent of her employer . The defendant Kayleigh Evans pleaded guilty and was fined £ 400 and ordered to pay £ 683.60 in prosecution costs .
• Omega Marketing Services Ltd , a company that made 1.6 million nuisance calls to try to sell solar panels and green energy equipment , was fined £ 60,000 by the ICO .
• Bizcall Communications Ltd was prosecuted at Birmingham Magistrates Court for the offence of processing personal data without having an entry in the ICO register . The telecommunications company was found guilty under section 17 of the Data Protection Act 1998 . It was fined £ 650 and ordered to pay costs of £ 299.63 and a victim surcharge of £ 65 . The Data Protection Act 1998 requires every data controller , eg an organisation that is processing personal information , to register with the ICO , unless they are exempt . More than 400,000 organisations are currently registered . Data controllers can register via the ICO ’ s website .
zoom-in Winter 2016 | 27