Mr Justice Simon McAleese
PIAB authorisation needed in PI data-breach cases
The High Court has confirmed that claimants pursuing damages in personal injuries arising out of data breaches require a PIAB authorisation, Fieldfisher lawyers Killian O'Reilly and Niamh McDonagh have written.
In the case, the plaintiff was employed as a census enumerator in 2016 and provided personal data to the Central Statistics Office (CSO) for salary and tax purposes.
In 2017, her P45 was allegedly unlawfully disclosed by the CSO to third parties.
She initiated legal proceedings, alleging a complete breach of her privacy rights, which caused her to suffer anxiety and stress, affecting her sleep and appetite, and worsening her psoriatic arthritis.
The plaintiff sought damages for the stress and anxiety caused by this alleged data breach.
Circuit Court decision
The lawyers write that the Circuit Court held that the plaintiff ought to have obtained a PIAB authorisation in advance of issuing her proceedings.
Because she didn’t do so, her main claim for damages in personal injuries was, in the words of Judge Simon McAleese (pictured) "doomed to fail".
The remaining aspect of the plaintiff’s claim would be confined to other damages, if any, that might be awarded for the inadvertent breach.
In practical terms, this meant that the plaintiff could still succeed in her claim for non-material damages as outlined in article 82 of the GDPR and section 117 of the Data Protection Act 2018.
In this case, no award was provided in respect of non-material damages.
High Court appeal
This decision was upheld on appeal to the High Court. Final orders – including in respect of loss – are awaited.
In similar fact patterns, legal practitioners should be aware of the necessity of a PIAB authorisation prior to proceedings being issued, the Fieldfisher lawyers point out.
Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland