An employee who worked for Tesco settled her data breach claim for £3,000. She had requested copies of the information that Tesco held on her, using the subject access request mechanism that you are probably familiar with. She had, during a period of over 15 years working for her employer, given them a significant amount of ‘sensitive personal data’ in the old data protection jargon, now called ‘special category data’. This included details about counselling she had received in relation to her mental health, details of post-natal depression and the management of those health conditions. Most employers will have this sort of ‘special category data’ even if they don’t collect other data like criminal records.

It appears that Tesco could not lay their hands on this information, presumably in a physical format and there was a delay because the file had been lost at some point in the past, perhaps when there was a move of offices.

Tesco had written to her explaining that they had looked for her employment records but couldn’t find them. This then triggered her putting in her data breach claim, which would be to a Court and not an Employment Tribunal.

Tesco settled the case for £3,000 and it has been reported in the local press. The publicity surrounding these events is bound to give other employees ideas. It shows that the loss of data can be just as problematic as retaining historic data that you don’t really need to and can’t justify retaining.

Refreshing Law Ltd
6 November 2021