Breach of confidence
This is the English common law entitlement to bring a claim for compensation against somebody who has without lawful authority given private information about you to a third party, either in breach of an agreement with you to keep that information confidential or in a situation where it is only equitable i.e. fair and just that the other person should have kept your information confidential, even if there was no formal agreement between you relating to that information.
Misuse of private information
This is a claim for compensation arising out of your entitlement to respect for your privacy and family life under article 8 of the European Convention on human rights, as enacted by the UK Government in The Human Rights Act 1998.
Breach of The Data Protection Act 1998 (the “DPA”)
This safeguard to your individual private data is ever more important in the electronic/online age in which we live where significant and often sensitive information about all of us is held on the computer systems of numerous Government agencies, public authorities and private companies. Access to and use of this data must be carefully regulated by those in authority to ensure that our private information is not misused or given to those who are not entitled to see it.
Section 13 of the DPA entitles an individual to compensation from a “data controller” for damage caused by contravention of the requirements of the DPA. Section 13 (2) entitles an individual to compensation for distress caused as a result of breach of the DPA.
Section 4 (4) of the DPA places a general obligation on data controllers “to comply with the data protection principles in relation to all personal data with respect to which he is the data controller”. Accordingly, appropriate technical and organisational measured should be taken against unauthorised or unlawful processing or personal data (this is known as the seventh principle of data protection).
Accordingly, an individual is entitled to compensation for breaches of the DPA 1998 by either a data controller or an individual within the data controller’s organisation, even where that individual has gone ‘rogue’ and misused data for his or her own personal ends.
The Court of Appeal in the recent case of Vidal-Hall v Google  EWCA Civ 311 has ruled that compensation can be awarded under the DPA to a person whose data privacy has been invaded and who as a result has suffered emotional distress, even if that person has not suffered any direct financial loss.
The Court of Appeal ruled at paragraph 77 of the Judgment –
“It is the distressing invasion of privacy which must be taken to be the primary form of damage (commonly referred to in the European context of “moral damage”) and the data subject should have an effective remedy in respect of that damage.