Publications / European IP Bulletin, Issue 34, September 2006 / European IP Bulletin, Issue 34, September 2006 - Confidential Information and Privacy

Publications

European IP Bulletin, Issue 34, September 2006 - Confidential Information and Privacy

CONFIDENTIAL INFORMATION AND PRIVACY

9. Hughes V Carratu International PLC

In Hughes v Carratu, [2006] EWHC 1791 (QB) (19 July 2006), the claimant received notification from the Information Commissioners Office (ICO) that during the execution of a search warrant against an enquiry agent some of the documents that had been found concerned transactions from the claimant’s bank accounts. They were being held in breach of the Data Protection Act 1998 and the ICO intended to initiate proceedings.

The claimant was later informed by the ICO that other clients of his solicitors had also been investigated by the same enquiry agent and on reviewing the documents shown to him it appeared that the enquiry agent had been commissioned by the respondent, a corporate investigation consultancy.

The claimant sought further information from the respondent but when this was not forthcoming he issued an Application Notice to seek an order from the court for disclosure by the respondent of all documents that were, or previously had been, in their control relating to his financial affairs. Moreover, with the application, disclosure of the parties for whom the respondent was instructed to gather this information was specifically requested.

The notice was sought under Civil Procedure Rules rule 31.16. The application was also based upon the Norwich Pharmacal principles under CPR rule 31.18 that, if a person becomes involved in tortious acts of others through no fault of their own, they are still under a duty to give the person who has been wronged full information and disclose the identity of the wrongdoers.

The respondent claimed that it had been instructed to obtain information lawfully, therefore on receipt of the unlawful information the respondent shredded the documentation without passing to his client, a London law firm.

Justice Tugenhat allowed the application as the threshold test of establishing an arguable cause of action against the respondent and the law firm had been met. The subsequent order entitled the claimant to know who had received the personal information and what had been done with such information. Finally, it was possible that the applicant would be entitled to a remedy under the Data Protection Act 1998. 

The judgment reflects the legally required balance between the individual’s right to privacy and the effectiveness of investigative measures.  Organisations involved in investigations of this type will need to be particularly wary that if they obtain information by methods contrary to the Data Protection Act 1998 because then, under the CPR rule 31.16, they will not only need to disclose all the information that they hold, but they might also be asked to disclose the party for whom the information was acquired.

 

Click here to return to the Summary page, or on any of the headings below to see the full case notes for that topic:

COPYRIGHT | PATENTS | TRADE MARKS | DESIGNS

 

McDermott Will & Emery

McDermott Will and Emery