Chapter 15Business propertynot protectable under an implied duty of good faith
and non-disclosure. There was no contractual provision
regarding which part of the employee’s knowledge was
to be regarded as confidential and the plating process
was only part of a number of pieces of information that
the employee could not help but acquire from his duties.
The implied term was too vague: more specific guidance
was needed.
Confidentiality: other business
applications
The defendant’s breach of the law of confidentiality is an
accepted head of liability in the common law for which
there is a remedy of damages. Such a breach was the
basis of the following high-profile case.
The Court of Appeal decided that the unauthorised
photographs of the wedding reception plainly portrayed
aspects of private life and fell within the protection of
the law of confidentiality as extended to cover private or
personal information. Thus, individuals have an enforce-
able right to privacy (in this case in the photographs)
which was redressable in damages. See Douglasv Hello!
Ltd(2005).Data protection
One of the most important resources a business makes
use of is information. Increasingly, the information
collected is stored on computer and processed automat-
ically. Some organisations, however, still keep a substan-
tial amount of information in the form of paper records
which are processed manually. The collection and pro-
cessing of all forms of information about people is now
subject to the provisions of the Data Protection Act 1998
(DPA 1998). The DPA 1998 replaces the Data Protection
Act 1984, which was limited in its scope to data processed
automatically, i.e. by computer.
We will examine the main provisions of the DPA
1998 and consider its implications for business. But first,
why has it been necessary to legislate on data protection?Background to the 1984 Act
There are two main reasons why the government decided
in 1984 to take action to regulate the use of computers
to process personal information: first, concern had been
growing since the 1960s that the widespread use of in-
creasingly sophisticated computers posed a considerable
threat to the right to privacy. Computers not only had
the ability to process large quantities of information at
high speed, but could also transfer data quickly from
one system to another, and combine information from
different systems in ways which had not been possible
before. Existing laws were inadequate to deal with this
new threat to our civil liberties.
The second and main reason why the government
introduced legislation was to avoid commercial isola-
tion. In 1981 the UK had become a signatory to the Council
of Europe Convention on Data Protection. The Conven-
tion permits ratifying countries to prohibit the transfer of
personal data to countries without comparable data pro-
tection legislation. Failure to introduce such legislation443Douglasv Hello! Ltd(2003)The first two claimants are well-known film stars. They
married in November 2000. Before the ceremony they
made a contract with the third claimant OK!magazine
under which that magazine acquired exclusive photo-
graphic rights to the event. Unauthorised photographs
were taken at the event and sold to OK!’s rival magazine
Hello!, which published them on the same day as OK!
magazine. The claimants asked for damages for breach
of confidence and the film stars additionally claimed
damages for breach of the law of privacy.
The High Court ruled that there was no existing tort of
privacy and refused to extend the common law into this
area. Furthermore, there was no need to introduce Art 8
of the Convention on Human Rights (respect for private
and family life) because English law was not inadequate
in this case which could be dealt with as a branch of
commercial confidence, i.e. a recognised head of law.
The judge also awarded the Douglases compensation
for damage and distress under the Data Protection Act- The unauthorised pictures were to be regarded as
personal data and the Hello!magazine was a data con-
troller. Thus, publication of the pictures in England was
processing by Hello!, which was bound by the require-
ments of the Act.
Comment. The High Court took the view that if a gen-
eral law of invasion of privacy was to be created it should
be done by legislation through Parliament and not by
the judiciary since the latter did not have adequate
consultation powers with those interests that might be
affected.