The news last week that information from the Metropolitan Police’s controversial “gangs matrix” was leaked and shared on social media is extremely worrying.  It is understood that the matrix contains the details of more than 3500 people, mostly children and young adults of black and minority ethnic backgrounds, whose details are “coded” according to their purported level of gang involvement.  The matrix has been criticised by Liberty and Amnesty International for racial bias, its opaque operation and the absence of any means to challenge inclusion, amongst other things. 

Reports suggest that there were at least two separate leaks of the matrix last year, which likely originated from one of the “trusted agencies” with whom the matrix was shared.  It is not known how many people are affected by the leak, although the Metropolitan Police say that they have “risk-assessed every individual on the list and taken appropriate action where necessary”.  It is understood that the Metropolitan Police and Information Commissioner are conducting investigations. It is no overstatement to say that the leaks could put those named and their families at risk of physical harm.

This serious data breach has echoes of the Home Office’s 2013 blunder which resulted in the inadvertent publication online of a spreadsheet containing the personal details of 1500 asylum seekers.  That error caused distress and anxiety and fears for the safety of those concerned. 

Tamsin Allen, partner and head of media and information law at Bindmans LLP, acted on behalf of the lead claimants (‘TLT’, his wife ‘TLU’, and his daughter ‘TLV’) in litigation arising from the Home Office’s data breach.  In a June 2016 judgment the High Court awarded TLT compensation of £12,500 under the Data Protection Act 1998 for the distress caused by the breach, which resulted in TLT having a rational fear that he would be targeted by the authorities of the country from which he had fled, and which led him to relocate his family.  The judge also awarded compensation for distress to TLU and TLV even though their details were not contained in the spreadsheet.  The award was made on the basis their identities (and the fact that they had claimed asylum) could be readily inferred from TLT’s details which had been disclosed.

The Home Office appealed to the Court of Appeal in respect of the compensation awarded to TLT’s wife and daughter, because the data breach did not actually reveal any personal information specifically relating to TLU and TLV.  In a 15 June 2018 judgment the Court of Appeal dismissed the appeal; thereby confirming the principle that a data breach which does not directly reveal personal information about someone but which nonetheless means that they can be identified, can result in an award of compensation. 

For those incorrectly included in the database, there is also the possibility of a libel claim for compensation for  reputational damage. 

So, those  who have suffered distress or damage to reputation as a result of the gang matrix data breaches, are likely to be entitled to compensation – not only those whose details were directly leaked, but potentially also their families.