Businesses emailing payslips could face court claims if there is a data breach
Updated 12th January 2023 | 2 min read Published 1st May 2015
Following a recent court case involving Google inc. v Vidal-Hall, the Court of Appeal have clarified the rules under the Data Protection Act 1988 (DPA).
Previously, a compensation claim could only be made if a breach of the DPA resulted in financial loss. This meant that claims could not be made against any stressful or embarrassing consequences of a data breach.
The Court of Appeal ruled that this was unfair and clause 13 of the DPA now states that financial loss no longer needs to be shown for compensation claims for any impact upon the individual that could be seen as emotional.
The impact that this now has on businesses is the effect upon the emailing of payslips and P60s. While this practice is generally frowned upon anyway, there are still businesses that adopt this practice and now there businesses could be breaking though if there is a data breach.
Having someone intercept a payslip or P60 that has been emailed to someone counts as a breach of DPA and an invasion of privacy meaning that, that person will have a cause for claim against their employer.
John Warchus, partner at commercial and technology law firm Moore Blatch said that "accountants should urgently review their data protection procedures and strengthen where necessary as more compensation claims are likely and the amount of damages awarded is also likely to increase".
So apart from the law, why should you never email payslips?
So what can a business do to combat this?
Reviewing the way that they communicate payslips, P60s and even pension letters to their employees is a great way to start to ensure that they continue to stay compliant among a number of different fronts including the update in the Data Protection Act and also other new legislation that is affecting businesses; workplace pension reform.
IRIS OpenPayslips runs within your payroll and allows you to distribute your payslips, P60s and pensions communications electronically to the cloud.
While you may think that this in itself could present a data breach, the data is encrypted and stored securely. When employees are notified, they are emailed an alert that contains a link to their secure login to access their documents, using a username and password that they create themselves.
Payslips can be accessed on the go through the use of a dedicated smartphone app. They can also be viewed via a tablet or on a dedicated web portal on a PC.
This flexibility allows you to cut down on the use of paper as well as having the peace of mind that your employee's payslips and P60s are stored securely and for the required 6 year period (as dictated by legislation for auditing purposes).