The European Court of Human Rights has ordered the Finnish government to pay out €34,000 because it failed to protect a citizen's personal data.
One data protection expert said that the case creates a vital link between data security and human rights.
The Court made its ruling based on Article 8 of the European Convention on Human Rights, which guarantees every citizen the right to a private life. It said that it was uncontested that the confidentiality of medical records is a vital component of a private life.
The Court ruled that public bodies and governments will fall foul of that Convention if they fail to keep data private that should be kept private.
The woman in the case did not have to show a wilful publishing or release of data, it said. A failure to keep it secure was enough to breach the Convention.
A Finnish woman worked in an eye clinic where she also received treatment, having been diagnosed as having AIDS.
The woman began to suspect that news of her disease had spread to other employees and asked to be shown who had accessed her medical records and when. The health authorities only kept a note of the last five people to have accessed a record.
The woman, known in the case as I, sued the District Health Authority for failing to keep her medical records confidential.
She lost that case because the court found that there was no firm evidence that her record had been accessed unlawfully. She also lost her appeal, and was refused permission to take her case to Finland's Supreme Court.
The Court of Human Rights found that there were privacy laws in place in Finland when the incidents occurred that required medical data to be properly protected. Had these been strictly followed, it found, I's records would have had enough protection.
This article was contributed to ITproportal.com by http://www.OUT-LAW.com.
OUT-LAW.COM is part of international law firm Pinsent Masons.
See: http://www.out-law.com for further details.
