Keith Smeaton v Equifax plc

20 February 2013

The Court of Appeal has overturned the High Court decision in this case, in which the judge had found Equifax plc (a credit reference agency) in breach of the Data Protection Act. Mr Smeaton had claimed damages for substantial damage and distress under s.13 of the Data Protection Act, which he claimed resulted from Equifax plc’s failure to remove a bankruptcy order (which was issued and later rescinded) from its records, in breach of it requirement to ensure data was accurate and kept up to date where necessary under the Data Protection Principles. Mr Smeaton claimed that he was unable to secure credit due to the error in Equifax plc’s records.

The Court of Appeal found that the Act did not require data controllers to take every possible step to ensure accuracy, and found that Equifax plc had taken reasonable steps to ensure accuracy by consulting a reputable source, and removing the inaccurate data as soon as it was notified of the inaccuracy.

Moreover, the Court held that it was wrong of the trial judge to conclude that a Credit Reference Agency assumed a duty of care to the public by choosing to operate as a credit reference agency and that there was no need to construct a concurrent duty in tort to run along side a statutory duty which adequately provides for applicable obligations and remedies in such a case. Accordingly, the Court held that no common law duty had arisen.

Equifax plc’s appeal against the earlier decision was therefore upheld.

The full judgment can be found here.