Back

Award damages based on applicable law.


CONTROL ID
00501
CONTROL TYPE
Behavior
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define the available administrative remedies in regards to a privacy rights violation complaint., CC ID: 00497

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • (§ 66, Hong Kong Personal Data (Privacy) Ordinance)
  • Judicial authorities shall have the authority to order the infringer who, knowingly or with reasonable grounds to know, engaged in the infringing activity, to pay the right holder adequate damages to compensate for what the right holder has suffered. (Art 9 ¶ 1, Anti-Counterfeiting Trade Agreement)
  • Judicial authorities shall have the ability to consider, inter alia, any legitimate measure of value submitted by the right holder, when determining the amount of damages for intellectual property rights infringement. (Art 9 ¶ 1, Anti-Counterfeiting Trade Agreement)
  • Judicial authorities shall have the authority to order the infringer to pay the right holder the profits attributable to the infringement, in civil judicial proceedings. (Art 9 ¶ 2, Anti-Counterfeiting Trade Agreement)
  • Each party shall establish or maintain a system that provides for pre-established damages with respect to copyright infringement and trademark counterfeiting. (Art 9 ¶ 3(a), Anti-Counterfeiting Trade Agreement)
  • Each party shall establish or maintain a system that provides for presumptions to determine the amount of damages sufficient to compensate the right holder with respect to copyright infringement and trademark counterfeiting. (Art 9 ¶ 3(b), Anti-Counterfeiting Trade Agreement)
  • Each party shall establish or maintain a system that provides for at least copyright and additional damages with respect to copyright infringement and trademark counterfeiting. (Art 9 ¶ 3(c), Anti-Counterfeiting Trade Agreement)
  • A provider of telecommunications billing services shall negotiate with the claimant to damages for agreement on compensation for the damages under paragraph (1). (Article 60(2), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • (Art 32, Korea Act on Promotion of Information & Communication Network Utilization and Information Protection, etc.)
  • (Art 28(2), Korea Act Relating to Use and Protection of Credit Information)
  • (Art 27 thru Art 30, Taiwan Computer-Processed Personal Data Protection Law 1995)
  • The information commissioner must be satisfied that the privacy code obligates an organization that is bound by the code to perform some conduct that the adjudicator declares after investigating a complaint to redress loss or damage suffered by the complainant before approving a privacy code that in… (§ 18BB(3)(f), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A complainant is entitled to be paid the amount named in a declaration, if the determination includes a declaration of the kind referred to in sections 52(1)(b)(iii) or 52(3). (§ 60(1), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • The commonwealth of australia is liable to pay a reasonable amount of compensation when the operation of part via results in the acquisition of property from a person on not just terms. (§ 80T(1), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • A confider may recover damages from a confidant for a breach of an obligation of confidence about personal information. (§ 93(1), Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012)
  • When the federal court finds a perpetrator has violated 1 or more civil penalty provisions and is satisfied that the victim has suffered damage or loss as a result of the violations, the court may make an order for the perpetrator to compensate the victim. (§ 28(1), Australian Government Spam Act 2003)
  • When a federal court finds a person has violated 1 or more civil penalty provisions and the court is satisfied that the person obtained a direct or indirect financial benefit that is reasonably attributable to the violation, the court may make an order for the person to pay an amount up to the amoun… (§ 29(1), Australian Government Spam Act 2003)
  • The federal court may make an order that directs the person to pay the commonwealth of australia an amount up to the amount of the direct or indirect financial benefit and the amount that is reasonably attributable to the breach, if the court is satisfied that the person has breached a term of the u… (§ 39(2)(b), Australian Government Spam Act 2003)
  • The federal court may make an order directing the person to compensate any other person who suffered damage or loss due to the breach, if the court is satisfied that the person has breached a term of the undertaking. (§ 39(2)(c), Australian Government Spam Act 2003)
  • (§ 74, New Zealand Privacy Act 1993)
  • (Art 18, Bosnia Law on Protection of Personal Data)
  • When a data subject is caused harm by a data controller that collects, processes, or using his/her personal data that is incorrect or inadmissible under this Act, the data controller or supporting organization must compensate the data subject for the harm that was caused. The data controller, if he/… (§ 7, § 8, German Federal Data Protection Act, September 14, 1994)
  • Any person who processes personal data in breach of Sections 18, 19, 23, 123, 126, and 130 or the provision made further to Section 129, to gain for himself/herself or with intent to cause harm to another, will be punished, if harm is caused, by imprisonment for between 6 to 18 months or if the offe… (§ 167, § 168, § 170, § 171, Italy Personal Data Protection Code)
  • When a data controller or processor fails to comply with this Law, data subjects who suffer damage to their rights or possessions have the right to damages. (Art 19.1, ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data)
  • The personal data controller is required to compensate registered persons for damages and violations of personal integrity that have occurred as a result of violating this Act. The liability to pay compensation may be adjusted, if he/she can prove the error was not caused by him/her. (§ 48, Sweden Personal Data Act (1998:204))
  • For harm that is not damage to property, the injured person has the right to fair compensation. (Art 49.2, Netherlands Personal Data Protection Act, Session 1999-2000 Nr.92, REVISED BILL (as approved by the Lower House on 23 November 1999), Unofficial Translation)
  • An individual who suffers damage due to a violation of this Act by a data controller is entitled to compensation from that data controller. An individual who suffers distress due to a violation of this Act by a data controller is entitled to compensation by that data controller, if the damage he/she… (§ 13, UK Data Protection Act of 1998)
  • In addition to other remedies, the Court may award the complainant damages, including damages for any humiliation he/she has suffered. (§ 16(c), Canada Personal Information Protection Electronic Documents Act (PIPEDA), 2000, c.5)
  • Entities or individuals whose personal data have been integrated into a file has the right, through Habeas Data, to receive compensation that is proportionate to the damage or injury that results. (Art 7.V, Colima Personal Data Protection Law (Decree No. 356))
  • Individuals whose personal data have been integrated into a data record have the right to receive compensation that is proportionate to the injury or damage that occurred to its goods or rights. (Art 43.V, Tlaxcala Law on Access to Public Information and Personal Data Protection)
  • The court may award the following: punitive damages; actual damages, but not less than liquidated damages, of two thousand five hundred dollars ($2,500); reasonable attorneys' fees and other litigation costs reasonably incurred; and other preliminary and equitable relief, as the court determines. (§ 2710(c)(2), 18 USC § 2710, Wrongful disclosure of video tape rental or sale records)
  • (§ 2724(b), 18 USC § 2721, Prohibition on release and use of certain personal information from State motor vehicle records (Driver's Privacy Protection Act (DPPA))
  • (§ 551(f), Cable Communications Privacy Act Title 47 § 551)
  • Any person who suffers a loss or damage as a result of a violation of section 1030 may pursue a civil action for compensatory damages and injunctive relief or other equitable relief. Civil action may be brought only if the conduct involved one of the factors in section 1030(c)(4)(A)(i)(I), 1030(c)(4… (§ 1030(g), Computer Fraud and Abuse Act)
  • Injunctive relief will be available to require compliance with the procedures in this chapter. For successful actions, the costs plus reasonable attorney's fees, as determined by the court, may be recovered. (§ 3418, Right to Financial Privacy Act)
  • The privacy protection mechanisms must include the awarding of damages if named by the applicable law or private sector initiative. (ENFORCEMENT(a), US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The organization should seek restitution and obtain remedies, as prescribed by relevant authorities. (§ 3.f, DoD Instruction 4140.67, DoD Counterfeit Prevention Policy)
  • For suits brought under § 552a(g)(1)(C) or § 552a(g)(1)(D), when the court determines the agency acted in a willful or intentional manner, the United States shall be liable for an amount equal to the sum of the actual damages sustained as a result of the refusal or failure, but not less than one t… (§ 552a(g)(4), 5 USC § 552a, Records maintained on individuals (Privacy Act of 1974))
  • § 552a(g)(2)(B): For cases under § 552a(g)(2) that the complainant has substantially prevailed, the court may assess against the United States reasonable attorney fees and other litigation costs that are reasonably incurred. § 552a(g)(3)(B): For cases under § 552(g)(3) that the complainant has s… (§ 552a(g)(2)(B), § 552a(g)(3)(B), 5 USC § 552a, Records maintained on individuals (Privacy Act of 1974))
  • The plaintiff can be awarded the greater of $1,000 per unauthorized disclosure or the actual damages plus punitive damages. (Exhibit 5, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)
  • Persons found guilty of a crime in this Article, in addition to other punishment, will be court ordered to make restitution for financial losses to the identify theft victim. Financial loss includes costs incurred to correct credit history or credit rating and costs in connection with administrative… (§ 13A-8-195, Code of Alabama, Article 10, The Consumer Identity Protection Act, Sections 13A-8-190 thru 13A-8-201)
  • Organizations will be liable for a sum equal to the amount of the actual damages sustained by the injured party. The court may also award reasonable attorneys' fees to the winning party. (§ 487N-3(b), Hawaii Revised Statute, Section 487N, Security Breach of Personal Information)
  • Persons who suffer a financial loss due to identity theft may bring action against the offender to recover reasonable attorney fees, court costs, and $1,000 or 3 times actual damages, whichever is greater. (§ 714.16B, Iowa Code Annotated, Section 714.16B, Civil Cause of Action)
  • Anyone who is a victim under the Kentucky Revised Statutes 434.872, 434.874, 514.160, or 514.170 will have a cause of action, either where the defendant or the victim resides, for punitive and compensatory damages against anyone who violates these sections and will be awarded reasonable attorneys' f… (§ 411.210, Kentucky Revised Statutes, Title XXXVI, Chapter 411, Section 210, Action for theft of identity or trafficking in stolen identities)
  • Businesses, including website and trademark owners, adversely affected by violations of section 30-14-1712(1) may bring an action to recover actual damages or $500,000, whichever is greater. Individuals who are adversely affected by violations of section 30-14-1712(1) may bring an action against the… (§ 30-14-1713, Montana Code - Part 17: IMPEDIMENT OF IDENTITY THEFT)
  • The court has the right to order the person who unlawfully gained accessed or used the personal information to pay restitution to the organization for the costs to provide notification. (§ 603A.910, Nevada Revised Statutes, Chapter 603A, Security of Personal Information)
  • The organization may bring action against the individuals who unlawfully obtained or benefitted from the personal information. Damages are unlimited and may include the notification costs, attorney's fees and costs, and punitive damages. (§ 603A.900, Nevada Revised Statutes, Chapter 603A, Security of Personal Information)
  • The court may award damages for actual costs or losses if the organization is in violation of the Article. If the court believes the organization knowingly or recklessly violated this Article, a civil penalty of the greater of $5,000 or up to $10 per failed notification ($150,000 maximum) may be awa… (§ 899-aa.6, New York General Business Law Chapter 20, Article 39-F, Section 899-aa)
  • Injured individuals may bring civil action in court. The court may award a penalty of $200 or actual damages, whichever is greater, and costs and reasonable attorneys' fees for failure to comply due to negligence; and award a penalty of $600 or three times actual damages, whichever is greater, and c… (§ 19.215.020(4), § 19.215.020(6), Revised Code of Washington, Title 19, Chapter 19.215, Disposal of personal information, Sections 19.215.005 thru 19.215.030)