A judicial remedy of damages can be made for a breach of privacy.

It can also be made for a contravention of data protection rights.

In Conway v INTO various heads of damages were analysed for damages for a tort law breach or for damages for a breach of a constitutional right.

Ordinary compensatory damages were described as sums calculated for mental distress, physical injury, anxiety, deprivation of convenience, or other harmful effects of a wrongful act.

Aggravated damages entailed an increase in damages due to the manner of the wrong, conduct of the wrongdoer or his/her representative.

Punitive damages are meant to show the courts disapproval of the defendants conduct in circumstances it is deemed befitting to punish the defendant.

The duty on the data controller is to take reasonable care not to breach not to breach a duty.

A duty of care is owed to a data subject.

The data controlled can be exempted from liability if he proves he/she is not responsible for causing the damage.

To succeed in proving a beach of duty of care for this matter, one has to prove there has in fact been a breach and damage done caused by the breach. The loss must flow from the breach.