Law firm Field Fisher Waterhouse has warned that the UK's data protection laws are not in line with European legislation.
The law firm says that this disparity may lead to complications in the future.
Speaking at the UK Digital Systems Knowledge Transfer Network's annual privacy conference in London, Stewart Room, one of the firm's partners, said that Section 13 of the UK Data Protection Act (DPA) was "out of kilter" with current European laws on personal data protection.
Room said that Article 23 of the European directive on personal data allowed anyone who had suffered a breach of privacy could apply to the organisation responsible for compensation.
Under EU rules, they can also claim damages for emotional distress or loss of reputation. No such provisions are currently offered by the UK's Data Protection Act.
Room said: “There is currently no legal framework that requires private organisations to report data breaches. The regulator still does not have proper and adequate powers as required by the EU directive.”