COURT OF APPEAL RULES AGAINST MORRISONS FOR DATA BREACH

25 October 2018

Supermarket chain, Morrisons face paying out compensation claims to more than 5,000 of their staff after the Court of Appeal upheld the High Court’s ruling in regard to Morrisons being liable for the data leak conducted by their former employee, Andrew Skelton.

The supermarket chain is now involved in the UK’s first data leak group action, due to Mr Skelton’s actions in 2014, in which the former senior internal auditor leaked payroll data whilst working at Morrison’s head office in Bradford.

The claimants are a mixture of both former and current employee, who allege that the data breach enabled them vulnerable to the possibility of identity theft and financial losses. This has been ruled as Morrison’s responsibility, and they are therefore in breach of data protection, privacy and confidence laws.

Many law professionals and business owners have found the ruling surprising considering it was the actions of an individual employee rather than the actual company that enabled breach.

However, it is also a warning message to employers, as they may not realise that they can be liable for the actions of their current or former employees.  This is particularly the case where the breach stems from something which was closely linked to an authorised task, making the employer vicariously liable.

The ruling is most certainly likely to result in a significant increase in class action cases against companies who have experienced internal data breaches, enabling them to review workplace policies and procedures.

 

Here at Three Graces Legal, we can assist you with aspects of data privacy, including safeguarding your business as well as seeking compensation for victims of a breach.

Please contact us at 0151 659 1070

How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Make a free enquiry - Call now - 0151 659 1070