RISK

NEWS

Morrisons not vicariously liable for employee’s deliberate data breaches

8 Apr 2020

A landmark ruling has overturned a Court of Appeal decision, finding that the supermarket Morrisons is not vicariously liable for an employee’s deliberate disclosure of the personal data of co-workers.

The employee, Andrew Skelton, was a former senior internal auditor, and was said to be acting on “a grudge” when he leaked payroll data for more than 100,000 Morrisons workers, resulting in thousands of Morrisons staff making claims against the supermarket.

The Supreme Court judgment overturned a previous Court of Appeal ruling that, if upheld, would have significantly extended employers’ liability for data breaches, even in cases where an employee’s actions are criminal and they actively attempt to hide their wrongdoing.

In this case, Supreme Court president Lord Reed explained that the company should not be held accountable for Mr Skelton’s “personal vendetta” against the business, as he had received a disciplinary a month earlier. As Lord Reed explained, businesses can only be held liable for the actions of staff if they are linked to their daily duties.

Julia Wilson, partner in the employment practice at Baker McKenzie, said:

“The previous Court of Appeal decision had stretched the concept of an employer’s vicarious liability for its employees very far, to hold an employer liable for the acts of an employee who was pursuing a personal vendetta outside the workplace, and had deliberately tried to hide his wrongdoing. In this case, the wrongdoing was a data breach and the unlawful release of personal data of over 125,000 Morrisons employees. Whilst often the vicarious liability of an employer has limited effects (usually owing liability to one or a small handful of employees), in this case the data breach element amplified the risk to Morrisons – who faced over 9,000 claimant employees in the end. If the Court of Appeal decision had been upheld, the level of damages Morrisons might have faced would be huge. The Supreme Court has overturned the Court of Appeal’s decision, finding that the wrongdoer’s actions were not sufficiently closely connected with his employment that Morrisons should be liable for them.

“There is a sting in the tail: the Supreme Court considered whether an employer could be vicariously liable for data breaches at all under data protection law. They have decided that an employer can be liable, and data breaches are daily news. So, in situations where an employee commits a data breach which is found to be ‘in the course of employment’, the employer can be liable.”

You may also be interested in

RELATED CONTENT

RELATED COURSES

IOSH Safety for Executives and Directors
IOSH Safety for Executives and Directors

IOSH Safety for Executives and Directors is designed for those who have operational or strategic accountability for a company.

IOSH Managing Occupational Health and Wellbeing
IOSH Managing Occupational Health and Wellbeing

IOSH Managing Occupational Health and Wellbeing is designed to help managers improve health and wellbeing in their organisation.

Display screen equipment (DSE)
Display screen equipment (DSE)

The DSE course covers the risks of display screen equipment use and identifies ways to reduce the risk of injury or ill health.

Selection and control of contractors
Selection and control of contractors

The Selection and control of contractors course is designed for individuals who are responsible for selecting and managing contractors in the workplac...

P&O Ferries “appears to have broken UK employment law”
P&O Ferries “appears to have broken UK employment law”

The decision made by P&O Ferries to sack 800 workers without notice appears to have broken UK employment law, the prime minister has said. If found gu...

New employment law changes come into force on 6 April
New employment law changes come into force on 6 April

On 6 April each year, new and amended employment laws and deadlines come into force. 

April 2023: upcoming employment law changes
April 2023: upcoming employment law changes

It’s that time of the year when employment law changes traditionally take effect, and this year there have been significant increases in several rates...

Pimlico Plumbers workers not entitled to employment rights
Pimlico Plumbers workers not entitled to employment rights

Following a nine-year-long legal battle, former Pimlico Plumbers engineer Gary Smith has lost his Employment Appeals Tribunal (EAT) case over his enti...