Morrisons – Court of Appeal: Vicarious Liability in Serious Data Breach

By October 24, 2018Uncategorized
The Court of Appeal has this week decided that Morrisons was vicariously liable for a serious data breach whereby Andrew Skelton, a former internal auditor for Morrisons posted names, bank account details, salaries and national insurance details of nearly 100,000 employees online.  Over 5,000 employees affected have been involved in bringing a case against the supermarket.
Skelton was a former disgruntled employee who was convicted of fraud, securing unauthorised access to computer material and disclosing personal data at a criminal trial in 2015.
Where did it go wrong? 
Morrisons defence centred on their argument that it could have done nothing to prevent the breach.
The Supermarket also argued that it could not be held liable for the criminal misuse of its data.
General Data Protection Regulations
The Regulations which came in to force in May this year have heightened public and media interest in personal data security.  It is inevitable that precedents will now be set to encourage conformity.