Morrisons employees data breach victory
The recent judgment in the Morrisons data breach case concerning the vicariously liability of employers for the actions of employees involved in breaches of data is potentially highly significant for the insurance industry - both for the insurer and the insured.
The group litigation claim which was brought against the supermarket chain arose from a situation where a rogue employee placed on the internet the personal and sensitive data of other employees he had gained access to when playing a part in auditing the payroll of the business. The rogue employee was subsequently convicted and received a substantial term of imprisonment for his criminal acts.
The basis of the claim against Morrisons was founded upon three causes of action - breach of statutory duty under the Data Protection Act 1998; misuse of confidential information and breach of confidence. It was asserted by the employees of the company that Morrisons was liable for the actions of their employee either directly and/or on a vicarious basis.
The High Court ruled that Morrisons were vicariously liable for the actions of their rogue employee on the basis of the "social justice" principle due in part to the connection and control that the employee had on behalf of his employer of the leaked sensitive data.
Whilst all cases in this field must be viewed on a fact specific basis, the potential impact of this ruling on employers is considerable as it extends their risk of exposure to liability for the actions of their employees when they have committed illegal acts without their knowledge.
Group action litigation involving thousands of claims brought against a company is not cheap to defend through the civil courts and also if not defended successfully, will lead to substantial payments of damages.
See what others have to say about it
If your employer has put your data at risk or you want more information about how to claim then contact us via our secure form.