A group of workers at Manchester United are suing the football club for an HR data breach, according to a lawyer leading the action.
The club could face a damages claim totalling £100,000 after it accidentally emailed the staff wage slips of 167 colleagues to an entire pool of casual catering and hospitality staff.
The staff all received a single file containing names, addresses, earnings details and national insurance numbers for the employees making the claim, in an incident dating back to 2018.
The club said managers “regret” the incident, which was reported to the Information Commissioner’s Office as a data protection breach at the time, and said that processes had been changed to ensure it didn’t happen again.
Data breaches
Jonathan Whittle, a senior manager and chartered legal executive at Chesterfield-based Your Lawyers, which represents 32 of the 167 workers, urged the club to settle the claim.
He told the Manchester Evening News that this was a “clear and serious breach of data protection laws” and should be resolved as quickly as possible. Each claimant is claiming an average of £3,000.
A spokesperson for Manchester United told the paper: “We take the data privacy of our employees very seriously and regret this isolated breach, which occurred in 2018. Measures were put in place to prevent it happening again and we informed the Information Commissioner’s Office, which took no further action.”
Becky White, senior data protection and privacy solicitor at Harper James, said the incident highlighted important data protection issues.
“As the HR function within an organisation manages considerable amounts of personal data relating to prospective, current and former staff, it is crucial that employers understand their responsibilities and liabilities under data protection laws and that they manage human resource data responsibly.
“The incident also serves as a reminder of the need for organisations to implement proper policies and procedures with regards to email practices, particularly when sending bulk emails, and encouraging their staff to follow good email practices to reduce the likelihood of this kind of avoidable data breach reoccurring.
“Businesses and HR teams should ensure they have robust data protection policies in place and that regular security and data protection awareness training is offered to help staff better understand the role they play in protecting any personal information the business collects and processes.”
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday