Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Latest NewsCase lawData protectionDisciplineDiscipline and grievances

Supreme Court: Morrisons not vicariously liable for employee’s data leak

by Ashleigh Webber 1 Apr 2020
by Ashleigh Webber 1 Apr 2020 Image: Shutterstock
Image: Shutterstock

Morrisons has successfully argued in the Supreme Court that it cannot be held vicariously liable for a data breach in which the personal details of employees and former employees were exposed.

In a judgment handed down today (1 April), Lord Reed said that the company could not be held liable for an ex-employee’s criminal activity as it had been part of a “personal vendetta” against the organisation and not part of his role.

The Supreme Court’s judgment overturns previous decisions made by the Court of Appeal and the High Court, which had found the retailer could be held vicariously liable for the actions of Andrew Skelton, who is now in prison.

Employers will be relieved to hear this outcome, however this case does illustrate how fact specific issues of vicarious liability are, and not all employers will have the grit or will to fight the issue all the way up to the Supreme Court,” – Julia Wilson, Baker McKenzie

In 2014, Skelton, a senior internal auditor at Morrisons’ Bradford head office, leaked a file containing the personal details of thousands of employees and ex-employees to a file sharing website. He had made a copy of the payroll file after receiving a verbal warning after disciplinary proceedings for minor misconduct.

In group litigation proceedings, more than 9,000 Morrisons employees and former employees brought a claim for compensation against the company for breaches of the Data Protection Act 1998, misuse of private information and/or breaches of confidence. Their lawyers argued that Morrisons’ employees entrusted their information with their employer, who failed to keep it safe, and that if it was not personally liable for the breach then it should be held vicariously liable for Skelton’s actions.

In considering Morrisons’ appeal against the High Court and Court of Appeal’s judgments, the Supreme Court explored whether the wrongful conduct was closely connected with what the employee was required to do while acting in the ordinary course of his employment.

It found that while Skelton was authorised to transmit the payroll data to external auditors, his wrongful disclosure of the data was not so closely connected with that task that it can be regarded as acting in the ordinary course of his employment. It said that an employer is not normally vicariously liable where the employee was not engaged in furthering his employer’s business.

Julia Wilson, a partner at law firm Baker McKenzie, said the judgment will allow employers to breathe a sigh of relief.

“The previous Court of Appeal decision had stretched the concept of an employer’s vicarious liability for its employees very far, to hold an employer liable for the acts of an employee who was pursuing a personal vendetta outside the workplace, and had deliberately tried to hide his wrongdoing,” she said.

“Whilst often the vicarious liability of an employer has limited effects (usually owing liability to one or a small handful of employees), in this case the data breach element amplified the risk to Morrisons – who faced over 9,000 claimant employees in the end. If the Court of Appeal decision had been upheld, the level of damages Morrisons might have faced would be huge.

“Employers will be relieved to hear this outcome, however this case does illustrate how fact specific issues of vicarious liability are, and not all employers will have the grit or will to fight the issue all the way up to the Supreme Court.”

However, she noted that the judgment comes with a “sting in the tail” – the Supreme Court said an employer can be held vicariously liable in situations where an employee commits a data breach “in the course of employment”.

Paul Holcroft, associate director at employment law consultancy Croner, said: “This long-awaited ruling from the Supreme Court seems to provide further clarity on vicarious liability, something that many employers are likely wary of.

“The fact that this case made it to the Supreme Court demonstrates that this can be an unclear area and will be fact specific. To this end, it is important that companies are prepared to respond quickly to any circumstances when they could face liability for the actions of their staff.”

Employee relations opportunities on Personnel Today

Browse more Employee Relations jobs

Ashleigh Webber
Ashleigh Webber

Ashleigh is editor at OHW+ and part of the Personnel Today editorial team. Prior to joining Personnel Today in 2018, she covered the road transport sector for Commercial Motor and Motor Transport.

previous post
Frontline health workers granted visa extension
next post
How HR can ride the tidal wave of a disrupted workforce

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

You may also like

Queen’s Speech: Exclusivity contracts for low-paid workers to...

9 May 2022

Ikea France fined €1m for spying on staff

15 Jun 2021

Goldman Sachs orders staff to disclose vaccine status

11 Jun 2021

Rail staff falsely promised bonus in cyber security...

11 May 2021

Could a blockchain health record help HR handle...

15 Mar 2021

Employee surveillance: getting the balance right

22 Jan 2021

Ensure workers have right to privacy when work...

20 Jan 2021

Vaccination and data protection: What do employers need...

18 Dec 2020

Seven key employment law cases from 2020

17 Dec 2020

Uber sued for ‘automated’ dismissals

27 Oct 2020
  • Apprenticeships are the solution to your recruitment problems PROMOTED | Apprenticeships have the pulling power...Read more
  • What it really means to be mentally fit PROMOTED | What is mental fitness...Read more
  • How music can help to ease anxiety at work PROMOTED | A lot has happened since March 2020, hasn’t it?...Read more
  • Why now is the time to plug the unhealthy gap PROMOTED | We’ve all heard the term ‘health is wealth’...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2022

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2022 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+