Security News > 2020 > April > At the Supreme Court, Morrisons pops data breach liability win into its trolley – but it's not a get-out-of-compo free card for businesses
Morrisons supermarket is not liable for the actions of a disgruntled employee who deliberately leaked nearly 100,000 employees' payroll data online, Britain's Supreme Court has ruled.
Supreme Court judge Lord Reed ruled: "First, the disclosure of the data on the internet did not form part of Skelton's functions or field of activities," also decreeing that previous findings by the High Court and Court of Appeal were mistaken in law.
In a case concerned with vicarious liability arising out of a relationship of employment, the court generally has to decide whether the wrongful conduct was so closely connected with acts the employee was authorised to do that, for the purposes of the liability of his employer, it may fairly and properly be regarded as done by the employee while acting in the ordinary course of his employment.
Nick McAleenan, lead solicitor for the employees, commented: "For the first time, the Supreme Court has established the legal principle that employers can now be legally responsible for data breaches caused by their employees - under the law of vicarious liability."
In contrast, Matthew Gill of law firm Wiggin LLP opined: "If the court's decision had gone the other way, Morrisons would have been liable to 100,000 of its employees for a breach of their data despite Morrisons having done everything it reasonably could have to protect that data. Other employers would have faced an untenable risk that if they were hit by a similar theft of data by an employee, they would be left wholly exposed."
News URL
Related news
- How to Prevent Your First AI Data Breach (source)
- Toyota confirms third-party data breach impacting customers (source)
- National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident (source)
- CannonDesign confirms Avos Locker ransomware data breach (source)
- Patelco notifies 726,000 customers of ransomware data breach (source)
- Nearly 1/3 of Companies Suffered a SaaS Data Breach in Last Year (source)
- Park’N Fly notifies 1 million customers of data breach (source)
- GDPR Data Breach Notification Letter (Free Download) (source)
- Business services giant CBIZ discloses customer data breach (source)
- A third of organizations suffered a SaaS data breach this year (source)