Unsolicited telephone calls misusing our name - We do not nuisance cold call -
Have a question? Call us on 0800 1979 345
This article was published on January 8th, 2019
Yes, the Court of Appeal has said in Morrisons v Various Claimants. Mr Skelton was an internal auditor at Morrisons. He had been recently disciplined and held a grudge against the company. He took sensitive personal data relating to thousands of employees and posted it online. He then told newspapers it was there. The data included names, bank details and salary information.
Mr Skelton was convicted of fraud and various other offences. He was sentenced to 8 years in prison. The employees sued Morrisons. Among other things, the employees claimed that Morrisons was vicariously liable for the actions of Mr Skelton in leaking the data.
The Court of Appeal agreed that Morrisons was vicariously liable. There was enough connection between Mr Skelton’s job role and the conduct in question. Mr Skelton’s motive (to cause harm to the employer) was irrelevant.
The Court highlighted that to conclude otherwise might leave an individual who suffered financial loss (because of a data breach) with no recourse except against the perpetrator. The Court advised that employers should insure against the risk of losses caused by dishonest or malicious employees.
This is a worrying case for employers. The safe storage of personal data is vital for employers. Insurance should be secured if it is not already in place. The actions of even the most trusted employees should be monitored. Particular attention should be paid to employees who might bear grudges due to recent disciplinary or grievance proceedings.