Home Login Contact

Contact us...

+44 (0) 208 133 0242

Morrisons found not vicariously liable for data breach

Lucky for Morrisons

4th April 2020

The UK's top court has ruled that Morrisons can't be held liable for a 2014 data leak affecting the personal payroll data of around 100,000 workers.

In the first class action of it's kind, involving 2,000 of the workers, two lower courts had ruled that the retailer didn't have primary liability but was vicariously liable.

This would seems similar to holding the government directly liable for every crime that happens in the UK.

The Supreme Court found the former employee Andrew Skelton (a senior IT auditor who had legitimate authority to hold the data, and was convicted over the data leak and sentenced to an eight-year prison term) was engaged in a personal vendetta.

In such a case his employer is not deemed vicariously liable.

Contact us for support

Got a comment or request?

Need help with data protection or information security?

Contact us for advice, assurance, audit, training, vDPO, vCISO, outsourced partnership.

+44 (0) 208 133 0242