Employers Can Be Vicariously Liable for Employee Data Breaches

The United Kingdom High Court recently issued a landmark liability judgment against the supermarket, Morrisons, following a data breach caused by a rogue employee (Various Claimants v. WM Morrisons Supermarket [2017] EWHC3113 (QB]). Similar results have been reached in the U.S., but this is the first time the UK Court has addressed the issue of whether an employer can be held vicariously liable under the UK’s Data Protection Act 1998 (DPA) (c 29) for a data breach committed by an employee. These kinds of cases are important reminders that irrespective of jurisdiction, malicious insiders, in particular disgruntled former employees, with access to data that external hackers can’t easily reach, often cause some of the most costly data breaches. Morrisons The press, in 2014, discovered that a Morrisons payroll file containing personal data of nearly 100,000 employees was uploaded to a public website. The employee personal data exposed included names,…

Read more detail on Recent Employment Law posts –

This entry was posted in Employment and Labour Law and tagged , , , , , . Bookmark the permalink.

Leave a Reply