Data protection leak costs Morrisons in class action
Morrisons supermarket chain has been found liable for a former employee leaking personal information about nearly 100,000 members of staff in a landmark case which could prompt companies to limit workers’ access to data. The ruling opens the way to potential compensation for the workers, although the supermarket chain said it would appeal against the judgment.
In the UK’s first data protection class action, thousands of staff sued Morrisons after their personal details were leaked online by a senior IT employee in 2014. Information including salaries, national insurance numbers, dates of birth and bank account details were also sent to a number of newspapers.
At the time that the employee was imprisoned he was found to have held a grudge and the judge in the case found that Morrisons had provided “adequate and appropriate controls” and did not know or ought to have known that he posed a threat.
However, the high court has now ruled that Morrisons was legally responsible for the data leak, leaving businesses shocked as the court’s ruling has sharply increased the amount of responsibility a business has for the unlawful activities of disgruntled employees not acting in the course of their employment. Employers must now be far more careful about what information employees have access to and ensure that their termination processes include ensuring that ex-employees cannot misuse or access data!