Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.
Home Business UK and abroad

Data breach ruling stark warning to all businesses

By Keith Findlay
The retailer is to process half a million Scottish lambs this year.
The retailer is to process half a million Scottish lambs this year.

A landmark High Court trial involving a huge leak of personal data by a former supermarket worker has potential implications for every business in the UK, a leading lawyer has warned.

The court has allowed a compensation claim by thousands of Morrisons staff whose personal details were posted on the internet.

It follows a security breach in 2014 when Andrew Skelton, a senior internal auditor at the retailer’s Bradford headquarters, leaked the payroll data of nearly 100,000 employees.

Names, addresses, bank account details and salaries were all put online and sent to newspapers.

A group of 5,518 former and current Morrisons employees said this exposed them to the risk of identity theft and potential financial loss, and that Morrisons was responsible for breaches of privacy, confidence and data protection laws.

They are seeking compensation for the upset and distress caused.

Morrisons said it could not be held liable for Skelton’s criminal misuse of the data and any other conclusion would be grossly unjust.

But the judge ruled that vicarious (indirect) liability, had been established.

In July 2015, Skelton was found guilty at Bradford Crown Court of fraud, securing unauthorised access to computer material and disclosing personal data and jailed for eight years.

The trial heard that his motive appeared to have been a grudge over a previous incident, when he was accused of dealing in legal highs at work.

Counsel Jonathan Barnes said the company had already been awarded £170,000 compensation against Skelton, and his other “victims” should be compensated too.

Anya Proops QC, for Morrisons, said Skelton had already caused serious damage to the firm, not least because it incurred more than £2million in costs. If the claim succeeded, it would open the door to the other 94,480 individuals affected.

Ms Proops said the novel issue of the extent to which a data controller/employer could be held liable under civil law in connection with the unauthorised, criminal misuse of third party data by an employee was of “huge importance” for all those who process personal data as a “data controller”.

She added: “This would obviously include not only commercial enterprises but also charities, governmental bodies, self-employed professionals, clubs, associations, non-governmental organisations and all manner of entities and persons who process data other than for domestic purposes.”