Morrisons Appeals Insider Breach Compensation Ruling

UK supermarket giant Morrisons is in the Court of Appeal this week fighting to have overturned a judgement that it should compensate employees after a major insider data leak.

A High Court judge ruled last year that the company was “vicariously liable” for the actions of one of its employees, former internal auditor Andrew Skelton, who published the personal details of 100,000 employees online and sent them to several newspapers.

The leaked data included NI numbers, birth dates and bank account details, and Skelton was eventually jailed for eight years back in 2015.

Morrisons argued at the time that it had already paid around £2m to mitigate the breach. However, it was also awarded £170,000 in compensation, while employees got nothing.

In the UK’s first class action lawsuit, over 5000 of these employees subsequently took the supermarket chain to court, demanding compensation for the “upset and distress” caused by disgruntled insider Skelton’s actions.

The retailer’s lawyers are arguing this week that their client cannot be held “vicariously liable” because the Data Protection Act 1998 — the legislation in place at the time of the incident — excludes vicarious liability.

Representing the claimants, JMW Solicitors data privacy specialist, Nick McAleenan, argued that Morrisons is looking to protect its £374m annual profits rather than recognize the impact of the breach on its employees.

“This is a classic David and Goliath case — the victims here are shelf-stackers, checkout staff and factory workers; just ordinary people doing their jobs,” he reportedly said.

“They were obligated to hand over sensitive financial and personal information to Morrisons — including national insurance numbers, dates of birth and bank account details — and had every right to expect that information to be kept confidential.”

Articles You May Like

QED and Partech back South African payment orchestration platform Revio in $5.2M seed
Simple Membership Plugin Flaws Expose WordPress Sites
VW bails on its plan for a $2.1B EV plant in Germany
Regulators close investigation into Blue Origin’s New Shepard anomaly
More than 30 US Banks Targeted in New Xenomorph Malware Campaign

Leave a Reply

Your email address will not be published. Required fields are marked *