Morrisons could face a massive payout after losing a legal challenge against a ruling that opened the gate to compensation claims from thousands of staff whose personal details were leaked online.

The case centred on a security breach in 2014 when Andrew Skelton, a senior internal auditor at the supermarket’s Bradford headquarters, leaked the payroll data of around 100,000 employees, including their names, addresses, bank account details and salaries.

A group of 5,518 former and current staff who were affected by the breach are seeking compensation for the upset and distress caused by the incident, and said Morrisons was responsible for breaches of privacy, confidence and data protection laws.

Join Indpendent Minds

For exclusive articles, events and an advertising-free read for just £5.99 €6.99 $9.99 a month

Get the best of The Independent

With an Independent Minds subscription for just £5.99 €6.99 $9.99 a month

Get the best of The Independent

Without the ads – for just £5.99 €6.99 $9.99 a month

The company said it could not be held directly or vicariously liable for the criminal misuse of the data, however, in December last year the High Court found that Morrisons was vicariously liable for the breach.

Mr Skelton was previously found guilty of fraud at Bradford Crown Court of fraud, securing unauthorised access to computer material and disclosing personal data, and was subsequently jailed for eight years.

During the appeal hearing, Anya Proops QC, for Morrisons, told the judges that, if the High Court decision was allowed to stand, the company was exposed to "compensation claims on a potentially vast scale".

On Monday, the Court of Appeal dismissed Morrisons’ appeal, in a ruling that has implications for other UK companies  

Nick McAleenan, a partner and data privacy law specialist at JMW Solicitors, who represents the claimants, said: "The claimants are obviously delighted with the Court of Appeal's ruling. The judges unanimously and robustly dismissed Morrisons' legal arguments.

"These shop and factory workers have held one of the UK's biggest organisations to account and won - and convincingly so. This latest judgment provides reassurance to the many millions of people in this country whose own data is held by their employer.”

He added: "The judgment is a wake-up call for business. People care about what happens to their personal information.

"They expect large corporations to take responsibility when things go wrong in their own business and cause harm to innocent victims. It's important to remember that data protection is not solely about protecting information - it's about protecting people."

Support free-thinking journalism and subscribe to Independent Minds

A spokesman for Morrisons said: "A former employee of Morrisons used his position to steal data about our colleagues and then place it on the internet and he's been found guilty for his crimes.

"Morrisons has not been blamed by the courts for the way it protected colleagues' data but they have found that we are responsible for the actions of that former employee, even though his criminal actions were targeted at the company and our colleagues.

"Morrisons worked to get the data taken down quickly, provide protection for those colleagues and reassure them that they would not be financially disadvantaged.

"In fact, we are not aware that anybody suffered any direct financial loss. We believe we should not be held responsible so that's why we will now appeal to the Supreme Court."

Additional reporting by newswires

Comments

Share your thoughts and debate the big issues

Learn more
Please be respectful when making a comment and adhere to our Community Guidelines.
  • You may not agree with our views, or other users’, but please respond to them respectfully
  • Swearing, personal abuse, racism, sexism, homophobia and other discriminatory or inciteful language is not acceptable
  • Do not impersonate other users or reveal private information about third parties
  • We reserve the right to delete inappropriate posts and ban offending users without notification

You can find our Community Guidelines in full here.

  • Newest first
  • Oldest first
  • Most liked
  • Least liked
Loading comments...
Please be respectful when making a comment and adhere to our Community Guidelines.

Community Guidelines

  • You may not agree with our views, or other users’, but please respond to them respectfully
  • Swearing, personal abuse, racism, sexism, homophobia and other discriminatory or inciteful language is not acceptable
  • Do not impersonate other users or reveal private information about third parties
  • We reserve the right to delete inappropriate posts and ban offending users without notification

You can find our Community Guidelines in full here.

  • Newest first
  • Oldest first
  • Most liked
  • Least liked
Loading comments...