High Court judge rules in favour of Morrisons workers in data leak claims

By

Sharecast News | 01 Dec, 2017

Britain's high court has accepted a compensation claim made by more than five thousand current and former Morrisons staff whose personal details leaked on to the internet, a case that could have far reaching implications for every person and business in the UK.

In 2014, Andrew Skelton, a senior internal auditor at Morrisons, began posting the payroll data of nearly 100,000 employees online, including everything from their names and addresses to bank account details and salaries.

Of those affected, 5,518 claimed the leaks had exposed them to the risk of identity theft and potential financial loss, which was why they were now seeking compensation, holding Morrisons responsible for the privacy, confidence and data protection law breaches.

Morrisons protested against the accusations and claimed no wrongdoing was done as it could not be held directly or indirectly responsible for Skelton's crimes and that any other conclusion would be grossly unjust.

Skelton was found guilty of fraud, securing unauthorised access to computer material and disclosing personal data in 2015. He was jailed for eight years.

After Justice Langstaff ruled in favour of liability on Friday, Nick McAleenan, of JMW Solicitors, said, "The High Court has ruled that Morrisons was legally responsible for the data leak.

"We welcome the judgement and believe that it is a landmark decision, being the first data leak class action in the UK."

However, Langstaff claimed vicarious liability had been established, but not primary liability.

He said, "I hold that the Data Protection Act (DPA) does not impose primary liability upon Morrisons; that Morrisons have not been proved to be at fault by breaking any of the data protection principles, save in one respect which was not causative of any loss; and that neither primary liability for misuse of private information nor breach of confidentiality can be established.

"I reject, however, the arguments that the DPA upon a proper interpretation is such that no vicarious liability can be established, and that its terms are such as to exclude vicarious liability even in respect of actions for misuse of private information or breach of confidentiality."

As of 1620 GMT, shares had dropped 0.55% to 215.10p.

Last news

Gatemore Capital calls on Elementis to replace CEO
European economic sentiment takes a hit in April
Zenova inks £2.4m paint supply deal
Barclays downgrades JD Sports on Hibbett acquisition
DP Poland reports robust first quarter of trading