In July 2013, a begrudged Morrisons employee, who posted staff data on the internet was jailed for eight years and found guilty of fraud. Andrew Skelton, 43, leaked details of nearly 100,000 supermarket staff following an accusation of dealing in legal highs at work. He tried to cover his tracks by setting up a fake email account using a colleague’s details.
Skelton abused his position as a senior internal auditor at the supermarket’s head office in Bradford. He distributed information about staff salaries, bank details and National Insurance numbers to several newspapers and uploaded it onto data sharing websites. This significant data breach cost Morrisons more than £2m to rectify.
“Andrew Skelton’s motive appears to have been a personal grievance over a previous incident where he was accused of dealing in legal highs at work.” David Holderness, from the Crown Prosecution Service, adding; “The potential loss to his victims and the sheer quantity of potentially compromised data was very significant and could have resulted in employees’ identities being stolen.”
As a result, in a separate proceeding, Morrisons was sued by over 5000 employees for misusing their private information, breach of confidence as well as a breach of Data Protection Act. Whilst the company was not at fault the judge found them to be vicariously liable for the actions of an irresponsible employee.
The case is significant for all employers who have employees, who as a part of their job, are required to handle a confidential company data. Morrison’s appeal of the decision was rejected by the Court of Appeal. The court could not see a reason why the concept of vicarious liability should not be applied to Data Protection Act.
It was ruled that Morrissons had been ignorant and trusted Mr. Skelton with payroll data. Skelton’s act in sending the data across to third party websites was within the scope of activities assigned to him. Even though Skelton caused the damage sitting at home using his own computer, there was not enough connection between what he did and his employment. The guidance from the Court of Appeal was that employers should have liability insurance in place to protect against a cyber data breach by one of their employees.
If you think your confidential data has been misused by your employer our Employment Law Solicitors can assist with all types of claims. Naturally, we pride ourselves on providing the best possible service to the highest standards, we can provide free employment law advice on all problems.
Call us on 0800 756 6605 or 020 3923 4777