Morrisons Data Breach – The Implications

Nicola Mullineux

Nicola Mullineux

blog-publish-date

31 Oct 2018

blog-read-duration

The recent case against Morrisons due to a data breach by one of its employees has far-reaching implications.

Where did this all start?

This all began in 2014, when an internal auditor at Morrisons posted the private data of more than 100,000 employees online. He was subsequently jailed for eight years. Following the result, over 5,000 affected employees brought a case against Morrisons itself, seeking compensation for the breach and the resulting impact it had on their lives.

The retailer argued that it was not liable for criminal misuse of the employees’ data.

After a long, gruelling period, the Court of Appeal upheld the judgement, and found Morrisons vicariously liable for the leak. Since the decision has been made, the retailer has said it will be taking the case to the Supreme Court.

What are the implications?

The leak of employee data was a direct attack against the company by a disgruntled employee, and from the company’s perspective, they may have thought they did all that was required of them to protect employees’ data. As the auditor was required to work with sensitive data, there was seemingly little they could do to restrict his access to it. However, this ruling states that the responsibility for keeping data secure falls to the organisation itself, meaning the employer is liable even if measures are in place to protect employee data.

Naturally, this has troubling implications for employers across the country who will now be wondering where they stand, and if this will bring an onslaught of claims relating to personal data against them.

The ruling will be challenged by Morrisons, meaning it may shift in the other direction, however as it stands, it is worth reviewing your privacy policies, your data protection policies and more to ensure you are doing all you can to avoid potential issues. The best defence is ensuring a breach doesn’t happen in the first place.

Start implementing this defence during the onboarding process with a new employee. Conduct background checks, and limit access to sensitive data from an early stage. If you haven’t already, have a clear company policy, and offer compliance training to everyone. When an employee leaves the company, make sure all accesses are revoked, data is removed, etc. Finally, ensure remote access to all work devices so data can be secured at a moment’s notice.

Expert Support

If you need expert advice on GDPR implications for employee data, or are concerned about your data protection policies, speak to a Croner expert on 0808 145 3385

About the Author

Nicola Mullineux

Nicola Mullineux, as Group Content Manager, leads a team of employment law content writers who produce guidance and commentary on employment law, case law and key HR developments. She has written articles for national publications for over 10 years and regularly helps to shape employment of the future by taking part in Government consultations on employment law change.

linkedin

Nicola Mullineux

Free to Download Employer Resources

  • Sample Mental Health Policy

    FREE DOWNLOAD

    Sample Mental Health Policy

    Read more
  • Disciplinary Letter Template

    FREE DOWNLOAD

    Disciplinary Letter Template

    Read more
  • H&S Risks of Sleep in Shifts

    FREE DOWNLOAD

    H&S Risks of Sleep in Shifts

    Read more
  • Cricket World Cup: Dealing with Sporting Events in the Workplace

    BLOG

    Cricket World Cup: Dealing with Sport...

    The 2019 Cricket World Cup will run from 30th May through to 14th July. Matches ...

    Read more
  • What are the benefits of benchmarking?

    BLOG

    What are the benefits of benchmarking...

    Salary benchmarking is no doubt a term you’ve come across, especially if you wor...

    Read more
  • Office Dogs: Good Idea or Bad Idea?

    BLOG

    Office Dogs: Good Idea or Bad Idea?

    So, I was going to write about Brexit this month. But we’re not doing that now. ...

    Read more
  • Numark

    CASE STUDY

    Numark

    Numark serve as a virtual head office for independent pharmacies on the high str...

    Read more
  • Gilmour Quinn

    CASE STUDY

    Gilmour Quinn

    Gilmour Quinn Financial Planning Ltd is, as the name suggests, a small financial...

    Read more
  • Wardman Brown

    CASE STUDY

    Wardman Brown

    "I would say it has has a noticeable impact, in particular it has improved the H

    Read more

Ready to focus on what you do best?

Get your free consultation and speak to an expert today.