Morrisons Data Breach – The Implications

Nicola Mullineux

Nicola Mullineux

blog-publish-date

31 Oct 2018

blog-read-duration

The recent case against Morrisons due to a data breach by one of its employees has far-reaching implications.

Where did this all start?

This all began in 2014, when an internal auditor at Morrisons posted the private data of more than 100,000 employees online. He was subsequently jailed for eight years. Following the result, over 5,000 affected employees brought a case against Morrisons itself, seeking compensation for the breach and the resulting impact it had on their lives.

The retailer argued that it was not liable for criminal misuse of the employees’ data.

After a long, gruelling period, the Court of Appeal upheld the judgement, and found Morrisons vicariously liable for the leak. Since the decision has been made, the retailer has said it will be taking the case to the Supreme Court.

What are the implications?

The leak of employee data was a direct attack against the company by a disgruntled employee, and from the company’s perspective, they may have thought they did all that was required of them to protect employees’ data. As the auditor was required to work with sensitive data, there was seemingly little they could do to restrict his access to it. However, this ruling states that the responsibility for keeping data secure falls to the organisation itself, meaning the employer is liable even if measures are in place to protect employee data.

Naturally, this has troubling implications for employers across the country who will now be wondering where they stand, and if this will bring an onslaught of claims relating to personal data against them.

The ruling will be challenged by Morrisons, meaning it may shift in the other direction, however as it stands, it is worth reviewing your privacy policies, your data protection policies and more to ensure you are doing all you can to avoid potential issues. The best defence is ensuring a breach doesn’t happen in the first place.

Start implementing this defence during the onboarding process with a new employee. Conduct background checks, and limit access to sensitive data from an early stage. If you haven’t already, have a clear company policy, and offer compliance training to everyone. When an employee leaves the company, make sure all accesses are revoked, data is removed, etc. Finally, ensure remote access to all work devices so data can be secured at a moment’s notice.

Expert Support

If you need expert advice on GDPR implications for employee data, or are concerned about your data protection policies, speak to a Croner expert on 0808 145 3385

About the Author

Nicola Mullineux

Nicola Mullineux, as Group Content Manager, leads a team of employment law content writers who produce guidance and commentary on employment law, case law and key HR developments. She has written articles for national publications for over 10 years and regularly helps to shape employment of the future by taking part in Government consultations on employment law change.

linkedin

Nicola Mullineux

Free to Download Employer Resources

  • Sample Health & Safety Communication and Consultation Policy

    FREE DOWNLOAD

    Sample Health & Safety Communication ...

    Download Croner's sample health & safety communication and consultation policy, here.

    Read more
  • Adverse Weather Policy

    FREE DOWNLOAD

    Adverse Weather Policy

    Here we’ve included a free sample adverse weather policy that UK business owners can refer to...

    Read more
  • Sample Data Protection Policy

    FREE DOWNLOAD

    Sample Data Protection Policy

    Here we’ve included a free sample data protection policy that UK business owners can refer to...

    Read more
  • Health & Safety Changes to Look Out For in 2019

    BLOG

    Health & Safety Changes to Look Out F...

    The news at the start of this year has been dominated by Brexit and its potentia...

    Read more
  • Understanding Wage Differentials and Identifying Factors That Affect It

    BLOG

    Understanding Wage Differentials and ...

    The first step to understanding wage differentials is knowing the distinction be...

    Read more
  • Is Sitting the New Smoking?

    BLOG

    Is Sitting the New Smoking?

    Did you know that people who sit for 13 hours a day have a 200% greater risk of ...

    Read more
  • Solicitors Benevolent Association

    CASE STUDY

    Solicitors Benevolent Association

    “The reason for using Croner was the high-profile track record and the credibili

    Read more
  • John Taylor Hospice

    CASE STUDY

    John Taylor Hospice

    “A large number of the queries are around employment law and rights in areas suc

    Read more
  • Motorsport Industry Association

    CASE STUDY

    Motorsport Industry Association

    “I’m so happy with the service Croner provide, I’d be hard pressed to find a fau

    Read more

Ready to focus on what you do best?

Get your free consultation and speak to an expert today.