Morrisons Data Breach – The Implications

Nicola Mullineux

Nicola Mullineux

blog-publish-date

31 Oct 2018

blog-read-duration

The recent case against Morrisons due to a data breach by one of its employees has far-reaching implications.

Where did this all start?

This all began in 2014, when an internal auditor at Morrisons posted the private data of more than 100,000 employees online. He was subsequently jailed for eight years. Following the result, over 5,000 affected employees brought a case against Morrisons itself, seeking compensation for the breach and the resulting impact it had on their lives.

The retailer argued that it was not liable for criminal misuse of the employees’ data.

After a long, gruelling period, the Court of Appeal upheld the judgement, and found Morrisons vicariously liable for the leak. Since the decision has been made, the retailer has said it will be taking the case to the Supreme Court.

What are the implications?

The leak of employee data was a direct attack against the company by a disgruntled employee, and from the company’s perspective, they may have thought they did all that was required of them to protect employees’ data. As the auditor was required to work with sensitive data, there was seemingly little they could do to restrict his access to it. However, this ruling states that the responsibility for keeping data secure falls to the organisation itself, meaning the employer is liable even if measures are in place to protect employee data.

Naturally, this has troubling implications for employers across the country who will now be wondering where they stand, and if this will bring an onslaught of claims relating to personal data against them.

The ruling will be challenged by Morrisons, meaning it may shift in the other direction, however as it stands, it is worth reviewing your privacy policies, your data protection policies and more to ensure you are doing all you can to avoid potential issues. The best defence is ensuring a breach doesn’t happen in the first place.

Start implementing this defence during the onboarding process with a new employee. Conduct background checks, and limit access to sensitive data from an early stage. If you haven’t already, have a clear company policy, and offer compliance training to everyone. When an employee leaves the company, make sure all accesses are revoked, data is removed, etc. Finally, ensure remote access to all work devices so data can be secured at a moment’s notice.

Expert Support

If you need expert advice on GDPR implications for employee data, or are concerned about your data protection policies, speak to a Croner expert on 0808 145 3385

About the Author

Nicola Mullineux

Nicola Mullineux, as Group Content Manager, leads a team of employment law content writers who produce guidance and commentary on employment law, case law and key HR developments. She has written articles for national publications for over 10 years and regularly helps to shape employment of the future by taking part in Government consultations on employment law change.

linkedin

Nicola Mullineux

Free to Download Employer Resources

  • Model Apprenticeship Agreement

    FREE DOWNLOAD

    Model Apprenticeship Agreement

    Read more
  • Sample COSHH Assessment Record

    FREE DOWNLOAD

    Sample COSHH Assessment Record

    Read more
  • Return to Work Interview Form

    FREE DOWNLOAD

    Return to Work Interview Form

    Read more
  • BLOG

    Avoiding Slips, Trips and Falls in th...

    Whether your staff is in an office or on a construction site, every workplace ha...

    Read more
  • BLOG

    Daylight Saving Time: The Implication...

    Daylight Saving Time is coming to an end on Sunday 27 October, with the clocks g...

    Read more
  • BLOG

    Top Tips to De-escalate Conflict

    Conflict can take many forms. Whatever the nature of the conflict, it's in your...

    Read more
  • REC

    CASE STUDY

    REC

    The events are brilliant. Amanda Chadwick, one of the expert speakers, is a very

    Read more
  • Grantley Hall

    CASE STUDY

    Grantley Hall

    Whenever we have a sensitive issue - sometimes involving individuals with protec

    Read more
  • Lady Heyes Holiday Park

    CASE STUDY

    Lady Heyes Holiday Park

    Overall it's definitely had a noticeable impact on the business and how I perfor

    Read more

Do you have any questions?

Get a free callback from one of our regional experts today