Supermarket Morrisons has been granted permission to appeal a High Court ruling which held the organisation partly liable for a security breach which led to the payroll data of around 10,000 staff being posted online.
Andrew Skelton, who was senior auditor at the organisation’s Bradford headquarters, posted the workers’ names, addresses, bank account details and salaries online in 2014, and was jailed for eight years for the offence in 2015.
Some 5,518 of the employees sought damages through the courts for the distress caused. In December 2017, the High Court ruled that Morrisons was vicariously liable for the criminal misuse of data.
The supermarket took the case to the Court of Appeal, but the judges backed the ruling of the lower court.
Morrisons then applied to the Supreme Court for permission to appeal, which was granted on 15 April 2019.
Nick McAleenan, partner and data privacy law specialist at JMW Solicitors, which is representing the claimants, said: “While the decision to grant permission for a further appeal is of course disappointing for the claimants, we have every confidence that the right verdict will, once again, be reached.
"It cannot be right that there should be no legal recourse where employee information is handed in good faith to one of the largest companies in the UK and then leaked on such a large scale."
McAleenan added: “This was a very serious data breach which affected more than 100,000 Morrisons’ employees. They were obliged to hand over sensitive personal and financial information and had every right to expect it to remain confidential. Instead, they were caused upset and distress by the copying and uploading of the information.”
