Employers have been warned that the Morrison’s payroll data breach case could open the floodgates for employers being found liable for their employees’ misconduct.
A recent Court of Appeal decision found that Morrison’s was vicariously liable for its employee’s misuse of data, after a disgruntled worker published the payroll data of more than 100,000 staff online.
As a spokesperson from Penningtons Manches explains in a Lexology report: “Effectively, Morrisons didn’t do enough to stop it [the data leak], there was an unbroken chain from the disgruntled employee’s work to the disclosure, and the court held that Morrisons had the financial means to insure against this to compensate the victims.”
The judgment in this case has come under fierce criticism, with many being concerned about the difficulty of protecting data, particularly with regard to the expansion of remote working. The Court of Appeal suggested that employers can safeguard against this risk by insuring themselves against losses caused by dishonest or malicious employees.
“Whilst appearing a simplistic fix to a problematic issue, this has led many commentators to speculate that if employers are more easily held accountable for employee misconduct, insurers are less likely to insure against this more probable risk,” added Penningtons Manches’ spokesperson.
Although there is no clear way for employers to protect themselves against rouge employees, it is clear that stringent measures need to put in place to prevent data breaches wherever possible.