Tag Archives: Data Protection Act 1988

Morrisons found vicariously liable for a data breach committed by one of its employees

Following a recent ruling by the High Court against WM Morrisons Supermarket PLC (“Morrisons”), employers may now find themselves vicariously liable for data breaches perpetrated by their employees (https://www.judiciary.gov.uk/judgments/various-claimants-v-wm-morrisons-supermarket-plc/). Background In 2014, it was discovered that a file containing the pay roll data of 99,998 Morrisons’ employees had been uploaded to a file sharing website. … Continue Reading

UK Data Protection Authority publishes new guidance and checklist on direct marketing.

UK data protection authority, the Information Commissioner’s Office (ICO), has published new guidance, an accompanying checklist, and an at-a-glance guide to help organisations understand the rules governing direct marketing under the Data Protection Act 1988 (DPA), and the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR). The ICO guidance attempts to clarify direct … Continue Reading
LexBlog