Tag Archives: vicarious liability

Morrisons loses appeal against class action data breach

By Cynthia O’Donoghue and Nona Keyhani on 5 November 2018 Posted in In the Courts

On 22 October 2018, the supermarket chain Morrisons lost its appeal to the High Court ruling that it is liable for a data breach that resulted in thousands of its employees’ personal data being posted online. The Court of Appeal’s (CoA) judgment can be found here. Over 5,000 Morrisons’ employees brought a class action in … Continue Reading

Morrisons found vicariously liable for a data breach committed by one of its employees

By Cynthia O’Donoghue, John O'Brien and Eleanor Brooks on 12 December 2017 Posted in Global Data Transfers, Privacy & Data Protection

Following a recent ruling by the High Court against WM Morrisons Supermarket PLC (“Morrisons”), employers may now find themselves vicariously liable for data breaches perpetrated by their employees (https://www.judiciary.gov.uk/judgments/various-claimants-v-wm-morrisons-supermarket-plc/). Background In 2014, it was discovered that a file containing the pay roll data of 99,998 Morrisons’ employees had been uploaded to a file sharing website. … Continue Reading