We are pleased to be able to open our offices to clients and visitors once more as of 1 July 2020. All visits will be by appointment only.


To enable us to welcome you to the office in line with current Government advice, we have put strict guidelines in place to ensure the health and safety of our clients/visitors and our staff.


Please ensure you read our guidelines below BEFORE visiting our offices and follow them during your visit: Click here for full guidelines


23 Oct 2018


Data Breaches – Warning

Data Breaches – Various Claimants v WM Morrisons Supermarket

The Court of Appeal has upheld a ruling that an employer is vicariously liable for the actions of a rogue employee who caused the personal information of 100,000 employees to be posted onto the internet. Following disciplinary action, the employee released the personal payroll data of tens of thousands of employees onto a file sharing website. The employee was arrested, charged and convicted with fraud under the Computer Misuse Act 1995 and under Section 55 of the Data Protection Act 1988.

A large number of Morrisons’ employees brought a group civil claim against Morrisons for compensation, arguing that it had failed to safeguard their personal data.

The Court of Appeal upheld the High Court ruling that there was a sufficient connection with the employee’s duties and his wrongdoing for the employer to be vicariously liable. This was a case brought under the Data Protection Act 1988. Given the widescale data breach, post-May 2018, Morrisons could have been exposed to a significant fine of up to 4% of turnover as well as a claim for significant damages.

The case highlights that increasingly employees are aware of their right to take action in relation to personal data breaches and that employers still need to be taking steps to ensure compliance with their obligations under GDPR.

Share post