
Yesterday, Morrisons lost its challenge to a High Court ruling that it is liable for a data breach that saw thousands of its employees’ details posted online.
The Court of Appeal upheld the original decision against the supermarket, issued in December 2017.
Workers brought a claim against the company after an employee stole data, including salary and bank details, of nearly 100, 000 staff.
When are employers liable for a data breach?
Employers can be vicariously liable for the acts carried out by their employees in the course of their employment. This means the employer will be held responsible and will have to pay compensation to those who have suffered loss or damage as a result of their employees? acts, even if they havent expressly authorised the employee to carry out the particular act.
Whether the employee is acting in the course of the employment is examined broadly, by assessing whether there is a close connection between their field of activities and the wrongful act.