What are you looking for?

12 October 2018 | Comment | Article by Louise Price

Morrisons appeals against data breach ruling

In 2014, a senior employee for Morrisons arranged for a file containing the personal details of almost 100,000 Morrisons employees to be posted on the internet. This employee had a particular grudge against Morrisons in relation to the way in which a previous disciplinary matter had been handled.

The employee was convicted and sentenced to eight years in prison, while his co-workers made a civil claim against Morrisons for compensation in relation to the data protection breach.

The High Court found that while Morrisons did not have primary liability for the breach, it was vicariously liable for the actions of the disgruntled employee. This was due to the fact that there was a sufficient connection between the acts that he carried out and his employment, including the fact that he had been entrusted with the data by Morrisons and that he had been acting as an employee throughout.

Morrisons was granted leave to appeal by the High Court and this process has now begun in the Court of Appeal. Employers will be watching the development of this case closely as it suggests they could be found to be vicariously liable for any employee misusing data even when an employer has done as much as reasonably possible to prevent the misuse of data, and is found to not be primarily at fault for the breach. This could also be the case if the misuse of data is intended to cause reputational or financial damage to the employer themselves.

The Employment team at Hugh James has considerable experience in all aspects of data protection and can be contacted further on 029 2267 5610.

Author bio

Louise Price


A highly specialised lawyer, Louise is a Partner and Head of Employment and HR services. Her expertise includes corporate support work, TUPE, pensions and employee benefits advice. She regularly advises private, public and third sector clients regarding large scale TUPE transfers of staff including drafting indemnities and warranties, advising on potential employment and pension liabilities, information and consultation obligations, and providing best value guidance.

Disclaimer: The information on the Hugh James website is for general information only and reflects the position at the date of publication. It does not constitute legal advice and should not be treated as such. If you would like to ensure the commentary reflects current legislation, case law or best practice, please contact the blog author.


Next steps

We’re here to get things moving. Drop a message to one of our experts and we’ll get straight back to you.

Call us: 033 3016 2222

Message us