Thousands of Morrisons Staff in Line for Compensation Following Data Breach
- Date: Wednesday 20th December 2017
- PDF: Download
JM Morrison is expected to pay compensation to thousands of staff after a disgruntled employee leaked payroll data online and sent it to a local newspaper. The employee who was based at the head office in Bradford has subsequently been jailed for his actions.
5,518 past and present employees were successful in a claim taken to the High Court that the supermarket chain should have prevented the data breach which resulted in their names, addresses, bank account details and salaries being posted online. In total, nearly 100,000 employees were affected by the breach.
The High Court found that the Company was vicariously liable and sets a precedent for business that hold data on their staff. Part of the finding was that staff could claim for compensation without proof of financial loss.
In response, the Company stated, “the judge found that Morrisons was not at fault in the way it protected colleagues’ data, but he did find that the law holds us responsible for the actions of that former employee, whose criminal actions were targeted at the company and our colleagues.”
The key learning points for organisations from this case are:
- They are completely responsible for the data they hold
- They need to control the way employees access and handle data
- They need to mitigate for “the unpredictable human element”
Source: Gavin Parrott, SSG