Preiskel & CoPreiskel & Co
Preiskel & Co
A boutique law firm in London
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Karthyaeni Vittala
    • Tina Cowen
    • Xavier Prida
    • Martina Raciti
    • Ewelina James
    • Rachael Machado
    • Maria Constantin
    • Peter Dally
    • Richard Stewart
    • Joanna Coombs-Huang
    • Paul Stelges
    • Hannah Leader
    • Alison MacFarlane
    • Ilanit Appelfeld
    • Daniel Oakland
    • Sophia Yakhno
    • Sue Warwick
    • D A T Green
    • Antony Corel
    • Stewart White
    • Mor Swiel
    • Stephen Hornsby
    • Tony Curzon-Price
    • Robert Harvey
    • Shardi Shameli
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

Morrisons Supreme Court Hearing for Deliberate Data Breach by an Employee

November 8, 2019By Joanna Coombs-Huang

In October 2018 the Court of Appeal upheld the High Court ruling against Morrisons, by finding there to be sufficient connection between Andrew Skelton’s role as a senior internal auditor for the grocery chain, and his conduct in having access to sensitive employee information and disclosing it in a deliberate breach of data privacy regulations. The basis of the ruling was a vicarious liability, where employers may be held liable for damages when their employee causes personal injury or other loss to another person through their actions while at work. This civil case has been brought on behalf of the employees of Morrisons whose data had been disclosed. It is worth noting that Morrisons acted swiftly to remove the personal data posted and notified authorities regarding the breach, and was found to have had in place appropriate data protection methods and avoided regulatory action and potentially a fine.

There is particular interest in this ruling as Mr. Skelton held a grudge against Morrisons and deliberately disclosed the personal data seeking to damage his employer. Mr. Skelton was found guilty, in the Bradford Crown Court in 2015, of the criminal charges of fraud by abuse of a position of trust, unauthorised access to data with the intent of committing an offence, and disclosing personal data. He was sentenced to 8 years imprisonment.

The Supreme Court is now considering the appeal, on the 6 and 7 November 2019, of Morrison’s vicarious liability, and the extent that data protection law is definitive with regards to remedies. The claimants in the case are the employees, numbering over 5000 and who are now seeking compensation in the case. Though there is no suggestion that all of the claimants are able to demonstrate financial hardship or loss due to the breach. If the claim against Morrisons is successful in the Supreme Court, a further hearing to consider the quantum of damages for the claimants will be held, where the damages are likely to be largely based on distress associated with the data breach.

The decision from the Supreme Court will be closely attended to by many companies as it could shape the vicarious liability threshold regarding criminal or fraudulent actions commited by disgruntled employees. However, with the growing sensitivity, scrutiny and regulatory risks arising from personal data breaches (and the increasing scale of cyber attacks against companies), organisations should in any event review their internal data protection compliance, legal and IT security policies and procedures to ensure their risks are mitigated.

This blog post will be updated as events unfold.

Please contact Jose Saras and Joanna Coombs-Huang if you have any questions relating to data protection policies and procedures.

Latest Preiskel & Co blog posts
  • CMA AI Report: The Foundation of the UK’s AI Response
    September 21, 2023
  • Navigating Health Data Compliance: A Roadmap for Employers
    September 21, 2023
  • Transatlantic convergence? Recent cases on advertising and privacy from the USA and UK
    September 15, 2023
  • Practical Guide – Net Neutrality in the UK
    September 14, 2023
  • Virgin succeeded in defending a claim by EE for loss of EE’s profits caused by Virgin’s breach of the MVNO Exclusivity Clause
    September 12, 2023
  • Getting out of a (data) scrape: global statement published for the protection of publicly accessible personal data online
    September 8, 2023
  • The dark side of design: the ICO and CMA call for businesses to rethink their website layouts
    August 18, 2023
  • Could the Supreme Court’s ruling on litigation funding agreements cause havoc for litigation funders?
    August 17, 2023
  • US Threats of a ‘Te(ch)xodus’ from the UK?
    August 17, 2023
  • Smoother Sailing for EU-US Data Transfers after GDPR Adequacy Decision
    August 4, 2023
  • Unlocking Data Flows: EU-US Data Privacy Framework Receives Adequacy Decision
    July 13, 2023
  • UK’s World Leading Approach on Artificial Intelligence – White Paper outlines 5 guideline principles for responsible use of AI
    July 5, 2023

The Preiskel Blog

  • CMA AI Report: The Foundation of the UK’s AI Response 21 Sep 2023
  • Navigating Health Data Compliance: A Roadmap for Employers 21 Sep 2023
  • Transatlantic convergence? Recent cases on advertising and privacy from the USA and UK 15 Sep 2023
  • Practical Guide – Net Neutrality in the UK 14 Sep 2023

Preiskel news

  • Practical Guide – Net Neutrality in the UK
  • Danny Preiskel featured in GCCM Magazine (June/July 2023 issue 55)  
  • Danny Preiskel moderating a panel at the MEF Connects – The Future of Fraud Prevention event (5th September 2023, hybrid)
  • Preiskel & Co advised TMT Analysis on the acquisition of Phronesis Technologies
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2023 | Site map | Legal notices | Cookie Policy | Privacy