Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Tina Cowen
    • D A T Green
    • Karthyaeni Vittala
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Mark Clough
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina Korgol
    • Maria Constantin
    • Sophia Yakhno
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

Morrisons Supreme Court Hearing for Deliberate Data Breach by an Employee

November 8, 2019By Joanna Coombs-Huang

In October 2018 the Court of Appeal upheld the High Court ruling against Morrisons, by finding there to be sufficient connection between Andrew Skelton’s role as a senior internal auditor for the grocery chain, and his conduct in having access to sensitive employee information and disclosing it in a deliberate breach of data privacy regulations. The basis of the ruling was a vicarious liability, where employers may be held liable for damages when their employee causes personal injury or other loss to another person through their actions while at work. This civil case has been brought on behalf of the employees of Morrisons whose data had been disclosed. It is worth noting that Morrisons acted swiftly to remove the personal data posted and notified authorities regarding the breach, and was found to have had in place appropriate data protection methods and avoided regulatory action and potentially a fine.

There is particular interest in this ruling as Mr. Skelton held a grudge against Morrisons and deliberately disclosed the personal data seeking to damage his employer. Mr. Skelton was found guilty, in the Bradford Crown Court in 2015, of the criminal charges of fraud by abuse of a position of trust, unauthorised access to data with the intent of committing an offence, and disclosing personal data. He was sentenced to 8 years imprisonment.

The Supreme Court is now considering the appeal, on the 6 and 7 November 2019, of Morrison’s vicarious liability, and the extent that data protection law is definitive with regards to remedies. The claimants in the case are the employees, numbering over 5000 and who are now seeking compensation in the case. Though there is no suggestion that all of the claimants are able to demonstrate financial hardship or loss due to the breach. If the claim against Morrisons is successful in the Supreme Court, a further hearing to consider the quantum of damages for the claimants will be held, where the damages are likely to be largely based on distress associated with the data breach.

The decision from the Supreme Court will be closely attended to by many companies as it could shape the vicarious liability threshold regarding criminal or fraudulent actions commited by disgruntled employees. However, with the growing sensitivity, scrutiny and regulatory risks arising from personal data breaches (and the increasing scale of cyber attacks against companies), organisations should in any event review their internal data protection compliance, legal and IT security policies and procedures to ensure their risks are mitigated.

This blog post will be updated as events unfold.

Please contact Jose Saras and Joanna Coombs-Huang if you have any questions relating to data protection policies and procedures.

Latest Preiskel & Co blog posts
  • Claim against NHS Trust for breach of DPA 1998 and misuse of private information dismissed
    April 28, 2022
  • TikTok Class action for the Misuse of Child Personal Data
    April 28, 2022
  • ICO consultation on draft guidance for the research provisions within the UK GDPR and the DPA 2018
    April 20, 2022
  • European Strategy for Artificial Intelligence – a framework to regulate AI and its potential impact on the UK
    April 19, 2022
  • Meta hit by 17 million euro fine by Irish regulator
    April 19, 2022
  • Ofcom has mandated that telecoms providers ensure British Sign Language (BSL) for 999
    March 18, 2022
  • Ofcom publishes statement on the future of telephone numbers
    March 15, 2022
  • German court sends biometric data questions to the ECJ
    February 23, 2022
  • Meta fined £1.5m by CMA
    February 7, 2022
  • International data transfer agreement and addendum laid before Parliament
    February 4, 2022
  • CMA publishes statement of scope in music and streaming market study
    February 1, 2022
  • Google Privacy Sandbox faces European Commission complaint from German publishers
    January 24, 2022

The Preiskel Blog

  • Claim against NHS Trust for breach of DPA 1998 and misuse of private information dismissed 28 Apr 2022
  • TikTok Class action for the Misuse of Child Personal Data 28 Apr 2022
  • ICO consultation on draft guidance for the research provisions within the UK GDPR and the DPA 2018 20 Apr 2022
  • European Strategy for Artificial Intelligence – a framework to regulate AI and its potential impact on the UK 19 Apr 2022

Preiskel news

  • Daniel Preiskel and Xavier Prida lecturing to Academia Mexicana del Derecho Informático and Abogado Digital
  • Preiskel & Co advises Mexico-based premium content production company Dopamine
  • Danny Preiskel was ranked as a Global Elite Thought Leader in Telecoms & Media by WhosWhoLegal Data 2022
  • Danny Preiskel featured in GCCM (Global Carrier Community Magazine)
Preiskel tweets
  • @jwrosewell @m4aow @w3c @IABTechLab Our pleasure!60 days ago
  • RT @jwrosewell: Great work from @Preiskel and the whole @m4aow team. Thank you. Much for @w3c, @IABTechLab, and others to consider in this…60 days ago
  • RT @TC_4KBW: Google’s battle with publishers shows that at every turn it seeks to block others from competing. it blocked header bidding, b…60 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2022 | Site map | Legal notices | Privacy | Cookie Policy | Privacy | Fraud Notice