The supermarket chain Morrisons has been found to be vicariously liable for the leak of the personal data of employees by its former Senior IT Auditor, Andrew Skelton.
The claim is a landmark group data protection action by 5,518 employees. The trial of the claims of 10 lead claimants took place before Langstaff J on 9 to 19 October 2017.
In a judgment handed down today (Various Claimants v Wm Morrisons Supermarket plc [2017] EWHC 3113 (QB))[pdf] the judge held that the defendant supermarket was vicariously liable for Mr Skelton’s data breach.
He rejected the claimants’ argument that Morrisons were under a primary liability to the claimants. However, he also rejected the Morrisons’ argument that, on a proper interpretation, the DPA excluded vicarious liability, even in respect of actions for misuse of private information and breach of confidence. The Judge gave permission to appeal.
The claimants were represented by Jonathan Barnes of 5RB and the defendants by Anya Proops QC of 11 KBW. There is a 5RB case report.
Nick McAleenan, a partner and data privacy law specialist at JMW Solicitors, who represented the 5,518 claimants, hailed it as a landmark case. He said:
“We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK. Every day, we entrust information about ourselves to businesses and organisations. We expect them to take responsibility when our information is not kept safe and secure.
“The consequences of this data leak were serious. It created significant worry, stress and inconvenience for my clients. Data breaches are not a trivial or inconsequential matter. They have real victims. At its heart, the law is not about protecting data or information – it is about protecting people.”
Reblogged this on World4Justice : NOW! Lobby Forum..