Morrisons in last ditch bid to stop data breach pay-out

Supermarket giant Morrisons is launching its final attempt to block the UK’s first data breach class action compensation pay-out today at the Supreme Court, in a legal case which is likely to have major implications for businesses across the UK.

The issue actually dates back to 2014 when aggrieved Morrisons IT auditor Andrew Skelton leaked the payroll data of nearly 100,000 employees, putting it online and sending it to newspapers.

At his trial in July 2015, Bradford Crown Court heard how Skelton had been incensed when bosses accused him of using the HQ mailroom to send what they claimed were legal highs. However, it transpired that he was simply receiving and posting goods he had bought and sold on eBay. He was found guilty and was jailed for eight years.

Within months, JMW Solicitors started legal action on behalf of 5,518 former and current Morrisons employees, arguing that the leak had exposed them to the risk of identity theft and potential financial loss.

At the first High Court hearing in October 2017, Jonathan Barnes, counsel for the victims, told Mr Justice Langstaff that Morrisons had already been awarded £170,000 in compensation against Skelton but that its own staff had not received a penny for the distress his actions had caused.

In December 2017, the High Court found in the claimants’ favour, ruling that although Morrisons was not “directly liable” it was found to be “vicariously liable” for the actions of its employee.

However, Morrisons then appealed but this was booted out in October 2018. Then in April this year Morrisons won the right to have the case heard in the Supreme Court.

In a statement issued before the Supreme Court proceedings, Nick McAleenan, a partner and data privacy law specialist at JMW Solicitors, said: “This will be Morrisons’ second, and final, attempt to exonerate itself after being found legally responsible by the High Court and the Court of Appeal for a large-scale data breach, which affected tens of thousands of its staff.”

If upheld in the Supreme Court, some legal experts believe employers may be at enhanced risk of being held responsible for the acts of rogue employees in future, even if those employees seek to abuse their position in order to cause as much damage as possible.