The High Court has sent a chilling warning to companies across the UK to ensure they keep employees’ personal data secure after ruling that Morrisons must pay 5,518 current and former staff compensation for ‘upset and distress’ after their personal details were posted online by a disgruntled colleague.
The first data leak class action in the UK – which could open the floodgates to new claims as well as pave the way for tens of thousands of other Morrisons staff to get compensation – follows a security breach in 2014. At the time, Morrisons’ senior internal auditor Andrew Skelton leaked the payroll data of nearly 100,000 employees, including names, addresses, bank account details and salaries, putting it online and sending it to newspapers.
At his trial in July 2015, Bradford Crown Court heard how Skelton had been incensed when bosses accused him of using the HQ mailroom to send what they claimed were legal highs.
However, it transpired that he was simply receiving and posting goods he had bought and sold on eBay. But by then the damage was done. He was found guilty and was jailed for eight years.
In October, Jonathan Barnes, counsel for former and current Morrisons employees, told Mr Justice Langstaff that the company had already been awarded £170,000 compensation against Skelton.
He argued the employees should also be compensated for the upset and distress caused by the alleged failure to keep their information safe.
Anya Proops QC, for Morrisons, said Skelton had already caused serious damage to the firm, not least because it incurred more than £2m in costs over the breach.
But Nick McAleenan, a partner and data privacy law specialist at JMW Solicitors, who represented the 5,518 claimants, hailed it as a landmark victory.
He said: “We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK. Every day, we entrust information about ourselves to businesses and organisations. We expect them to take responsibility when our information is not kept safe and secure.
“The consequences of this data leak were serious. It created significant worry, stress and inconvenience for my clients. Data breaches are not a trivial or inconsequential matter. They have real victims. At its heart, the law is not about protecting data or information – it is about protecting people.”
Related stories
Morrisons staff start High Court fight over 2014 breach
Morrisons staff take legal action over 2014 breach
Morrisons chief banged up for 8 years
Grudge sparked Morrisons breach
Staffer held over Morrisons breach
