Services
People
News and Events
Other
Blogs

Vicarious Liability for Employers

View profile for Susan Mayall
  • Posted
  • Author

In a recent Supreme Court case supermarket group Morrisons was found to be not vicariously liable for the actions of one of its staff after a data breach.

The decision has been welcomed by employment lawyers as clarification on this issue.

“However, this latest decision by the Supreme Court comes with a caveat and warning to all businesses no matter what their size that GDPR and data protection in all cases should be carefully managed,” said Head of Employment, Susan Mayall.

Almost 10,000 employees at the national supermarket chain had brought a claim for data protection breaches, breach of confidence and misuse of private information when their payroll details were published on the internet by a disgruntled colleague.

The case against Morrisons was previously upheld by the High Court and the Court of Appeal for breach of statutory duty under the Data Protection Act 1998, misuse of private information and breach of confidence.

However, the Supreme Court stated that the Court of Appeal had ‘misunderstood the principles governing vicarious liability in a number of relevant respects’, namely through the online disclosure the employee had not been acting in his ‘field of activities’, he was not authorised to do so and he was acting for purely personal reasons.

Previously the High Court had found that Morrisons was not directly liable (having not committed the acts itself) but that it was vicariously liable. The Court of Appeal agreed with this decision but the latest ruling overturns both.

“Acts by an employee can still be covered by vicarious liability in specific circumstances so this is by no means a get out clause for businesses,” added Susan.

“In this case once the disgruntled employee took it upon himself to act and distribute the data the company could not be directly liable as they had not authorised him to act in this way.”

“To prevent cases like this in firms of all sizes adequate controls, processes and training about data protection is what is required and to act quickly once any breaches are realised,” she added.

For advice on any employment issues please contact Susan Mayall on 0161 785 3500

 

 

 

 

 

Please note that the information and opinions contained in this article are not intended to be comprehensive, nor to provide legal advice. No responsibility for its accuracy or correctness is assumed by Pearson Solicitors and Financial Advisers LLP or any of its members or employees. Professional legal advice should be obtained before taking, or refraining from taking, any action as a result of this article.