Well like most supermarkets Morrisons will be busy, their tills will be ringing with the sound of hoarded toilet roll, rare as anything liquid hand gel and scarce as hen’s teeth, plain flour.
Today the Supreme Court held that Morrisons are not vicariously liable for the criminal act of a payroll manager who sold Morrisons employees’ pay details and personal data on the dark web for personal gain. Frugal Ken would have been pleased by the judgment which has saved Morrisons’ substantial compensation. Approximately 10,000 employees had sued Morrisons under the Data Protection Act for unlawfully processing their data. Their claims had been upheld in the High Court and Court of Appeal.
The grounds the SC held that Morrisons were not liable were in summary as follows:
- The payroll manager was on a frolic of his own. Great to be able to use that word in these dark times. Releasing employees’ data such as bank account details onto the dark web for criminal profit was not part of his role.
- The criminal intent of the employee was relevant in finding that he acted outside the course of his employment.
- The fact that he had been asked by Morrisons’ auditors for the employees’ data did not mean the releasing it on the web was in the course of employment. It was not in the course of employment and it was therefore an act that Morrisons could not be vicariously liable for.