23rd October 2018

On 22 October 2018 the Court of Appeal upheld an earlier decision of the High Court holding the Morrison Supermarket chain liable for the actions of its former employee Andrew Skelton.

Andrew Skelton, then a Senior Internal Auditor at Morrisons Bradford Headquarters, leaked payroll data in 2014.  He was jailed for 8 years in 2015 after being found guilty of fraud, securing unauthorised access to computer material and disclosing personal data.

It is understood more than 5000 staff who had their personal data stolen and disclosed online are part of a group action claiming compensation. Morrisons denied it was liable for the actions of Andrew Skelton whose actions were claimed to have been malicious and those of a disgruntled employee.

In 2017 the High Court upheld the Claimants’ claims imposing liability on Morrisons. Morrisons appealed to the Court of Appeal hence this ruling.

It is understood Morrisons asked the Court of Appeal for permission to appeal to the Supreme Court but this was denied. Morrisons have stated they will approach the Supreme Court direct for permission to appeal and for the Supreme Court to then hear the case.

It is perhaps not surprising the Court of Appeal dismissed the appeal given Andrew Skelton’s actions were closely related to the job he was employed to do. It is right that employers should bear the risk and assume liability for the actions of their employees.

The Claimants seek compensation for the distress suffered as a result of the data breach. It is understood few if any of the Claimants suffered direct financial loss but many suffered distress and worry at having their addresses and bank details leaked online.

Our solicitors have acted in a number of successful data cases including claims against NHS Trusts, Police Forces and other public bodies. If you have suffered distress as a result of a data breach please contact Richard Hardy or Andrew Freckleton.

Blog by Richard Hardy, Partner