SUPERMARKET CHAIN Morrisons has been found liable for the actions of a former employee who stole the personal data of thousands of employees.
In the UK’s first data leak class action, the High Court on Friday ruled in favour of affected staffers, who brought a claim against the company after employee Andrew Skelton stole the data, including salary and bank details, of nearly 100,000 staff in 2014.
This data was then leaked to several newspapers and posted on data sharing websites.
43-year-old Skelton, then a senior internal auditor at the retailer’s Bradford headquarters, was found guilty of three charges of fraud at Bradford Crown in 2015, despite denying the charges, and was subsequently jailed for eight years.
The jury heard that Skelton had leaked the information in anger after receiving an official warning about using Morrisons’ post room to send personal packages, which he was accused of using to sell legal highs from work.
Skelton then tried to cover his tracks by setting up a fake email account to implicate a fellow employee in the data leak.
The High Court ruling on Friday, reported at the BBC, now allows those affected to claim compensation for the “upset and distress” caused.
Lawyers ruled that the data theft exposed 5,518 former and current Morrisons employees to the risk of identity theft and potential financial loss, and said that the company was responsible for breaches of privacy, confidence and data protection laws
Morrisons, naturally, said it believed it should not have been held responsible and would be appealing against the decision.
In a statement given to INQ, a Morrisons spokesperson said: “A former employee of Morrisons used his position to steal data about our colleagues and then place it on the internet and he’s been found guilty for his crimes.
“The judge found that Morrisons was not at fault in the way it protected colleagues’ data but he did find that the law holds us responsible for the actions of that former employee, whose criminal actions were targeted at the company and our colleagues. Morrisons worked to get the data taken down quickly, provide protection for those colleagues and reassure them that they would not be financially disadvantaged. In fact, we are not aware that anybody suffered any direct financial loss.
“The judge said he was troubled that the crimes were aimed at Morrisons, an innocent party, and yet the court itself was becoming an accessory in furthering the aim of the crimes, to harm the company. We believe we should not be held responsible so we will be appealing this judgement.” µ
Source : Inquirer