Morrisons' implication has been ruled out
02.04.2020

Morrisons might “set precedent”, according to The Telegraph

The incident which was labelled as the first data leak class action in the UK has been settled for Morrisons which was declared not liable for the data breach caused by a disgruntled employee.

It took the company a few years to negate claimants’ accusations and make the Supreme Court acknowledges the grocery chain is not implicated in the data leak.

Andrew Skelton, former auditor, exposed personal information, payroll data, banking accounts details of about 100,000 employees in revenge for being given a verbal warning.

The grudge which became the reason for the major data breach that involved sensitive data of many thousands of coworkers already raises concern – a disgruntled employee poses a big implicit threat to any company if internal management and employee activities are not monitored.


How to identify a threat inside your team


The other problem has just been highlighted as the case got resolved – the previous allegations against the chain made by the High Court and Court of Appeal that the company was actually liable for its employee wrongdoing were overruled.

That draws the regulations’ attention to the matter. Data protection controllers might consider the case to be the one bringing some implications as companies would be able to back away from their employees and prove that they are not accountable for “someone else’s noncompliance”.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.