The data protection breach claim against Morrisons Supermarkets has now been considered by the Court of Appeal.

Morrisons have been found vicariously liable for the breach (upholding the original court’s judgement) which means that over 5,000 employees may be able to claim compensation for the breach and any losses suffered against Morrisons.

An ex-employee – A. Skelton – then a senior internal auditor, had leaked data, including names, addressed and bank details online and to the press.  He was jailed for 8 years in 2015.

Morrisons had argued before the Court of Appeal, that they should not be liable for criminal misuse of its data, but were unsuccessful.

Morrisons have indicated an intention to appeal to the Supreme Court.

This case may be of concern to employers, as Morrisons were not found to have done anything wrong.  The only criticism of Morrisons’ procedure was that they did not ensure that data legitimately uploaded from their system on to a USB by Mr Skelton, to be sent to external auditors, was safely returned to Morrisons encrypted systems.