Morrisons has won a Supreme Court appeal over whether it was liable for an employee with a grudge who leaked the payroll data of around 100,000 members of staff.

The supermarket took the case to the Supreme Court following a ruling in 2018 which gave the go-ahead for compensation claims by employees whose personal details were leaked.

A panel of five judges unanimously ruled yesterday that Morrisons was not "vicariously liable" for the actions of Andrew Skelton, who disclosed staff information on the internet.

Announcing the decision via livestream, the court's president Lord Reed said Skelton leaked the data after he was given a verbal warning following disciplinary proceedings, adding that employers could only be held liable for the actions of employees if they were "closely connected" with their duties at work.

Lord Reed stated: "In the present case, Skelton was not engaged in furthering Morrisons' business when he committed the wrongdoing in question.

"On the contrary, he was pursuing a personal vendetta, seeking revenge for the disciplinary proceedings a month earlier,” he continued, adding: "In these circumstances, applying the established approach to cases of this kind, his employer is not vicariously liable."

Morrisons responded by stating: "The theft of data happened because a single employee with legitimate authority to hold the data, also held a secret and wholly unreasonable grudge against Morrisons and wanted to hurt the company and our colleagues.

"We are pleased that the Supreme Court has agreed that Morrisons should not be held vicariously liable for his actions when he was acting alone, to his own criminal plan and he's been found guilty of this crime and spent time in jail.”

Morrisons added that many colleagues appreciated the fact that it got the data taken down quickly, provided protection for their bank accounts and reassured them that they would not be financially disadvantaged. "In fact, we've seen absolutely no evidence of anyone suffering any direct financial loss,” the statement concluded.

Commenting on the ruling, Matthew Gill and associate in the litigation group at law firm Wiggin LLP, said: “The Supreme Court’s decision today should be welcomed by employers with a sigh of relief – if the court’s decision had gone the other way, Morrisons would have been liable to 100,000 of its employees for a breach of their data despite Morrisons having done everything it reasonably could have to protect that data.

“Other employers would have faced an untenable risk that if they were hit by a similar theft of data by an employee, they would be left wholly exposed,” he continued. “It is right, as the Supreme Court has found, that employers should not be found liable for their employees’ actions in those circumstances.”

Share Story: