UK Employment Law case updates - December 2017

By Ian Hunter, Elizabeth Lang, James Froud, Pattie Walsh

12-2017

Latest UK Employment Law case updates - December 2017

  1. Employers facing claims for unlimited backdated holiday pay
  2. Employer innocence no defence to data breach liability
  3. Not all "protected conversations'" are protected


Employers facing claims for unlimited backdated holiday pay

King v The Sash Window Workshop Ltd and another (European Court of Justice)

The ECJ has ruled that workers, who are wrongly classified as self-employed contractors and therefore do not utilise their statutory entitlement to paid holiday, should be able to obtain backdated holiday pay in respect of the entire duration of their engagement by an employer.

In this case, the claimant worked as a commission-based salesperson for 13 years. He received no salary and was never paid for holidays or sickness absences. He was offered a contract of employment after seven years, but chose to continue to work on a self-employed basis. When the company terminated his contract, he brought claims for age discrimination and unpaid holiday pay.

The claimant established 'worker' status before an Employment Tribunal, but the extent to which the company had to cover historic, unpaid holiday pay liabilities remained contentious. The Court of Appeal (CA) subsequently referred the question of whether national carry-over limits on holiday entitlement are compliant with EU law to the ECJ.

The ECJ held that where a worker does not exercise their right to paid holiday (whether due to employer misclassification or other reasons beyond their control), EU law requires that accrued, but untaken, leave carries over until the termination of their employment. The decision is inconsistent with previous UK rulings which had said employers could impose a two-year 'backstop' to limit a worker's right to backdated holiday pay.

This is another decision with potentially huge implications for the 'gig economy', and serves as another wake-up call for organisations who may have erroneously classified individuals as self-employed contractors rather than 'workers' at the outset of their relationship. It is irrelevant whether an employer genuinely believes an individual is not entitled to paid leave, since the onus falls on them to correctly classify their staff. Whilst we need to wait for the CA's response, the ECJ's prohibition on holiday pay backstops could encourage substantial claims for historic holiday pay, and significant liabilities for companies engaging independent contractors.

Our more detailed comments on the decision can be found here.


Employer innocence no defence to data breach liability

Various claimants v WM Morrisons Supermarket PLC (High Court)

The High Court has confirmed that an employer was vicariously liable for an employee’s breach of the Data Protection Act 1998 (DPA), following his intentional disclosure of personal data relating to around 100,000 colleagues on the internet. Notwithstanding the fact that the disclosure took place outside of working hours and from the employee's personal device, there was 'sufficient connection' between his employment and the breach for vicarious liability to arise.

A senior IT auditor had access to certain restricted payroll data in the course of his employment at Morrisons. Aggrieved after being disciplined for an unrelated matter, he copied the data onto a personal USB stick and published a file containing the personal details of around 100,000 colleagues onto a public file sharing website. Morrisons initiated take-down proceedings as soon as it was alerted to the publication and the employee was subsequently convicted under the UK's Computer Misuse Act. Separately, over 5,500 employees initiated a civil class-action claim against Morrisons, alleging a breach of statutory duty under the DPA.

Although the High Court accepted that Morrisons could not be directly liable under the DPA, as it was not the data controller at the time of the breach and its security measures were largely appropriate, vicarious liability was established. Morrisons entrusted the employee with payroll data and assigned him specific tasks in relation to it, which established sufficient connection between his employment and the disclosure for the purposes of vicarious liability. The fact that the breach occurred at the weekend, from home, and using personal equipment, was not enough to break the link.

For employers, this decision appears harsh and sets a worrying precedent that they will be held liable for the actions of rogue employees over which they have limited control and in circumstances where they have taken reasonable steps to prevent unauthorised activity. The possibility of class-action claims involving thousands of claimants, and enhanced administrative fines under the incoming GDPR, only raises the stakes. The case scores to underline the importance of organisations establishing holistic strategies to protect their data assets. Our specialist data management lawyers can assist clients in developing their strategies.


Not all "protected conversations'" are protected

Graham v Agilitas IT Solutions Ltd (Employment Appeal Tribunal)

The EAT has confirmed that an employer cannot both: (i) invoke the benefits of a without prejudice/protected conversation to prevent details of a conversation being referred to in proceedings; and (ii) also waive privilege in relation to certain beneficial parts of the same conversations for disclosure before a judge. Where this occurs, privilege will be considered to have been waived by the employer in its entirety, leaving all aspects of the relevant correspondence admissible.

In parallel to an ongoing disciplinary procedure on the grounds of poor performance, the parties in this case held discussions regarding a potential mutual termination of employment. The company characterised these as without prejudice and/or protected conversations under s.111A Employment Rights Act 1996. During one such conversation, the employee claimed to have a case of constructive dismissal which could damage the company financially. The company later relied on this threat as one of the disciplinary allegations which resulted in the employee's subsequent dismissal. He brought claims for unfair and wrongful dismissal.

The Employment Tribunal made a preliminary finding that the protected conversations/without prejudice discussions could not be referred to in the employee's grounds of complaint. The claimant appealed this point, which the EAT accepted on the grounds that privilege may have been waived by the company in its disciplinary correspondence. The Employment Tribunal must now determine whether privilege was waived by the company in fact.

The case highlights the need for care when engaging in without prejudice discussions or protected conversations. Employers cannot cherry-pick parts of such correspondence, or extract certain beneficial aspects as a sword in proceedings, and then seek to rely on the without prejudice rule as a shield in relation to the rest. The content of protected discussions should be treated separately from other disciplinary evidence, and should not generally form the basis of any disciplinary proceedings if the employer wishes to rely on privilege.