Employers breathe a sigh of relief following the Supreme Court decision in Morrisons

By Stephanie Creed, Oran Kiazim, Ruth Boardman, Ian Hunter


In a unanimous decision on 1 April 2020, the Supreme Court reversed the Court of Appeal’s decision that found Morrisons vicariously liable for a data breach committed by a rogue employee. The Supreme Court held that the Court of Appeal “misunderstood the principles governing vicarious liability in a number of relevant respects”.

1. Background

As a reminder, the Morrisons data breach was the result of the deliberate and criminal actions of a disaffected former employee – Andrew Skelton. Having exploited his legitimate access to Morrisons’ systems, Mr Skelton stole and unlawfully published the personal data of almost 100,000 Morrisons employees on a file sharing website, then later sent a copy

Visit HR Data Essentials to read in full