Thousands of Morrisons staff could be awarded compensation following a class action lawsuit that may have ramifications for every business in the UK.
The High Court is set to rule on a compensation claim today, following a data breach of almost 100,000 employees’ names, addresses, bank account details and salaries.
The leaked information was subsequently shared online and to the press in 2014.
Morrisons’ former senior internal auditor Andrew Skelton was found guilty of fraud, securing unauthorised access to computer material and disclosing personal data in 2015. He received an eight-year prison sentence.
It is thought Skelton’s motive was related to a previous incident where he was accused of dealing legal highs at work.
Representing 5518 former and current Morrisons staff who were affected by the breach, Jonathan Barnes has argued that Morrisons is responsible for breaches of privacy and that his clients should be awarded compensation for the upset and distress caused by the alleged failure to keep information safe.
Anya Proops QC, representing the grocer, counters that Morrisons had already been damaged by the breach, and that should the claim succeed the retailer’s other 94,480 employees would seek compensation.
Proops also argued the retailer could not be held liable for Skelton’s misuse of data and that the claimants had failed to establish where Morrisons failed when it came to data security.
“The imposition of vicarious liability in this case would otherwise result in the untenable situation where the court was effectively realising Skelton’s criminal objective of damaging Morrisons’ interests in the most absolute fashion, and otherwise exposing Morrisons to a compensation burden of a grossly disproportionate order,” she said.
Justice Langstaff will give his decision on the liability today.