Morrisons has put a new appeal before the UK’s Supreme Court in an attempt to overturn a ruling that deemed the British supermarket giant was responsible for a data breach that took place five years ago.
The internal data leak, which was prompted by the malicious actions of a rogue member of staff, led to Morrisons having to fight a lawsuit brought forward by over 9,000 victims. Over time, the number of claimants in the lawsuit has risen, with representation being made by JMW Solicitors and 5RB Barristers, both based in Manchester.
Partner and data privacy expert at JMW Solicitors, Nick McAleenan, said:
“This will be Morrisons’ second attempt to exonerate itself after being found legally responsible by the High Court and the Court of Appeal for a large-scale data breach, which affected tens of thousands of its staff.
“The senior justices of the Supreme Court, including the president of the Supreme Court, Lady Hale, will now hear Morrisons’ appeal.”
The data breach, which took place in 2014, exposed swathes of information belonging to Morrisons workers, including bank account and salary data, and the national insurance details of 100,000 of the supermarket’s staff. The information was posted to a file-sharing website by former Morrisons employee, Andrew Skelton.
Skelton had worked as an internal IT auditor at the company, and had been angry at the firm due to disciplinary action he had received. Skelton is currently serving an eight-year jail term and is due for release early next year.
Any breakthroughs made by Morrisons’ fresh appeal will depend on whether the Supreme Court feels the 1998 Data Protection Act excludes the application of vicarious liability to a breach of the act, or for misuse of private information or breach of confidence.
The Supreme Court will also consider whether or not the Court of Appeal dragged its feet as it reached its decision that Skelton’s disclosure of data took place during the course of his employment.
Representing Morrisons, Lord Pannick said:
“This is a remarkable case because…the employee’s purpose here was specifically to damage this employer.
“It is true…there were other victims, but they were not the targets and it would be striking indeed if an employer is vicariously liable for wrongful acts specifically aimed at that employer when the judge has rejected all criticisms of Morrisons for hiring that person and trusting him.”
The post #Privacy: Fresh data breach appeal launched by UK supermarket chain appeared first on PrivSec Report.