Co vicariously liable for employee’s data breach
A member of the company’s staff had unlawfully disclosed personal details of many company employees. The data consisted of personal information of the defendant’s employees including their names, addresses, gender, dates of birth, phone numbers, national insurance numbers, bank sort codes, bank account numbers and salaries. He copied it to an Internet file sharing system with intention of causing harm to the company. Employees sought damages from the company, which denied vicarious responsibility for the employees actions.
Held: The company’s appeal failed. The Act was silent as to vicarious liability, but concessions by the company that causes of action based upon misuse of private information, and breach of confidentiality had not been displaced by the Act made it inevitable that nether was the law of vicarious liability. The actual motive of the rogue employee were not on the point.
Sir Terence Etherton MR, Bean, Flaux LJJ
[2018] EWCA Civ 2339, [2018] WLR(D) 653, [2019] 2 All ER 579, [2019] ICR 357, [2019] IRLR 73, [2019] 2 WLR 99, [2019] QB 772
Bailii, WLRD
Data Protection Act 1998
England and Wales
Citing:
At QBD – Various Claimants v WM Morrisons Supermarket Plc QBD 1-Dec-2017
The defendant employer had had confidential information of many of its staff taken and disclosed by a rogue employee. The employees now sought compensation. The main issue was whether the company was directly or vicariously liable for the tort.
Cited by:
At CA – WM Morrison Supermarkets Plc v Various Claimants SC 1-Apr-2020
. .
Lists of cited by and citing cases may be incomplete.
Information, Vicarious Liability
Updated: 01 November 2021; Ref: scu.625969