The Morrisons case: When is an employer liable for data breaches by its employees?
❗Flash Briefing from the UK❗
⚡Kim Walker of Shakespeare Martineau discusses the UK Supreme Court’s important recent judgement clarifying the scope of the principle of “vicarious liability”: when is an #employer strictly liable for the wrongdoings of its employees even though the employer is entirely blameless?
➡️ The case is of particular interest to anyone advising on #dataprotection, because the employee, in this case, had maliciously and wrongfully uploaded #payroll data of 100,000 employees to the internet, potentially exposing Morrisons to huge claims for compensation from the employees involved.
➡️ The High Court and the Court of Appeal in the #UK had previously found Morrisons vicariously liable for the rogue employee’s actions.
The discussion includes:
❓How do you decide what an employee’s “field of activities” are?
❓When is the wrongful action “closely connected” to the field of activities?
❓Are the employee’s motives relevant?
❓Why was the previous leading case (Mohamud v Morrisons) different?
❓What are the practical implications in the field of data protection?