A Warning to all Organisations – the outcome of the WM Morrisons Supermarkets Ltd Data Breach announced in the Supreme Court
The judgement of the UK Supreme Court on the WM Morrison Supermarkets Ltd Data Breach case and subsequent claims by various claimants has been announced on Wednesday, 01 April 2020.
On reviewing the judgement our Data Protection Specialist Gary Payne comments, “Whilst the judgement upholds in favour of Morrisons on vicarious liability, this judgement has serious implications to all organisations and leaves open the door on future claims of vicarious liability going against an organisation where an employee exploits personal data processed by the data controller employer, where that organisation fails to provide ‘adequate technical and organisational measures’. Organisations must and proactively, work to protect the personal data in its control.”
He adds, “Also for future awareness in the UK, most senior people in any organisation also need to consider is the Data Protection Act 2018 c12 s.189 – Liability of Directors, etc., because if it can be proved that a director, secretary, officer or any person acting in that capacity in any organisation, ‘consented, connived, or are neglectful’ in the allowing the data breach to happen by their ‘consent, connivance, or attributable neglect’, they may be liable to prosecution personally.”
If you want to discuss your organisation’s data protection or information security compliance, use our Contact Us page.
Download the full judgement here: https://www.supremecourt.uk/cases/uksc-2018-0213.html