Q&As

What is the extent of an employer’s liability if an ex-member of staff were to commit a data breach, eg by stealing the employer’s client list containing personal information about individuals and using that list in breach of the General Data Protection Regulation?

read titleRead full title
Produced in partnership with Peter Edwards of Devereux Chambers
Published on LexisPSL on 09/09/2020

The following Employment Q&A produced in partnership with Peter Edwards of Devereux Chambers provides comprehensive and up to date legal information covering:

  • What is the extent of an employer’s liability if an ex-member of staff were to commit a data breach, eg by stealing the employer’s client list containing personal information about individuals and using that list in breach of the General Data Protection Regulation?

What is the extent of an employer’s liability if an ex-member of staff were to commit a data breach, eg by stealing the employer’s client list containing personal information about individuals and using that list in breach of the General Data Protection Regulation?

This question raises two complex and legally difficult issues, as follows:

  1. first, whether the common law principles of vicarious liability apply in respect of an alleged breach of the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR) and/or for misuse of private information and breach of confidence; and, if so,

  2. second, does vicarious liability apply in circumstances in which an employee has stolen data from the employer, without the employer’s knowledge or consent

The relevant questions have very recently been addressed by the Supreme Court in the case of WM Morrison Supermarkets plc v Various Claimants. This was the case in which a disgruntled employee of the supermarket copied the personal, payroll data of 126,000 employees and published it on the internet. This was found to be because of an ‘irrational grudge against Morrisons’ because the employee had been

Related documents:

Popular documents