Management Consulting

In the case of Wm Morrisons Supermarkets PLC, the company faced a significant challenge when a senior auditor, Mr. Andrew Skelton, maliciously disclosed personal information of approximately 5,500 employees. This incident arose from Skelton's intent to harm the company following a perceived slight, leading to a class action lawsuit against Morrisons despite the employees not suffering any financial loss. The legal question centered on whether Morrisons could be held vicariously liable for the criminal actions of Skelton, which the Court of Appeal ultimately affirmed, highlighting the connection between his employment role and the wrongful acts committed. The tailored solution for Morrisons involved a thorough examination of their data protection policies and the implementation of robust measures to mitigate future risks. The court's ruling underscored the necessity for businesses to have comprehensive data protection strategies in place, as well as the importance of liability insurance to cover potential claims arising from employee misconduct. The implications of this case were profound, as it marked the first successful class action in the UK for a data breach, raising awareness about the potential for severe financial repercussions and negative publicity stemming from such incidents. As a result of the ruling, Morrisons faced not only the immediate legal challenges but also the long-term impact of reputational damage. The case emphasized the need for companies to reassess their data security measures and consider various insurance options, including cyber liability and professional indemnity insurance, to protect against similar future exposures. The decision also indicated that the evolving landscape of data protection laws, particularly with the introduction of GDPR, could further complicate the liabilities faced by employers in cases of data breaches.