Morrisons - Data protection breach
Thousands of Morrisons' staff are preparing to sue the supermarket after their personal details were leaked online.
A senior employee, Andrew Skelton, was jailed for eight years in July after he posted details of nearly 100,000 staff online. Highly sensitive data; such as salaries, national insurance numbers, dates of birth and bank account details were also sent to a number of newspapers. It is understood that Mr Skelton, who worked as a senior internal auditor at the Bradford head office, leaked the data after being disciplined over using the company’s post room to conduct eBay deals.
More than 2,000 current and former staff are pursuing a group claim alleging that the retailer was ultimately responsible for breaches of privacy, confidence and data protection law. More staff are expected to join the claim as the courts have allowed a further four-month period to sign them up.
The crux of the claim against Morrisons is that “whenever employers are given personal details of their staff, they have a duty to look after them” and there appears to have been very little protection in place with this sensitive information. Evidence so far advanced by the Claimants is that this information was not encrypted and could be accessed and distributed with relative ease.
Morrisons is resisting the claim stating that it should not be liable for the actions of a single “rogue employee”.
Posted on 12/05/2015 by Ortolan