In an important High Court judgment handed down on 1 December 2017, the supermarket chain Morrisons has been found liable for breach of the Data Protection Act. In this case, a disgruntled employee accessed some 100,000 personnel records, and published them on the internet. Morrisons was found to be vicariously liable for the employee's actions, which amounted to a breach of the Act. Mishcon de Reya Partner Adam Rose, who specialises in data protection, featured on BBC Radio Scotland commenting on the judgment. He said:
"The case is important in that it shows that an employer can be held responsible for the unauthorised and malicious acts of a member of staff, and it paves the way for the 100,000 affected staff members to claim damages from Morrisons. This decision is bound to open up businesses to many more damages claims for data breaches.
"In order to protect themselves, companies should ensure that they know who they are employing, that data is not readily available to individuals on the kind of scale it was in the Morrisons case, and that there are systems in place to detect when unnecessarily large amounts of data are being copied."