Morrisons granted Supreme Court data breach appeal

Morrisons has been granted permission to appeal to the Supreme Court after it was found responsible for a data breach which affected more than 100,000 employees.

The latest appeal follows the October 2018 decision by the Court of Appeal to uphold the original verdict of the High Court on vicarious liability. The Court of Appeal comprised three senior judges, including the Master of the Rolls, who refused Morrisons permission to appeal further to the Supreme Court.

As a result, the supermarket giant decided to apply to the Supreme Court for permission to appeal, which was granted on 15 April 2019.

Some 5,518 claimants are seeking compensation from Morrisons over the significant data leak, which in 2014 saw a then senior internal auditor at the retailer’s Bradford headquarters copy and then post staff’s payroll information on the internet, including bank account details, dates of birth, salary information, national insurance numbers, addresses and phone numbers.

Nick McAleenan, partner and data privacy law specialist at JMW Solicitors, who is representing the claimants, said: “While the decision to grant permission for a further appeal is of course disappointing for the claimants, we have every confidence that the right verdict will, once again, be reached – it cannot be right that there should be no legal recourse where employee information is handed in good faith to one of the largest companies in the UK and then leaked on such a large scale.

“This was a very serious data breach which affected more than 100,000 Morrisons’ employees – they were obliged to hand over sensitive personal and financial information and had every right to expect it to remain confidential. Instead, they were caused upset and distress by the copying and uploading of the information.”

Retail Sector has contacted Morrisons for comment.