Vicarious liability is a situation where someone can be held responsible for the acts for another. It can be very damaging for employers where an employer can be held liable for the acts of an employee if the act takes place during the course of employment.
In an interesting case, the supermarket, Morrisons have learnt the hard way.
An IT auditor working for Morrisons became disillusioned with his employer. In 2014, he posted a file online containing the personal details of around 100,000 Morrison's employees. He was found guilty of fraud and imprisoned for 8 years in 2015 but this was not the end of the tale for Morrisons. About 5,000 affected employees came together to bring an action against Morrisons claiming that the supermarket should be held liable for the leak. They argued that they were at increased risk of identity theft as a result of the leak as well as financial loss.
The High Court held that Morrisons was liable for the leak as the employee had been entrusted with the data and it had taken place during the course of his employment. Interestingly the Court was not swayed by the argument that the leaks were made by the employee from a personal computer at his home on a Sunday.
The case is going to appeal but does remind employers of the crucial duty to effectively monitor and manage employees - particularly those privy to sensitive data and information.
We have reported in a 2017 newsletter on the General Data Protection Regulation (GDPR) which comes into effect in May 2018. This will impose even greater responsibilities on employers regarding data security and avoiding breaches.
Employers should be reviewing their policies and procedures in this area in any event. But the Morrisons case is an important reminder that employers can face heavy expense and responsibility if a disgruntled employee is in a position to disseminate sensitive data unchecked.
Case: Various Claimants v Wm Morrisons Supermarket plc  EWHC 3113 (QB)
To discuss this or any other employment related issue, contact us.