‘Vicarious Liability and Data Controllers’

“The High Court (Langstaff J) has today handed down an almost 200 paragraph judgment in the first ever group litigation data breach case to come before the courts. The issue for the court was whether the defendant data controller, Morrisons, was in principle either directly or vicariously liable for the actions of a rogue employee who had, as an act of malice directed at his employer, taken payroll data relating to some 100,000 employees and published it online. The court concluded that, despite itself having been entirely innocent of the misuse, Morrisons was in principle liable to compensate all the claimants in the group, some 5,500 individuals, on the basis of the application of common law (no fault) vicarious liability principles …” (more)

[Christopher Knight, Panopticon – 11KBW, 1 December]

Leave a Reply