Case dates back to 2014
In a case dating back to 2014, the London High Court has found Morrisons liable for the actions of a former member of its staff who stole the data of nearly 100,000 employees and posted it online.
This included their bank, salary and national insurance details, addresses and phone numbers.
The court ruling now allows those affected to claim compensation for the “upset and distress” caused.
Morrisons said it believed it should not have been held responsible and would be appealing against the decision.
A group of 5,518 former and current Morrisons employees said this incident exposed them to the risk of identity theft and potential financial loss and that Morrisons was responsible for breaches of privacy, confidence and data protection laws.
While the accused auditor, Andrew Skelton, was later jailed, the High Court has found that the supermarket responsible for the leaking of employees’ data and a second trial will now be held to determine the damages payable by the supermarket chain.
Nick McAleenan, a partner and data privacy law specialist at JMW Solicitors, who represented the 5,518 claimants, hailed it as a landmark case.
He said: “We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK. Every day, we entrust information about ourselves to businesses and organisations. We expect them to take responsibility when our information is not kept safe and secure.
“The consequences of this data leak were serious. It created significant worry, stress and inconvenience for my clients. Data breaches are not a trivial or inconsequential matter. They have real victims. At its heart, the law is not about protecting data or information – it is about protecting people.”