Skip to Main content

Search results for ''...


Sorry, there were no results

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

Newsletter Sign Up

General Private Client UpdatesGeneral Commercial UpdatesConstruction UpdatesCourt of Protection UpdatesAgriculture & Rural Affairs UpdatesCommercial Property UpdatesEmployment UpdatesDispute Resolution UpdatesCorporate & Commercial UpdatesCharities & Not for Profit UpdatesFood & Drink UpdatesEducation UpdatesTransport & Logistics UpdatesFamily Business & Owner Managed Businesses Updates

I agree to be ‘opted in’ to receive Thomson Snell & Passmore newsletters, event invitations and other publications that are related to the subject matter of this event or my industry sector. I understand that this means they will send me these communications by email

I agree

If you want to update what types of information you want to receive from us, or if you wish to stop receiving these communications, you can do so ay any time using the following link: or emailing us at .

We respect your privacy, information you submit to us will be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

Newsletter Sign Up

General Private Client UpdatesGeneral Commercial UpdatesConstruction UpdatesCourt of Protection UpdatesAgriculture & Rural Affairs UpdatesCommercial Property UpdatesEmployment UpdatesDispute Resolution UpdatesCorporate & Commercial UpdatesCharities & Not for Profit UpdatesFood & Drink UpdatesEducation UpdatesTransport & Logistics UpdatesFamily Business & Owner Managed Businesses Updates

I agree to be ‘opted in’ to receive Thomson Snell & Passmore newsletters, event invitations and other publications that are related to the subject matter of this event or my industry sector. I understand that this means they will send me these communications by email

I agree

If you want to update what types of information you want to receive from us, or if you wish to stop receiving these communications, you can do so ay any time using the following link: or emailing us at .

We respect your privacy, information you submit to us will be treated in accordance with our & .

  • Overview

    UK data protection legislation, including the new GDPR, is enforced by the Information Commissioner’s Office (ICO). The ICO has the authority to issue monetary fines of up to 4% of a company’s annual worldwide turnover, or 20 million euros, for those in breach of their data protection duties.

    Below we take a brief look at how nightmarish employee actions, pre-GDPR coming into force on 25 May 2018, both intentional and accidental, have resulted in hefty fines for their employers before looking at precautions that might help businesses avoid penalties.

    Staff sabotage

    It is difficult not to feel sympathy for Morrisons Supermarkets when, in 2014, a senior internal auditor, Andrew Skelton, intentionally leaked data relating to nearly 100,000 colleagues. The data, which included names, addresses, bank account details and salaries, was posted online and sent to newspapers. 

    In December 2017, the High Court decided Morrisons was vicariously liable for the breach, a decision which was recently confirmed by the Court of Appeal.  

    As for the first data leak class action in the UK, the supermarket is likely to take the case to the Supreme Court. If unsuccessful in their appeal, Morrisons not only faces “distress” compensation payments to 5,518 claimants but potentially a fine from ICO.  

    Blunders at work

    Businesses are also at risk of innocuous employee mistakes that may result in financial penalties.
        
    An employee in a “relatively junior position by grade” at Heathrow Airport recently lost a memory stick during their commute. By data breach standards, the personal information related to a relatively low number of people (60 individuals) and sensitivity, though the airport was still fined £120,000.

    In December 2016, a police officer for Gloucestershire Police did not activate the ‘BCC’ function on his email system, and accidentally revealed identities of victims to 56 recipients. This incurred a fine of £80,000 due to the particularly sensitive nature of the information leaked.

    In an equally unsympathetic approach, the Royal Borough of Kensington and Chelsea was fined £120,000 after a worker failed to withdraw corresponding personal details from a spreadsheet showing owned vacant properties in the area.

    Our thoughts

    Data protection and prevention of data breaches should be at the heart of your businesses’ decisions when processing personal data.  Below we have set out to reduce the risk of an employee-induced fine:

    • Conduct a data audit, and delete information that is not needed
    • Limit staff access to personal information that is only necessary in the performance of their role
    • Use organisational and technical measures to prohibit use of removable media devices; where use is necessary, always encrypt personal data
    • Maintain data protection policies
    • Provide training to all employees – to reinforce liabilities for where employees themselves have been prosecuted for unlawful access (Clare Lawson; Daniel Short) and for intentionally leaking (Andrew Skelton, who went to prison)
    • Use the ICO resources and helpline available
    • Report any breach early.


    Fines are less likely to be imposed where Employers have evidenced engagement with data protection and taken preventative steps to avoid data protection breaches. 

    Most fines have so far involved acts or omission occurring prior to 25 May 2018, but it is only a matter of time before we see the ICO issuing very large fines in line with the new threshold.

    If you are concerned about data protection, taking steps to avoid a data protection breach or want assistance in handling such a breach, please do not hesitate to contact one of the employment team.  

     

  • Related Services

    Employment Advice for Employees

    Our employment solicitors give straightforward legal advice, find proactive solutions and achieve quick results

    Data protection

    Data protection and privacy law is a complex and fast-changing area with international differences adding an extra layer of complexity. We help businesses of all sizes and across many sectors use and exploit data while remaining compliant with data protection legislation.

    Collaborative Employment Law for Employers

    Collaborative Employment Law (CEL) is a new service offered by a group of employment lawyers who are committed to working together to resolve employment and workplace disputes.

    General Data Protection Regulation (GDPR)

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

Newsletter Sign Up

General Private Client UpdatesGeneral Commercial UpdatesConstruction UpdatesCourt of Protection UpdatesAgriculture & Rural Affairs UpdatesCommercial Property UpdatesEmployment UpdatesDispute Resolution UpdatesCorporate & Commercial UpdatesCharities & Not for Profit UpdatesFood & Drink UpdatesEducation UpdatesTransport & Logistics UpdatesFamily Business & Owner Managed Businesses Updates

I agree to be ‘opted in’ to receive Thomson Snell & Passmore newsletters, event invitations and other publications that are related to the subject matter of this event or my industry sector. I understand that this means they will send me these communications by email

I agree

If you want to update what types of information you want to receive from us, or if you wish to stop receiving these communications, you can do so ay any time using the following link: or emailing us at .

We respect your privacy, information you submit to us will be treated in accordance with our & .

^
Jargon Buster