Skip to Main content

Search results for ''...


Sorry, there were no results

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

  • Overview

    What is it?

    Vicarious liability is the principle that means that employers are liable for the actions of their employees where there is a sufficient connection between their employment and the wrongdoing. 

    There have been a number of notable cases recently on vicarious liability. One of the most well-known is the case of Mohamud v Morrisons, where the employer was held liable for the unprovoked attack on a member of the public by one of its employees. 

    Unfortunately for Morrisons, they have been in court again arguing about vicarious liability, but this time the outcome was much more favourable for them and employers generally.

    Background

    Mr Skelton worked as an internal IT auditor for Morrisons Supermarkets. In 2013, he was given a verbal warning for minor misconduct, which resulted in him holding an irrational grudge against his employer. 

    Later, when asked to provide payroll data for the entire workforce which constituted over 100,000 individuals, he copied the data onto a USB stick and took the memory stick home. From there, Mr Skelton:

    1. posted it on the Internet using a colleague’s logon; and
    2. sent the information to three national newspapers pretending to be a concerned member of the public.


    Morrisons was alerted to the situation and started an internal investigation into the data breach. All told, the ordeal cost Morrisons over £2M. 

    Mr Skelton was arrested and convicted of criminal offences. Morrisons were probably sighing with relief and hoping that this was the end but unfortunately for them 9,263 employees and former employees brought claims against Morrisons for damages on the basis that they were vicariously liable for the data breach caused by Mr Skelton.

    The case proceeded through the High Court where initially Morrisons were held to be vicariously liable and on appeal to the Court of Appeal, the ruling was upheld. 

    However, Morrisons appealed to the Supreme Court who discussed the Mohamud case and considered where some of the lower courts had perhaps misunderstood the principles. The Supreme Court found that ultimately Mr Skelton had not been engaged in furthering Morrisons’ business when the wrongdoing had occurred. Instead, he had been furthering his own private vendetta against the company. On this basis Morrisons was not vicariously liable for his actions.

    Our thoughts

    The above case is a welcome relief for employers who will be pleased to hear that they will not always be found to be liable for the data breaches of their employees. Whilst this is helpful clarification on the Mohamud case, it does not mean that employers will always get off the hook for these types of actions.

    Additionally, this case was considered under the previous Data Protection Act 1998, which was slightly different to the current law. Whilst the GDPR and Data Protection Act 2018 do not in themselves change the law on vicarious liability, the Data Protection Act 2018 does cover more areas including reporting breaches within 72 hours and having a data protection system that is safety by design. 

    The takeaway advice from the case is that employers will only be liable for the actions of their employees where they are engaged, however misguided, in furthering the employer’s business, i.e. not on a frolic of their own. 

  • Related Services

    Employment

    We act for businesses of all shapes and sizes and in many different sectors. Our advice covers all aspects of the employment relationship, helping to settle disputes, defending employment tribunal claims and providing immigration compliance audits.

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

^
Jargon Buster