top of page

The courts in the UK are deciding on the penalty against an organisation that suffered a data breach

Another stark reminder to organisations in Malaysia.

Morrisons, the fourth largest chain of supermarkets in the United Kingdom with almost 500 stores nationwide with annual revenue in excess of £17 billion could face a massive payout after losing a legal challenge against a ruling that opened the gate to compensation claims from thousands of staff whose personal details were leaked online.

The case centred on a security breach in 2014 when Andrew Skelton, a senior internal auditor at the supermarket’s headquarters, leaked the payroll data of around 100,000 employees, including their names, addresses, bank account details and salaries. A group of 5,518 former and current staff who were affected by the breach are seeking compensation for the upset and distress caused by the incident, and said Morrisons was responsible for breaches of privacy, confidence and data protection laws. 

The company said it could not be held directly or liable for the criminal misuse of the data, however, in December 2018 the High Court found that Morrisons was vicariously liable for the breach.

The judgment is a wake-up call for business and that it confirms people care about what happens to their personal information and they expect large corporations to take responsibility when things go wrong in their own business and cause harm to innocent victims. 

It's important to remember that data protection is not solely about protecting information - it's about protecting people.


bottom of page