What Happened?Morrisons suffered its first blow in 2014 when their senior internal auditor, Andrew Skelton, now imprisoned, leaked the payroll data of its employees. Past and present employees were enraged when their confidential data including names, addresses, bank account details and salaries were posted online. Mr Skelton also sent breached data to newspapers. He was imprisoned for five years in 2015 but the saga for Morrisons has long continued. A class action was brought against Morrisons by its enraged employees. Morrisons claims to have taken the data down immediately and provided reassurance to their employees that they would not suffer any financial loss as a result of the leaked data. Whether you think that Morrisons’ reaction to their data breach was adequate or not, the judgment has been ruled against them.
The RealityCyber security threats are a harsh reality for many businesses and this could happen to your business. If there is anything to be learnt from Morrisons, it is that businesses should be extra vigilant with their data. Hackers are not always hooded, organised, IT savvy criminals. That is not to say Morrisons had inadequate data protection policies in place or inadequate cyber security. Morrisons may have just been unlucky in this instance, however in law, the odds have so far been against them. It is virtually impossible to protect you or your business from unpredictable behaviours of staff, but there are some measures you can put in place to prevent a data breach. Ask yourself the following:
- Where are your clients’; suppliers’ and employees, past and present data stored?
- Who has access to this data?
- Are you holding information unnecessarily therefore putting your business at unnecessary risk? (The key here is to delete data that has no business relevance.)
- Do you have the necessary cyber security in place to prevent both an internal and external data breach?
Griffin Law is a dispute resolution firm comprising innovative, proactive, tenacious and commercially-minded lawyers. We pride ourselves on our close client relationships, which are uniquely enhanced by our transparent fee guarantee and a commitment to share the risks of litigation. If you have any specific questions regarding a dispute, please email firstname.lastname@example.org or call 01732 52 59 23.