Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
“Is an organisation responsible for an employee data breach?”
This question is rarely asked when people contact us for help and advice about a data protection compensation claim, but it can be a key one. Many people often assume that the organisation – i.e. the person’s employer – must be responsible; but that’s not always the case.
Data breach incidents are assessed on a case-by-case basis, but there can be scenarios where an employee’s data breach can leave the employer vicariously liable, meaning the organisation they work for is who you pursue. In fact, a recent landmark case has potentially made it easier to do this as well.
Traditionally, applying vicarious liability can come down to what the employer could have done to have prevented the data breach in the first place. If an employee commits a data breach because they have not been adequately trained, or because the organisation failed to have proper systems and protocols in place to prevent such breaches, an employer can be squarely liable. This is helpful for victims as you can then claim against the company, and it allowed victims of the 56 Dean Street clinic breach to pursue the NHS Trust given that an employee’s data breach was really, in our view, down to systemic failures.
But, what about malicious data breaches, or data breaches committed on pursue when an employee knew it would breach the rules?
Holding an employer liable when the employee has knowingly ignored the rules and / or maliciously committed an intentional data breach can be hard. Unless such behaviour could have been reasonably predicted and / or prevented, how can the employer have done anything else to have stopped the breach from happening?
This principle has applied for compensation claims for a long time, although the recent ruling in the Morrisons data breach case has left the supermarket giant liable for a data breach where an employee intentionally leaked the data of staff in revenge over a grievance he had with his (now former) employer. Although Morrisons pleaded that there was nothing they could have done to have prevented the breach, the court held that Morrisons should be liable for the employee’s actions given the employee was undertaking his usual duties when he maliciously leaked the data.
The key thing to know is that you should speak to us here at the Data Leak lawyers and we can assess any potential data breach case for you and give you advice, guidance and representation for cases we believe we can win. The new GDPR comes into force this month and it may make it even harder for organisations to evade liability for data breach claims as well, so never assume you don’t have a case.
Speak to us and we can see if we can help you, call our team for free from a landline or mobile on 0800 634 7575 today!
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.