Data breach results in 8 year jail term

Brought to you by BrightPay

You may remember 2014, it was the year of the top-knot, the ASL ice bucket challenge dominated our newsfeeds and Morrisons suffered one of the biggest data breaches in modern history.

That’s right, Andrew Skelton, in a story stranger than fiction, deliberately posted personal payroll information including names, bank account details, salaries and NI details of nearly 10,000 employees. Why? Well besides the obvious reason that he mustn’t have been in the right frame of mind, Skelton was the subject of disciplinary action following an incident and reportedly harboured a grudge. YES, REALLY.

To cut a long story short, the data breach cost Morrisons nearly £2m to rectify, a court case that lasted years, not to mention a headache of epic proportions. Skelton? He was jailed for 8 years. According to David Holderness from the Crown Prosecution Service:

“The potential loss to his victims and the sheer quantity of potentially compromising data was very significant and could have resulted in employees’ identities being stolen….The sentence imposed today sends out a clear message”.

Basically, the Crown Prosecution Service are not messing about when it comes to personal data and protecting employee payroll information. Got it?!

“But what has this got to do with me and my business?” I hear you ask. This employee deliberately set out to do this and all businesses must ask themselves: how do you protect against an inside threat, a disgruntled employee?

Well here’s where it gets interesting because in October this year, Morrisons lost a Court of Appeals decision that said the supermarket were vicariously liable for this data breach, even though it was carried out by a disgruntled employee. Why??

Well for one. The payroll data was briefly stored on Skelton’s computer (he was an internal auditor at the time) where there should have been arrangements to ensure the deletion of such payroll data.  Arguably the point at which Skelton obtained the personal employee data exposed a vulnerability in Morrisons’ data protection processes. Plus, there is speculation that the protective strength of their policies may not have been up to scratch. It seems they are being made an example of.

The introduction of GDPR and a number of high profile data breaches means that our personal data and how it is used is at the forefront of our collective consciousness. This is supported by the fact that Morrisons are now being sued by 5,000 of their employees. Yikes!!

This case alone highlights the level of GDPR technical and organisational controls that need to be in place, even in the most trusted parts of the company. But this is such a huge task and I am surely doomed to fail! How can I ensure that my employee payroll details and client data is secure? Where do I even start?

Well, there is a GDPR payroll solution that is tailored to help you and your clients overcome some of the key challenges GDPR presents when processing payroll. BrightPay Connect is a GDPR compliant payroll tool that provides one of the most secure payroll platforms on the market.

With BrightPay Connect, the payroll information is accessed from a secure portal with end to end encryption. All sensitive data is stored on the cloud where clients and employees can log in to access the payroll information that is only relevant to them. Each employee has an individual password and access to their own personal payroll information only.

Also included in BrightPay Connect is an automatic cloud backup feature, an employee self-service portal, client payroll entry and payroll approval features amongst many others.

Book a free demo today and get a good night’s sleep knowing BrightPay gives you the tools to be GDPR protected.

Written by Aoibheann Byrne | BrightPay Payroll Software

Related articles

Are you missing out on our newsletter? We will not be able to email you without you subscribing to our mailing list. You will be able to unsubscribe at anytime. Don’t miss out - subscribe today!