Supreme Court hears Morrisons defence of rogue auditor data breach
Supermarket chain Morrisons has made a final bid in the UK’s top court to shrug off vicarious liability claims that it is responsible for a massive data breach by a disgruntled auditor who leaked staff payroll details online.
Replies (10)
Please login or register to join the discussion.
Options: 1) Go back to paper to make copying large volumes more difficult; 2) Take USB ports off all corporate computers; 3) Make systems so that only FD can copy any data; 4) Insure; 5) Give up and go home and let the business die: is that really what the regulators want? We fund them and running us into shutting our businesses will inflict a tax-take own-goal!
Reminds me of the question: Why is it called "common sense"? Answer: because it isn't common...
You are right, it is impossible to completely prevent such things from happening. Companies need to show that they are addressing the risks and adopting best practices for prevention, and should not be penalised if they can demonstrate that they adhere to best practise. But we need to recognise that individuals who commit this sort of crime are doing harm to society, not just the company they target, and the penalties need to be severe and well publicised as a deterant to others. 12 years in jail and appearing on the 10 o'clock news should help. But it won't happen.
I guess the law is of the opinion that where there's blame there's a claim and it is a good money earner for the industry.
Simply put it's the individual who is to blame and the people who have "suffered" should be suing him but then they and their legal representatives wouldn't get as much out of him would they....
Interesting case, so what happened to the villain Skelton? After all, it was he who stole the information and made it public.
But, but, but.....I have checked this twice on my calculator, 2015 plus 8 years means he should still be in jail until 2023. Do you think the judges need new calculators cause they obviously can't add up for peanuts. I guess crime does pay in Great Britain if people get let off so easily after serving only half their sentences.
On a serious note, I just dusted off the cobwebs from my memory of vicarious liability and as far as I recall from the bit of law in my early studies, a company is only held vicariously liable for the actions of an employee who was obviously acting as an AGENT for the company at the time of the offense.
In this case, Skelton stole the data and then posted it online out of personal vengeance, no way was he acting as an agent for the company.
So how on earth is Morrisons even held vicariously liable? What type of twisted justice is this? We need to shake up these useless judges (turds) most of whom are well past their sell by dates and just prolong cases unnecessarily.
If I was the class-actioners I would hire some data security experts and have them examine Morrison's data protection polices and systems. There is a huge amount you cant do to reduce the risk of data abuse and a lot of companies are far, far away from best practice. I feel really let down by this - there always seems to a technicality that gets them off the hook or a general throwing of the hand in the air and 'what can you do' attitude. We need more expert witness brought into these cases.
I think Flightdeck is being unrealistic. Even NASA gets hacked and if you have a disgruntled employee determined to shaft your company they will find a way to do it.
The correspondent who said that the end is for all the employees to lose their jobs and the business to go bust has it in a nutshell. The whole GDPR is a complete farce. Common sense should prevail but in the tick box world we live in there's a fat chance of that.
I think Flightdeck is being unrealistic. Even NASA gets hacked and if you have a disgruntled employee determined to shaft your company they will find a way to do it.
The correspondent who said that the end is for all the employees to lose their jobs and the business to go bust has it in a nutshell. The whole GDPR is a complete farce. Common sense should prevail but in the tick box world we live in there's a fat chance of that.
As a business manager I get payroll data requests from auditors and they certainly do not require the vast amount of detail (bank accounts, NHI numbers etc.) as sent by Morrisons and that is what caused the issue. Surely only summaries are sufficient.