United Kingdom – Morrisons


The U.K. has seen its first group litigation case concerning data breach, and the organization in question, the supermarket chain Morrisons, was found vicariously liable for the actions of one of its employees.
A disgruntled employee posted a file on a file-sharing website that included data on nearly 100,000 of his colleagues. That employee was found guilty of several charges related to the incident, including fraud and gaining unauthorized access to computer materials and sentenced to eight years in prison.

Than 5,518 of the individuals whose personal data was published sued Morrisons. In this class-action-type suit, Morrisons — which was determined to have been compliant with data security laws at the time — was found vicariously liable for it’s rogue employee’s actions. It now faces large compensation costs.

Notable not only for being the first of its kind around data breach in the U.K., but this case is also interesting for setting a high standard of responsibility among companies for their employees’ actions. As data breaches increase in both frequency and scope in Europe, those affected by them are likely to look to class-action claims under the provisions of the GDPR, which gives data subjects’ more rights and increases defendants’ penalties.

A side note: Similar claims but concerning nonmaterial damage like emotional distress may be enabled by the GDPR and the Irish Data Protection Act 2018 to be brought to Irish courts.


More to explore


Service Starter Mid Expert Enterprise
Monitoring Yes Yes Yes Yes
Live Notifications & Reporting Yes Yes Yes Yes
Onboarding Session with our Success Team Yes Yes Yes Yes
Monitor all users (up to XX) 150+
Monitored Domain Yes Yes Yes Yes
Additional Domains No 1 3 5
Personal Email Addresses (Gmail / Icloud etc) No 10 30
Monitored Router IP & Device IP Breach No Yes Yes Yes
Dedicated Account Manager No No Yes Yes
Fully managed Service No No No Yes
Go Phishing No No No Yes
Staff Training No No No Yes
PCM (If paid monthly) £45 £75 £150 N/A
PCM (If paid annually 20% discount) £36 £60 £120 N/A
Annual 20% discount for annual transaction £432 £720 £1440 Call
Annual Saving £180 £180 £360 Call
1 Additional Domain £25 £25 £25
Add Additional 10 Personal Emails £25 £25 £25