6,000 Morrisons staff are now suing the supermarket giant following a 2014 data breach in which 99,998 employees’ personal details were leaked. The court deadline for joining the group action was 8 April 2016.
Nick McAleenan of JMW Solicitors, which is representing the group, said: “Whenever employers are given personal details of their staff, they have a duty to look after them. That is especially important given that most companies now gather and manage such material digitally and, as a result, it can be accessed and distributed relatively easily if the information is not protected.”
Morrisons internal auditor Andrew Skelton, who developed a grudge against the company after being accused of dealing controlled drugs at work, was jailed for eight years at Bradford Crown Court last July for leaking the information, which included details of staff salaries, bank details and National Insurance numbers.
A spokesman for Morrisons said: “We are contesting this case. We are not accepting liability for the actions of a rogue individual. We can confirm that we are not aware that anybody suffered any financial loss from this breach.”
Data protection obligations
Alan Calder, the founder and chief executive of IT Governance, observed: “Heads of HR need to be as concerned about data security as heads of IT. The new EU General Data Protection Regulation (GDPR), with its mandatory breach reporting and fines of up to a maximum of 4% of global revenue or €20 million – whichever is the greater – will make the consequences of data breaches much more dramatic. Boards should be worried about these risks, and heads of HR need to be pushing for adequate technical, administrative and operational security measures – ranging from encryption through staff training to ISO 27001.”
For more information on how the GDPR will affect your organisation and to learn how IT Governance can help you comply, see our free information page >>
Alternatively, contact us on firstname.lastname@example.org or call +44 (0)845 070 1750 today.