2018 has seen many well-documented data breaches, with companies such as Facebook, Google and BA all experiencing damaging data exposure. The repercussions can be severe, with Uber recently having to pay £133 million in respect of its 2016 cyber-attack. However, with GDPR legislation coming into force this year, coupled with the established Data Protection Act, the importance of data protection is in the public eye more than ever. In particular, employers are under huge pressure to ensure the data they hold is safe and not misused by employees.
The recent Court of Appeal judgment in WM Morrison Supermarkets PLC v Various Claimants will only amplify this further. A disgruntled employee of Morrisons exposed 100,000 workers’ personal details online. Over 5,000 of these employees brought a class action against their employer for the worry and stress it caused. The Court of Appeal upheld the earlier court's decision, declaring Morrisons vicariously liable (ie to be held accountable) for the data leak caused by its employee. Effectively, Morrisons didn’t do enough to stop it, there was an unbroken chain from the disgruntled employee’s work to the disclosure, and the court held that Morrisons had the financial means to insure against this to compensate the victims.
The judgment has subsequently come under fierce criticism, with a warning that it could open the floodgates for employers being found liable for their employees’ misconduct. Most concerning is how difficult it is for employers to protect data, particularly when considering the expansion of remote working arrangements. The Court of Appeal suggested employers can safeguard against this risk by insuring against losses caused by dishonest or malicious employees. Whilst appearing a simplistic fix to a problematic issue, this has led many commentators to speculate that if employers are more easily held accountable for employee misconduct, insurers are less likely to insure against this more probable risk.
Alongside data breaches the other key area where firms and individual employees can be hit hard for their mistakes is discrimination. Gender pay gap reporting and the #MeToo campaign against harassment are changing the way sexual equality is viewed in the workplace, and changing it for the better. So what are the core points that every HR director and line manager needs to be aware of? Come along to our free half-day conference (Reading 20 November and London 29 November) where we will explore 'The challenges of a changing workplace' with expert sessions on unconscious bias, closing the gap in gender pay, and sexual harassment.
