Reading:
Is an organisation responsible for an employee data breach?
Share:
compromised mobile phone

Is an organisation responsible for an employee data breach?

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

“Is an organisation responsible for an employee data breach?”

This question is rarely asked when people contact us for help and advice about a data protection compensation claim, but it can be a key one. Many people often assume that the organisation – i.e. the person’s employer – must be responsible; but that’s not always the case.

Data breach incidents are assessed on a case-by-case basis, but there can be scenarios where an employee’s data breach can leave the employer vicariously liable, meaning the organisation they work for is who you pursue. In fact, a recent landmark case has potentially made it easier to do this as well.

Traditionally, applying vicarious liability can come down to what the employer could have done to have prevented the data breach in the first place. If an employee commits a data breach because they have not been adequately trained, or because the organisation failed to have proper systems and protocols in place to prevent such breaches, an employer can be squarely liable. This is helpful for victims as you can then claim against the company, and it allowed victims of the 56 Dean Street clinic breach to pursue the NHS Trust given that an employee’s data breach was really, in our view, down to systemic failures.

But, what about malicious data breaches, or data breaches committed on pursue when an employee knew it would breach the rules?

Holding an employer liable when the employee has knowingly ignored the rules and / or maliciously committed an intentional data breach can be hard. Unless such behaviour could have been reasonably predicted and / or prevented, how can the employer have done anything else to have stopped the breach from happening?

This principle has applied for compensation claims for a long time, although the recent ruling in the Morrisons data breach case has left the supermarket giant liable for a data breach where an employee intentionally leaked the data of staff in revenge over a grievance he had with his (now former) employer. Although Morrisons pleaded that there was nothing they could have done to have prevented the breach, the court held that Morrisons should be liable for the employee’s actions given the employee was undertaking his usual duties when he maliciously leaked the data.

The key thing to know is that you should speak to us here at the Data Leak lawyers and we can assess any potential data breach case for you and give you advice, guidance and representation for cases we believe we can win. The new GDPR comes into force this month and it may make it even harder for organisations to evade liability for data breach claims as well, so never assume you don’t have a case.

Speak to us and we can see if we can help you, call our team for free from a landline or mobile on 0800 634 7575 today!

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon