Selected cases

UK Supreme Court · [2020] UKSC 12

WM Morrison Supermarkets plc v Various Claimants

The UK Supreme Court considered employer vicarious liability after a rogue employee disclosed payroll data.

UK Supreme Court1 Apr 2020

Plain-English explainers, not legal advice. Use the linked official source for section-level detail, and get advice for your situation.

Get legal help

Start here

Quick read

  • The decision helped employers on vicarious liability, but it is not a reason to relax data security.
  • The UK Supreme Court considered employer vicarious liability after a rogue employee disclosed payroll data.

Use this to check

  • Limit payroll and HR data access
  • Log and monitor sensitive exports
  • Prepare for privacy, employment and reputational fallout even where a rogue employee acts alone

Decision snapshot

  1. What happened

    • A Morrisons employee who had access to payroll data copied and disclosed employee information online after a workplace grievance.
    • Thousands of employees sued Morrisons, arguing the supermarket was vicariously liable for his misuse of their data.
  2. What the court had to decide

    • The issue was whether the employee's wrongful disclosure was so closely connected with his employment that Morrisons should be vicariously liable.
  3. What the court decided

    • The Supreme Court allowed Morrisons' appeal.
    • The employee was pursuing a personal vendetta, and his wrongful disclosure was not sufficiently connected with authorised acts to make the employer vicariously liable on those facts.

Practical impact

Practical read

  • The decision helped employers on vicarious liability, but it is not a reason to relax data security.
  • Businesses still need access controls, audit trails, incident response and careful handling of staff data.

Useful next steps

  • Limit payroll and HR data access
  • Log and monitor sensitive exports
  • Prepare for privacy, employment and reputational fallout even where a rogue employee acts alone

The story

A Morrisons employee who had access to payroll data copied and disclosed employee information online after a workplace grievance. Thousands of employees sued Morrisons, arguing the supermarket was vicariously liable for his misuse of their data.

How businesses should read it

The decision helped employers on vicarious liability, but it is not a reason to relax data security. Businesses still need access controls, audit trails, incident response and careful handling of staff data.

Key takeaways

  • Limit payroll and HR data access
  • Log and monitor sensitive exports
  • Prepare for privacy, employment and reputational fallout even where a rogue employee acts alone

Related topics

How Sprintlaw can help