morrisons staff uniforms

Source: Morrisons

The High Court ruled the retailer was liable for a data breach that saw private details of nearly 100,000 employees posted online

Morrisons has been granted permission to appeal to the Supreme Court after losing a major court case over a data leak, which sees it facing a huge possible compensation payout.

The Supreme Court has granted permission for the retailer to challenge a High Court ruling it was liable for a data breach that saw private details of nearly 100,000 employees posted online.

In October, the Court of Appeal upheld a decision against the supermarket, issued in December 2017, in the UK’s first data leak class action case.

The case concerns a security breach in 2014 when Andrew Skelton, a senior internal auditor at the retailer’s Bradford headquarters, leaked the payroll data of nearly 100,000 employees by putting it online and sending it to newspapers.

Skelton, who was subsequently jailed for eight years, had been sacked for dealing in legal highs while at the company. Morrisons has always said it would take every avenue possible to fight the case.

However, in October the supermarket lost an appeal against a High Court ruling that concluded it was legally liable for a former employee leaking personal information.

At the Court of Appeal, Morrisons argued it was not responsible for the breach and could not be held directly or vicariously liable for it.

It declined to comment on the latest decision.

Nick McAleenan, a partner and data privacy law specialist at JMW Solicitors, who is representing the claimants, said: “While the decision to grant permission for a further appeal is of course disappointing for the claimants, we have every confidence that the right verdict will, once again, be reached. It cannot be right that there should be no legal recourse where employee information is handed in good faith to one of the largest companies in the UK and then leaked on such a large scale.

“This was a very serious data breach which affected more than 100,000 Morrisons’ employees. They were obliged to hand over sensitive personal and financial information and had every right to expect it to remain confidential. Instead, they were caused upset and distress by the copying and uploading of the information.”