Employer Vicarious Liability
The big question here is whether an employer can be vicariously liable for the criminal actions of an employee that has breached the Data Protection Act (DPA)
If you are vicariously liable, it means that you are held responsible for someone else’s actions or omissions. Therefore, in this context, an employer may be responsible for their employee’s actions. For this to be the case it needs to be evidenced that the employee’s actions were in the course of their employment.
A recent case involving Morrisons has just provided a judgment allowing employers to be vicariously liable in criminal proceedings. In this case, a disgruntled employee of Morrisons leaked the personal data of nearly a 100,000 staff, which led to a number of them seeking legal action against Morrisons for a breach of the Data Protection Act.
The Information Commissioner’s Office (ICO), the UK body tasked with data protection, has levied a £120,000 fine on Stoke-on-Trent City Council after the authority was found guilty of a serious data breach. The ICO used the announcement to remind organisations the importance of encrypting confidential personal information.