Lawyers say they are watching the case closely because of the implications of the court finding a company vicariously liable even when it has cybersecurity controls in place and the breach is caused by an employee acting inappropriately on his or her own accord. Vicarious liability in U.K. employment law refers to an employer’s liability for its employee’s actions.
The case stems from a 2014 incident where a Morrisons senior internal auditor uploaded a file containing nearly 100,000 Morrisons employees’ personal data, including their names, addresses, birth dates, phone numbers, bank account numbers and their salaries at Morrisons.
via UK’s First-Ever Data Breach Class Action Suit Could Expand Breach Liability | Legaltech News.