After the employee had been given a formal verbal warning for his unauthorised use of the company’s postal facilities for his private use, he had a grudge against them.
As part of his duties, he was subsequently asked to provide payroll data to the company’s external auditors, which included personal information about 100,000 colleagues. He was provided with an encrypted USB stick containing the information, which he downloaded onto his work computer. He then copied it onto a personal USB stick and released it onto a file-sharing website, using a colleague’s name to set up an account. Links were posted to other websites and copies sent to newspapers, who did not publish it but informed the supermarket. He was arrested, charged and convicted with fraud.
A large number of employees brought claims against the supermarket, including for breach of the Data Protection Act. The High Court held there was a sufficiently close connection between the employee’s employment and his wrongful conduct for it to be just to hold the employer liable. The Court therefore confirmed that motive is irrelevant to the test for vicarious liability even where, as here, the employee’s motive was to harm the employer rather than to achieve some benefit for himself or to inflict injury on a third party.
The morale of the story in such circumstances could be for employer’s to protect themselves by having adequate insurance in place to prevent such an eventuality.
If you wish to discuss further, please contact us.