We have submitted our response to the White Paper Consultation based on the discussion held at the “Planning for the Future - what does this mean for affordable housing” webinar we held on Fri 9 Oct
Two recent cases illustrate the rather unpredictable nature of these decisions, as confirmed by Lord Justice Irwin noted in the Bellman case below. These cases appear, more than any, to be so reliant on their individual facts and whilst they are important to note, no great sea change has occurred.
As ever when it comes to the Christmas party season the practical advice remains the same. A short, informative but warm email reminding employees that works’ “dos” are a time to have fun and relax, but not at the expense nor discomfort of colleagues, sets the tone. A clear boundary of where the employer’s provisions end in terms of alcohol and food is further useful as is an email to senior employees reminding them of their responsibilities even when in a relaxed setting and the potential perils of failing to do so
Wm Morrison Supermarkets Plc v Various 
Whatever your view is on Morrisons’ food you would be hard-hearted not to feel some sympathy for them following the Court of Appeal’s judgement in this case. They are having to pay an as yet undisclosed sum in damages following the actions of a disgruntled employee.
S worked for Morrisons as an internal IT auditor. Following disciplinary proceedings against him, he developed a grudge against his employer and decided to take action. He copied data which included payroll details of over 100,000 employees onto a USB stick, took the data home and released it on the internet and to a number of newspapers. S had been given access to this information by Morrisons for the purpose of an internal audit.
He was convicted of criminal offences including offences under the Data Protection Act 1998. However, Morrison’s nightmare was not over as 5,000 of the employees whose data had been leaked then bought a claim in the High Court for damages for misuse of private data, breach of confidence and breach of Morrison’s statutory duty under the DPA 1998. Morrisons was held vicariously responsible for S’s actions as the company had appointed S the data controller.
The High Court held that whilst Morrisons had not misused or permitted the misuse of confidential information, there was a sufficient connection between the company and S to deem it vicariously liable for S’s actions. Morrisons, not surprisingly given the monetary cost and reputational damage of such a claim, appealed to the Court of Appeal. They argued on the vicarious liability point that S’s actions did not occur during the course of employment and hence Morrisons was free from liability. They further argued that the DPA 1998 implied that there was no vicarious liability for the misuse of private information since the legislation provided a statutory code to deal with such breaches.
The Court of Appeal, however, did not agree. On the DPA point, they concluded that Parliament had never meant the legislation to exclude vicarious liability. The DPA is silent on the liability of an employer who is not a data controller for breaches made by that data controller and so in the absence of any statutory provision, the only remedy left was through vicarious liability.
As to whether vicarious liability existed in this situation, the Court of Appeal was adamant; the principle still applies even when the wrongdoing is committed away from the workplace provided there was a seamless sequence of events so no event to break the causation chain and the chain of liability. The Judge was empathetic in his comments that S breached the DPA, not for his own gain but to harm Morrisons but nevertheless concluded that Morrisons must still be held vicariously liable.
This case rather leaves employers exposed to the ad hoc actions of disgruntled employees hell-bent on revenge! The only comfort may come from the fact that this case is the first on such a scale that we have seen. Some guidance has suggested larger employers look to insure against these losses. Whilst this may meet legal fees it does not address reputational damage and share price losses. Greater security might be necessary to prevent highly confidential information being downloaded but this might not be reasonably practicable for many employers.
Practically speaking, this should be read as a cautionary tale but there are some learning points to be taken.
- ensure data protection training is up to date (note this case was heard prior to GDPR);
- emphasise to employees the criminal nature of serious breaches of the data protection laws and the tight security that exists to prevent breaches; and
- place where possible restrictions to downloading information and making it more portable.
Anthony Collins Solicitors is pleased to have been ranked as a Band 1 firm once again.
Since March 2020, commercial property owners and occupiers across many sectors, whether housing associations, charities, care providers or local authorities, have been impacted by the rules regulating how they deal with their tenants and their landlords. It seems each week there is a change in policy, regulation or legislation, governing how they must respond.
A key element of the Bill is the establishment of a duty holder regime and requirement to maintain the ‘golden thread of information’ throughout the life cycle of high-risk residential buildings
We have been working with care homes to update their contracts and advise on the risks of charging the resident a regular “top-up” or additional fee where a resident is funded through NHS CHC
The parliamentary processes are complete and the Restriction of Public Exit Payments Regulations 2020 (“the Regulations”) which cap exit payments in the public sector at £95,000 will be in force from 4 November.
As the UK’s social housing sector recovers from the initial Covid-19 outbreak and lockdown, now is the time to focus on the challenges that may emerge next.
There is no universal approach to regenerating town centres. However, housing must be considered a key part of any regeneration project – providing well-needed new homes and economic growth.
Friday 16 October marks the 6th annual Wear Red Day in England, Wales and Scotland. Wear Red Day is the brainchild of the charity; Show Racism the Red Card (SRTRC). SRTRC aims to educate young people so they are equipped to recognise and challenge stereotypes, misconceptions and negative attitudes towards race.
Alongside the Building Safety Bill published in July 2020, the Fire Safety Bill is a key step in the Government’s strategy to improve building and fire safety in the wake of the Grenfell Tower tragedy
To receive invitations to our events, as well as information and articles on legal issues and sector developments that are of interest to you, please sign up to Newsroom.