Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Morrisons data breach creates additional cyber-liability

Neil Hodge | January 23, 2018

A recent U.K. court ruling means that organisations can be held liable for breaches of personal data, even if the act was malicious and the company could demonstrate that it had suitable controls, policies and procedures in place to protect that information.

Organisations can also be held legally liable for malicious breaches and data hacks even if the regulator believes that no harm to anyone has occurred as a result.

In December 2017, U.K. supermarket chain Morrisons was found liable for a malicious data breach caused by a disgruntled former employee that saw the personal and financial details of nearly 100,000 staff uploaded to an online file-sharing website and sent to local newspapers.

Workers brought a class action claim against the company last October after employee Andrew Skelton, a senior IT auditor, stole the data—which included names, addresses, National...

Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.