Sunday 22nd December 2024
Twitter Facebook Twitter LinkedIn RSS

Comsure operates in:the UK, Jersey, Guernsey

This Is What The Morrisons Data Leak Class Action Means For Future Breaches

UK supermarket Morrisons is facing a massive payout to staff after losing the first data leak class action in the UK. It comes after Andrew Skelton, a senior internal auditor at the retailer’s Bradford headquarters, leaked employee data online in 2014. Last year, a court ruled the firm was liable for his actions.

The company appealed the decision, but today (22 October) a UK High Court ruling found the supermarket giant liable for the data breach that saw nearly 100,000 of its employees’ sensitive details including salary and bank details posted online. Those affected can now claim compensation for “upset and distress”.

The leak does not come under the EU Update to General Data Protection Regulation (GDPR), but it shows the huge cost of a data breach going forward. This can include class action by “interested parties” – including shareholders and victims of the breach.

“It will be interesting to see how the precedents set by the ICO and FCA on breached firms will shape the litigation of class actions moving forward,” says Ian Thornton-Trump, head of cybersecurity, AmTrust International.

He says regulators are “fed up” with firms being breached, especially “when they find it was easily preventable”. Meanwhile, banks and insurance firms don’t want to continue to pay out for easily preventable data breaches, he adds.

He thinks the future will see class action being supported by a regulatory finding and fine. “In a way, an egregious regulatory fine and specific charges of negligence, lack of due diligence in data protection or botched breach notification will really stoke the fires of a class action, because the evidence of incompetence will be readably available.”

Thornton-Trump thinks it will make the “discovery” process of class action move along at a much faster rate. “The regulatory agency will need to produce a comprehensive ‘chronicle of shame’ to support any significant fine or penalty. It will be a very symbiotic relationship.”

It will also be an interesting “test case” from a US perspective. “It may even embolden more class actions in an already pretty litigious data breach environment,” Thornton-Trump points out.

“It serves as another large and unknown potential data breach cost that needs to be factored into the corporate risk assessment. Certainly, in the case of shareholder class actions armed with a comprehensive report from regulators, the executives at a firm may find themselves in for a very expensive and precarious career situation.”

At a time when cyber-attacks happen every day and increasingly in the public eye, it’s a huge blow for reputations, too. “This could not come at a worse time for Morrisons, when grocery firms in the UK and around the world are in deep competition with each other,” says Thornton-Trump. “The breach clean up, regulatory action and class action lawsuits are revenue and reputation hits which could be catastrophic in low margin, highly-competitive market places.

To read original article please click here


1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

WP2Social Auto Publish Powered By : XYZScripts.com