One of the biggest risks businesses face today is not necessarily a hacker or cyber criminal, but the businesses’ own employees, especially those who are disgruntled and want to cause the business harm or are entrepreneurial and see the opportunity to exploit their contact book and set up in competition.

Either category of employee can cause untold damage to a business, both financially and by damaging its reputation. In this article we look at some of the simple steps you can take to help manage that risk and options open to you if the worst happens.

The rogue employee

The ongoing case involving UK supermarket giant WM Morrisons, which was heard in the Court of Appeal in 2018 and which is expected to proceed to the Supreme Court, is a landmark case. The appeal court has upheld the judgement that the business is vicariously liable for a data breach caused by an employee, despite the fact that the disgruntled employee decided to deliberately cause the business harm by posting customers’ details on the web.

The judge in the first case described Morrisons’ security systems as mostly providing adequate and appropriate controls, and said that even if it had implemented additional recommended controls these measures would not have prevented the breach. In effect, then, Morrisons could not reasonably have done anything more to prevent the employee in question from going rogue and posting the customers’ data. Yet Morrisons was still held liable for the data breach, and the judgment has been upheld. The effect of the ruling means Morrisons is required to satisfy claims from customers made against the company because of the data breach.

Jan-Mar 2019 issue

Freeths LLP