As the year draws to a close here is Part 4 of our series 2018 - a year like no other for data protection! October opened with two court decisions in respect of large scale litigation; ICO enforcement action in Heathrow Airport Limited highlighted the basic errors committed by employees that employers need to guard against; the EDPB's draft guidelines on extra territorial scope were finally published; and Christmas came early when "confidential" Facebook emails were disclosed due to a rare Parliamentary power being exercised. We conclude our series with some key takeaways for all stakeholders controlling or processing data.
The Court of Appeal recently upheld the High Court's decision that Morrisons is vicariously liable for a data breach carried out by one of its employees over 4 years ago. The decision is a reminder that an employer may be held liable for the malicious actions of a rogue employee, besides highlighting the increasing threat of group actions for cyber and data breaches.