In 2014 Morrisons suffered a serious data breach when the payroll data of nearly 100,000 employees (including names, addresses, dates of birth, national insurance numbers and bank details) were posted online.
A recent Court of Appeal case dismissed an appeal against an earlier ruling that the supermarket Morrisons was liable for its employees’ misuse of data. Previously in 2015 a former Morrisons employee had been convicted of leaking employee payroll records.
The case reinforces the importance of safeguarding data within an organisation, not only from external threats but also insiders. The insider threat refers to employees who either deliberately or accidentally pose a threat to the confidentiality, integrity or availability of an organisation’s data. The outcome has significant implications for all data controllers and data processors.