Morrisons Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Morrisons Data Breach
How To Claim Compensation If Affected By The Morrisons Data Leak
By Mark Ainsdale. Last Updated 25th August 2021. Welcome to our Morrisons data breach guide. This explores what options you have if you suffer from a data breach by Morrisons supermarket.
Under the General Data Protection Regulation (GDPR), businesses and organisations such as supermarkets have a duty to protect the data they collect from customers, employees and other parties.
In this guide, we will explain what Morrison’s must do to uphold this duty towards your data. We will also define what a supermarket data breach is and advise victims on how they can make a claim for data breach compensation.
If you have evidence that you’ve been impacted by a Morrison’s data protection breach and wish to claim compensation, Legal Expert can help.
To begin your compensation claim, call us today for your free telephone assessment. If we can see that you have legitimate grounds to claim compensation we will provide you with a No Win No Fee solicitor.
Select A Section
- A Guide To Data Breach Claims Against Morrisons
- What Is A Data Breach Claim Against Morrison’s?
- Ensuring A Business Complies With GDPR Regulations
- How Morrisons Breached Data Protection Regulations
- What Data Incidents Can Be Reported To The ICO?
- How Could The Victim Of A Data Breach Be Compensated?
- Calculating Morrisons Data Breach Compensation Claims
- How To Claim Morrisons Data Breach Compensation
- Why Use A Data Breach Claims Expert From Our Team?
- No Win No Fee Claims Against Morrisons
- Start Your Claim With A Data Breach Expert
- Learn More
Businesses and organisations collect, store and process data from customers, employees and other key stakeholders as part of their daily operations. For example, Morrisons will collect data from customers when they apply to join their customer loyalty program. Similarly, they will have information about their employees such as contact details and payroll information.
Organisations have to abide by regulations such as the General Data Protection Regulation (GDPR), which was enacted into UK law by the Data Protection Act 2018 (DPA). The purpose of these laws is to make sure that organisations do not misuse the data they collect or violate the rights of members of the public.
Under the GDPR, supermarkets and other organisations should do the following:
- Supermarkets have a duty to protect the data they collect from the public. This includes staff data and customer data.
- Supermarkets must have policies and security systems in place to protect data.
- Data must be collected by consent. When the supermarket collects data from an individual they must ask permission to do so and inform them of how the data will be used.
- If a Morrison’s supermarket data breach occurs, they should inform the ICO within 72 hours, if necessary, and contact affected individuals without undue delay.
Those affected by a breach may be able to claim compensation under the Data Protection Act. The supermarket may also be fined by the Information Commissioner’s Office (ICO).
Morrisons employs a Morrisons Data Protection Officer to oversee compliance with data protection regulations and needs to have robust internal policies to ensure that personal data is protected.
Morrisons Data Breach Claims Time Limits
If you have experienced a Morrisons data breach and wish to seek compensation, there is a time limit for making a claim. This is 6 years from the date you obtained knowledge of the breach.
In cases where the claimant’s human rights were violated by the breach, there is a 1-year time limit.
Do you have evidence that shows you have been affected by a Morrisons data leak? Then call Legal Expert today to speak to a knowledgeable claims advisor. If we can see that you have legitimate grounds to claim data breach compensation, we will provide you with a skilled solicitor to handle your claim.
A data breach is when there is a breach of security in an organisation that leads to data exposure, loss, alterations of personal data, destruction of data, or individuals getting unauthorised access to information.
Data breaches can happen for different reasons, for example, they could happen due to a staff error, an insider threat or because of criminal activity, such as hacking.
While cybercrime is common nowadays, simple instances of human error can cause significant damage. For example, an employee may send out a marketing email that has a list of recipient’s names and email addresses attached to it.
Similarly, Morrisons may send a letter intended for a customer to the wrong address, sharing the customer’s personal data with another party. Or an unencrypted USB stick may be left in a shared computer, allowing unauthorised personnel to access confidential data.
A data breach can also occur because of an insider threat, whereby a person working inside an organisation can expose data or pass data onto a third party. This can happen by accident, due to an error.
It can also happen if a disgruntled employee acts in a malicious manner. Or an employee may be involved in criminal activity and use their insider status to give fraudsters access to the data, for example passing on files or a password.
In terms of a Morrisons data breach, indeed Morrisons could also be subject to a cyber attack. For example, hackers may get into the company’s cybersecurity system. Or fraudsters may use malware or phishing techniques to gain access to personal data, which they can use to commit identity theft or use to ransom the company.
Data that could be breached can include the following:
- Telephone number
- Email addresses
- Online activity
- Payroll data
- Banking information.
In some instances, a third party may be judged to be liable for the personal data breach or IT data breach. For example, a database services company, like Blackbaud, that has a contract with Morrisons could be responsible for the breach. In this case, you could look to make a data breach claim against the third party.
If you wish to claim data breach compensation, Legal Expert can help you. Call us today for your free consultation and if we can see that you might be eligible, we can provide you with a knowledgeable lawyer to handle your claim.
The purpose of the GDPR is to make sure that organisations and businesses such as supermarkets act responsibly with the data they collect and store.
Under the GDPR, the following roles in the data collection and handling process are defined:
- A data controller is an individual role or organisation. Data controllers are responsible for collecting, processing and storing data in accordance with the GDPR.
- Some organisations employ a data processor, which is a business that will process and store data from stakeholders on the organisation’s behalf.
- The person whose data is collected, stored and processed on behalf of the organisation is known as the data subject.
Organisations and businesses such as Morrisons have to abide by the following principles as set out in Article 5 of the GDPR:
- That data is processed lawfully, fairly and transparently
- Set out in explicit terms the legitimate purposes for collecting data
- That collected data is restricted to what is needed
- That date is kept accurate and up to date
- Data should only be kept and stored for as long as necessary
- That data is processed and stored with integrity and confidentiality
A Morrisons data breach made the news in 2020 when an individual employee stole the data of around 100,000 of his colleagues and posted it on the internet.
In 2013, a senior IT auditor at Morrisons named Andrew Skelton decided to take revenge against the business by downloading payroll data for 100,000 Morrisons staff onto a USB stick. He then published the data onto a file-sharing site in early 2014.
This left Morrisons staff vulnerable to financial losses, identity theft and will have caused many to suffer psychological distress. Understandably many wished to seek compensation.
Mr Skelton was subsequently charged and imprisoned. However, a class action was brought against the supermarket chain. The case reached the Supreme Court which held that it wasn’t vicariously liable for the actions of its lone employee. In this case, Mr Skelton was pursuing a ‘personal vendetta, seeking vengeance for the disciplinary proceedings some months earlier.’
Therefore, employers can only be held liable for the actions of their employees if they’re closely connected with their duties at work.
If you have been negatively impacted by a data breach by Morrisons, the incident may be reportable to the ICO. In some cases, the supermarket could receive a data breach fine from the ICO.
We recommend that you take the following actions if you wish to report a Morrisons data protection breach to the Information Commissioner’s Office:
- Write a letter of complaint to the data protection officer of Morrisons, with details about the data breach. The ICO has a guide to raising concerns with some tips for making it impactful.
- If three months have passed without an adequate response, you can escalate the complaint by contacting the ICO, if you wish to (you are not legally obliged to contact the ICO).
- You may seek to take legal action. Contact Legal Expert today to enquire about finding a solicitor to handle your Morrisons data breach claim.
If you have been the victim of a Morrisons staff data leak or a Morrisons data breach, you may be eligible to make a claim.
If your case is successful, you could be awarded two heads of claim:
- Non-material damages: Having your personal data exposed or misused is a violation of your privacy rights. For many people, a breach of personal data can be a traumatic experience and can result in them becoming depressed, anxious or experiencing stress. This head of claim, therefore, looks at the psychological impact of a breach.
- Material damages: If you have experienced identity theft as a result of a data breach by Morrisons this may have led to financial losses. (For example, fraudsters may be eligible to withdraw money from your online bank account). You may be able to claim back these losses as part of a claim.
When your solicitor values your claim they will take psychological factors such as trauma and/or mental anguish that you experienced into account as well as financial losses.
In the past, it wasn’t possible to claim for the mental impact of a data breach without experiencing some financial hardship. that all changed with the Court of Appeal cases of Vidal-Hall v Google. Now, claimants who suffer either mental or financial damage can seek compensation.
When it comes to valuing mental harm, the Court of Appeal recommended turning to personal injury law. So on that basis, we have compiled the compensation table below to help illustrate different values for different forms of harm. The figures you can see come from the guidelines of the Judicial College.
|Severity and type of psychological injuries||Comments on the injury||Compensation settlement guideline|
|Psychiatric injuries - severe||There will be significant impacts on the claimants ability to cope with things such as their everyday life, maintaining relationships, working and in education.||£51,460 - £108,620|
|Psychiatric injuries - moderate||The claimant will be impacted in similar ways but with a better future prognosis.||£17,900 - £51,460|
|Psychiatric injuries - less severe||The settlement is based on the severity of the symptoms suffered. In this case, a full recovery will be made within a short period.||Up to £5,500|
|PTSD - severe||There will be a signbificant impact on the persons life and ability to continue with their ability to work, have relationships and continue with education.||£56,180 - £94,470|
|PTSD - moderately severe||The effects from this could continue for the foreseeable future. The expectation for the future is has a more positive outlook.||£21,730 - £56,180|
|PTSD - moderate||Whilst a full recovery should have taken place, there could still be some symptoms.||£7,680 - £21,730|
|PTSD - less severe||Full recovery in 12 months.||Up to £7,680|
Alternatively, call Legal Expert’s claim helpline today. One of our advisors will be happy to speak to you in-depth and if we can see that you are eligible to claim compensation we will be able to estimate how much your Morrisons data breach compensation package could be worth.
To begin your claim for data breach compensation, contact Legal Expert today. We offer a free no-obligation telephone assessment for anyone looking to claim compensation.
If after speaking to you, we can see that you are eligible to claim compensation we can provide you with a No Win No Fee solicitor to handle your case.
What are the benefits of letting a Legal Expert solicitor handle your claim?
- Your solicitor will be able to value what your claim is worth accurately and will negotiate with the defendant on your behalf to win you the maximum amount of compensation you could be owed.
- Our solicitors are experienced in this area of law, so your claim will be in safe hands.
- You will have the option to have your claim handled on a No Win No Fee basis.
Read our online solicitors reviews, left by our previous clients to see how many were happy with the service they received.
If you can show that you have been harmed because of a Morrisons data breach, Legal Expert can handle your claim on a No Win No Fee basis.
This means that you will not have to pay an upfront solicitors fee before your solicitor starts working on your case. Instead, you will agree to pay your solicitor a small, legally capped fee.
You will only be charged a success fee on the condition that your solicitor wins your compensation claim, making the process less risky financially.
What’s more, your success fee will be paid out of your compensation package, so you don’t have to worry about finding the funds to pay for your claim upfront.
Crucially, if your claim doesn’t lead to compensation, you will not be charged any fees by your solicitor.
To learn more about making a No Win No Fee data protection breach claim, read our online guide today or call us to chat with an adviser.
To learn more about data breach claims or to speak with us today about pursuing a case, get in contact with using one of the following methods:
- Call us today to speak to a claims advisor. Dial 0800 073 8804 to speak to us.
- Write to us about your ordeal using our online compensation claims form.
- Use the widget in the bottom right corner of your browser, to webchat with an advisor.
We hope that this guide to making a data breach compensation claim against Morrisons has been helpful. To learn more, please feel free to look at these online guides.
Morrisons Data Breach FAQs
When did the Morrisons data breach take place?
This happened back in 2014.
What were the circumstances for the Morrisons data breach?
An employee, Andrew Skelton, would intentionally leak payroll data for his colleagues as retribution for a dispute with his employer.
What is an example of a data breach?
This includes stealing physical details, computers, mobile phones and USB drives containing personal information.
What are the 3 categories of personal data breaches?
These are confidentiality, integrity and availability breaches.
Who must inform a data breach?
The DPO would be the party responsible for informing the data breach.
Who would you contact if a high-risk personal data breach occurs?
The ICO is the organisation to report a data breach to.
How long does a company have to report a data breach to the ICO?
The organisation must report the data breach no more than 72 hours after learning about the breach.
How much money could organisations be fined for a data breach?
Fines could be in the seven- or even eight-figure range depending on how many people lose their data.
Thanks for reading our guide to making a claim following a data breach by Morrisons. But please get in touch if you wish to make a compensation claim after a Morrisons data breach.