In this episode, Jonathan Armstrong and Tom Fox review the recent UK Court of Appeals’ decision in the Morrisons’ case. This decision stretched the limits of vicarious liability for a corporation to the absolute breaking point and has significant implications in the broader data privacy-data protection space.
Jonathan and Tom discuss the legal theories, underlying facts and what it all may mean.
Some of the issues and highlights are:
- The case is instructive for how to conduct business under GDPR on data privacy.
- If a file is too large to email, it presents a higher data protection risk and must managed accordingly.
- Should you do risk assessments on individual employees around data privacy-data protection?
- How can vicarious liability exist for ultra vires conduct by an employee?
- How do you properly scope an investigation to ascertain an individual’s mind-set?
- A company must require its vendors to exercise appropriate data protection and control.
- Will Morrisons apply to the UK Supreme Court for relief?
For a more detailed analysis, see the Cordery Client alert, here.
You can listen to the podcast by clicking here
You can learn more about GDPR Navigator, one of the top resources for GDPR Compliance by visiting the Cordery website here.
For more information please contact Jonathan Armstrong or André Bywater who are London-based lawyers with Cordery where their focus is on compliance issues
Office: +44 (0)207 075 1784
Office: +44 (0)207 075 1785