Hunting the Chimera: the Supreme Court hears two key vicarious liability appeals in November 2019

The law of vicarious liability continues to exercise senior judicial minds, as the courts re-configure the traditional approach to this subject to meet the demands, evolving working practices and mores of the modern world.

Two cases come before the Supreme Court this month and whilst we await the outcome we consider the potentially far-reaching ramifications for employers and insurers alike.

Data breach by employee – acting in course of employment?

On 6&7 November, the Supreme Court heard the appeal of the WM Morrison Supermarkets PLC v Various Claimants [22.10.2018] case.

This case concerns an employee who, motivated by a grudge against his employer, disseminated the pay details of some 100,000 employees onto the internet and sent copies of the data to various newspapers (and for which he was successfully prosecuted).

At first instance, the judge concluded there was a sufficiently close connection between the employee’s ‘field of activities’ and his criminal enterprise to ‘make it right’ for the employer to be held vicariously liable. That was so, despite the fact the activity took place at the employee’s home and his purpose was to harm Morrisons, a factor which clearly concerned the judge. The decision was upheld by the Court of Appeal.

The relationship between the defendant and the individual – akin to employment?

Today (28 November), the Supreme Court will hear the appeal in the Barclays Bank plc v Various Claimants [17.07.2018] case.

This case concerns a GP who was paid by the bank to undertake medical examinations on potential and existing employees and who allegedly sexually abused some of them during those examinations.

The GP had no contract of employment with Barclays, worked from home and was paid a set fee per examination. Barclays considered him to be an independent contractor.

Following a preliminary issue hearing, Barclays was found to be  vicariously liable for any proven assault, the court concluding that the relationship was sufficiently “akin to employment” and the wrong-doing sufficiently closely connected with that quasi-employment, to render Barclays liable. The decision was upheld by the Court of Appeal.

Comment

The awaited outcome from the Morrisons appeal could have significant and far-reaching consequences. Even relatively small businesses may hold huge amounts of personal data and the most rigorous security systems will be unable to prevent data breaches by motivated, disgruntled or simply negligent employees. Can it be right to hold the employer vicariously liable in such circumstances?

The answer to such “Armageddon” arguments, said the Court of Appeal, is insurance, but many businesses are inadequately insured against the risk of damages, legal costs and all of the expenses associated with responding to a large-scale breach.  We therefore hope the Supreme Court restores perspective with a decision that finds in favour of Morrisons. It is certainly questionable whether malicious activity undertaken with the sole aim of causing harm to the employer, should be considered sufficiently closely connected to the employee’s position to ‘make it right’ to impose vicarious liability on that employer. We hope the Supreme Court uses this opportunity to reign in vicarious liability.

Turning to the Barclay’s appeal, this outcome has the potential to widen the net for those individuals that will come within the remit of an employer for the purpose of being held vicarious liable. There is a general positive push towards protecting employees and for an individual’s ‘worker status’ to be based on the reality of their role and closeness to the employer and their wrong-doing. Therefore, regardless of the outcome of this particular case, we anticipate more people, who employers have previously considered ‘not employees’, will be deemed as such for the purpose of a vicarious liability claim.

The judgment of the Supreme Court in both cases is keenly awaited.

Related items: