Is an employer vicariously liable for the acts of a vengeful employee?

The facts

Andrew Skelton was a Senior Auditor at WM Morrison Supermarkets plc (Morrisons). A short time before he committed the wrongdoing which led to this case, he was subject to a disciplinary process by Morrisons and received a verbal warning.

Mr Skelton was very upset at having been taken through a disciplinary process and he held a grudge against Morrisons. As a result, he decided to take what he felt was revenge on his employer.

Mr Skelton saw this opportunity to take his revenge when he was given access to highly confidential and sensitive employee payroll data which detailed the salary of each employee. The purpose of him having access to this information was so that he could provide it to Morrisons’ auditors, KPMG.

However, Mr Skelton copied the payroll data onto a personal USB drive and uploaded the data to a publicly accessible file sharing website, and then took steps to try to implicate a fellow employee who was part of the previous disciplinary proceedings.

When Mr Skelton’s actions were discovered, he was prosecuted, found guilty of fraud offences, and was jailed.

The case

The case against Morrisons arose out of a group of former and current employees bringing a claim against Morrisons directly for the actions of Mr Skelton. The question in the case was whether Morrisons was vicariously liable for the actions of Mr Skelton.

Before the matter reached the Supreme Court, the High Court and the Court of Appeal had both said that, in their view, Morrisons was vicariously liable for Mr Skelton’s actions, as essentially he was given access to the information and that allowed him to do what he did, albeit without authorisation. They said that Mr Skelton’s motive was not relevant.

The decision of the Supreme Court

The Supreme Court however disagreed.

Lord Reed in the Supreme Court said that the lower courts had misinterpreted the legal principles governing vicarious liability in the following ways:

1. Authorisation: Mr Skelton was not authorised by Morrisons to disclose the information he had access to on the internet. His actions did not form part of his functions or the field of activities which he was asked to perform.
2. Link: Whilst there was an unbroken chain linking Mr Skelton’s access to the information for the purpose of transmitting it to KPMG and his disclosure on the internet, the link did not in itself satisfy the close connection test which is necessary.
3. Motive: The reason that Mr Skelton did what he did was highly relevant. It was necessary for the court to look at whether he was acting on Morrisons’ business or for purely personal reasons.

The decision of the Supreme Court was that Morrisons was not vicariously liable for the actions of Mr Skelton on the basis that he was acting entirely for personal reasons and there was no close connection between what he had been asked to do by Morrisons and what he did when he uploaded the information to the internet.

Comment

The Supreme Court’s decision seems to be a sensible one and will be welcomed by employers.

The decision sets the precedent that an employer may not be vicariously liable for an employee’s actions if those actions cannot be fairly and reasonably regarded as done by the employee while acting in the ordinary course of their employment. In establishing this, a court will have to look at the employee’s motives.

Please note, the information included in this update is correct at the date of publishing.