Supermarket employee jailed for 8 years after leaking personal data

A rogue employee who stole data about thousands of colleagues is now starting a long prison term. Andrew Skelton worked as an internal auditor for Morrisons and had access to a lot of personal data of employees and other contacts of the business. Following a disciplinary hearing where he was reprimanded for using the business’ address to send packages for deals struck on eBay, Mr Skelton shared personal data of 100,000 employees with newspapers and uploaded this information on data sharing websites. This included information about salaries, national insurance numbers, data of birth and bank account details.

A representative of the Crown Prosecution Service said “Andrew Skelton was in a position of considerable trust with access to confidential personal information as senior internal auditor of Morrisons. He abused his position by uploading this information, which included employees’ names, addresses and bank details, on various internet websites”. Mr. Skelton is also reported to have attempted to shield himself by trying to implicate another employee. The sheer scale of the data shared which could have resulted in identify is reported to have cost Morrisons more than £2million to rectify which it is very unlikely to be able to recover from the person who caused it.

Being found guilty of fraud by abuse of position, unauthorised access to data with the intent of committing an offence and disclosing personal data, Mr Skelton has been jailed for a term of 8 years. Even though Mr Skelton’s actions resulted in a number of criminal offences being committed, once he shared the personal data he is also held responsible for the data protection breach.

This case demonstrates the personal responsibility of all members of staff working in any business when it comes to data protection. In the event of a breach, this can result in a fine or as the case is here in a jail term where the misconduct includes offences under the Data Protection Act and other legislation. Likewise businesses should also take their data security arrangements seriously as addressing a data protection breach like this can be very costly.

Forbes Solicitors regularly assist business and organisations with a range of issues in relation to data protection. If you would like advice on data protection law and practice, please contact Daniel Milnes.

Nat Avdiu

About Nat Avdiu

Nat Avdiu is a Paralegal in the Contracts and Projects team at Forbes Solicitors. Nat provides updates for clients on a range of issues including: governance, data protection and freedom of information, procurement and charity law.
This entry was posted in Corporate & Restructuring, Housing Litigation and tagged , , , , , , , , .