Council not liable for employee's breach of private data rules

The High Court has ruled that a local authority was not liable for the behaviour of one of its employees in accessing and disseminating private data that was stored on its IT system.  

The claimant in the case was divorced with two children, who were known to social services. Data relating to the claimant and the children had been compiled by the authority on its case management system.  

It came to light that the employee, with whom the claimant's former husband was in a relationship, had accessed and disseminated that data.  

The employee was dismissed and ultimately convicted of unauthorised access to computer material. 

It was undisputed that the employee had breached the claimant's rights by accessing and disclosing to her former husband information about her and the children. The issue was whether the local authority was vicariously liable for those admittedly wrongful acts. 

The court held that it was not. 

The judge pointed out that in carrying out those acts, the employee had in no way been engaged, whether misguidedly or not, in furthering the local authority's business.  

Although she had gained the opportunity to access and process data relating to the claimant and the children by reason of the unrestricted access to the IT system which she was afforded to perform her role as a contact centre worker, accessing or processing those records formed no part of any work which she was engaged by the local authority to do.  

Indeed, if she had disclosed her connection with the claimant's husband, as she should have done, the local authority would have restricted her access to those records.  

It was a classic case of her being on a "frolic of her own".  

In those circumstances, her wrongful conduct could not be regarded as done by her while acting in the ordinary course of her employment. 

Please contact us if you would like more information about the issues raised in this article or any aspect of employment law. 

to chat