This page contains a Flash digital edition of a book.


In light of staff bank details being posted online, supermarket chain Morrisons has shown the importance of data protection, not only to the company but to its people as well.

The last month has been a particularly difficult one for the marketing and PR bods at the long-established supermarket chain, Morrisons. The company’s prices may provide more and more reasons to shop there, but the case is much different for their workers, after a serious data breach. The breach was discovered early last month after data from the employee payroll was published on the internet and sent to a Yorkshire newspaper.

The data stolen included personal information such as names, addresses and bank account details, leaving staff unsettled, despite Morrisons apologising for the breach and assuring that they were working with the “highest level of cyber crime authorities” to ensure no one was financially affected.

In what appears to be a case of ‘hacktivism’ rather than outright cyber criminality, the immediate future of the company has taken a

massive hit. Not only does it raise questions about customer data, but Morrisons now faces an internal battle to keep its staff onside. One disgruntled employee spoke with a Leek newspaper to say that they were looking elsewhere for work because of the breach, commenting: “We have been told that the majority of staff have been exposed. The information that was exposed included our name, address, sex, national insurance number, date of birth, bank account number as well as sort code and, for some people, their telephone number. My trust in Morrisons has completely gone. Management say that they have respect for us, but how can they if someone from head office has done this?”

In response to the breach, Morrisons’ press release stated that “no colleague will be left financially disadvantaged as a result of this theft”. Unfortunately for Morrisons, the issue goes beyond simple compensation and leads its employees into the murky world of identity theft. In terms of crisis management, it may have also dug itself a bigger hole with those assurances, as Nuala OSullivan, Senior Lecturer at Westminster Business School, pointed out in the aftermath (see comment).

Data protection may appear a corporate, box-ticking exercise but the Morrisons example has proven the very human impact a lax policy can have. Your company’s data means more than just money; it’s your reputation. Investing in the right protection is investing in your people.


Nuala O’Sullivan Westminster Business School

The assertion that no employee will be financially disadvantaged because of this breach is too broad to offer any real assurance, since it appears to suggest that, if identity theft were to occur due to this breach, Morrisons would make good any personal or professional inconvenience, or cost accrued. Those suffering identity theft lose their own credit rating and may not be eligible for a mortgage, to study or move abroad, or to act as guarantor for minors. Morrisons is very generously offering to cover all of these eventualities without recognising the parameters of unintended consequences.

Beyond the financial concerns are the emotions of the individuals involved. Not only has the organisation’s lack of data care breached the psychological contract of fair behaviour between an employer and employee, but they may also have been found to be in breach of the 1998 Health and Safety Act which stipulates that employers have a duty of care towards their employees’ physical and mental well-being. Stress may be aggregated from many areas but this exposure may prove to be the tipping point.

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62