Employers could be vicariously liable for privacy breaches

The recent High Court decision of Axon v Ministry of Defence and News Group Newspapers Ltd suggests that employers can be held vicariously liable for their employees’ breaches of confidence and privacy.

The Claimant was a Commanding Officer in the Royal Navy.  He was relieved from his post and reassigned to a shore based location when the Ministry of Defence (MOD) found him guilty of bullying junior officers.  An employee of the MOD leaked this information to The Sun newspaper who published an article on this.  On discovering this some years later, the Claimant pursued claims for breach of confidence and breach of privacy (Article 8 ECHR) against the MOD asserting that it was vicariously liable for its employee’s acts.

The High Court determined that, on the facts of the case, the Claimant did not have a reasonable expectation of privacy. In reaching this decision it stated that the Claimant was “discharging a very public function, was in charge of a warship, and had, by his offensive conduct, imperilled the fighting effectiveness of his ship”.  Further, whilst the employee had a duty to the Crown and the MOD to refrain from disclosing confidential information to outsiders, she did not owe this duty to the Claimant. Consequently the Claimant’s claims failed.

Interestingly, the Judge went on to comment on vicarious liability and concluded that the MOD could have been held liable had the Claimant’s claims been valid.  This was on the basis that the employee’s wrongdoing had a sufficiently close connection to her employment.  The employee’s wrongdoing was based on information obtained during the course of her employment, her employment was the only reason she was privy to that information and she had signed a confidentiality agreement.  The Judge commented that, due to the sensitive information she was privy to, it was appropriate to view her job as including the task to preserve confidentiality.

Although only commented on obiter and, therefore, not binding, the Judge’s comments serve as an important reminder for employers to ensure that all employees are aware of the seriousness of confidentiality and privacy beaches.  An employer may escape the jaws of vicarious liability if it can demonstrate that it took all reasonable steps to prevent the wrongdoing occurring.  Water tight data protection and privacy policies are, therefore, an essential starting point to minimise the risks of vicarious liability.