Employee disengagement; why one of your biggest privacy and reputation risks could be closer to home than you think

29 May 2020

For all its upsides, such as time with your children, opportunity to exercise, no commuting on the Tube at 8am, lockdown life is wearing a little thin for the majority. Too much time on our hands and conflicting information in the news makes us on edge and tense. A recent report cited 200,000 people have reported their neighbours to the police and, pre-lockdown easing, police voiced frustrations that rules were starting to be broken as frustration mounted.

While taking our frustrations out on our neighbours is one thing, this trend has repercussions for your business. It can be hard to keep a remote workforce engaged, particularly if this is new territory. Additionally with some businesses having to slow down, furlough staff, and even cease operations, the future is uncertain and nerves are frayed. There is a chance some of your employees are not happy - and a disgruntled employee can cause major reputational damage.

What can go wrong?

A disgruntled employee, or ex-employee, with an axe to grind and time on their hands is an acute vulnerability. Leaking information or campaigning against high-profile leaders can be a costly and painful issue to resolve. Actions taken by employees who have ‘gone completely rogue’ can even be your responsibility.

The recent Supreme Court’s decision in WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12 is a reminder of this. This decision is particularly timely in light of the Covid 19 pandemic which has forced employees to work from home and away from direct oversight by their supervisors.

This case concerned a rogue employee who deliberately and criminally disclosed personal data belonging to co-workers (including bank and salary details) to a file sharing website and then onto newspapers. You can find more information about the facts of the case in our 2017 article on the findings of the judge at first instance.

The Supreme Court reversed the findings of the Court of Appeal and found that Morrisons was not vicariously liable for the rogue employee’s misdeeds. However, in reaching that decision, the Court also decided that employers could be vicariously liable for employees’ breaches of data protection legislation.

This means that even if a company has committed no wrongdoing as a data controller, it can – in certain circumstances - be liable for a data breach caused by a rogue employee.

What can you do?

As always, the best defence against the rogue employee or bad leaver, is to be pro-active. While most office workers are still working from home it’s more important than ever to prevent this from being an issue in the first place by:

  • Keeping in touch and building goodwill with employees. As prevention is better than a cure, keeping employees satisfied, motivated and engaged reduces the chances of a disgruntled employee in the first place. In a remote working world, regular video catch-ups, informal check ins and clear wellbeing policies are vital. Employee engagement matters more than ever. However, a balance must be struck. Too many catch ups may make an employee feel they aren’t trusted to independently carry out their role.
  • Consider employees’ access to information. Make sure that only a limited number of people have access to sensitive information, like payroll data, sensitive client information or bank account details. Then split these tasks up as much as possible within the limited pool of people and provide clear lines of responsibility and control. This minimises the impact of any potential breach and builds in strong checks and balances.
  • Review, review and review. Keep reviewing who has access to what information and reconsider this access regularly and especially if an employee becomes disgruntled.
  • Maintain an appropriate surveillance policy. While it is legal (and, in many cases, important) for an employer to carry out monitoring and surveillance of its employees, such monitoring must be limited to their work devices and should not go further than necessary to protect your business’ vital interests. It is also important you ensure that your company has in place a detailed and transparent surveillance policy - we’re happy to help develop this.
  • Plan for any data breaches. Despite the above steps breaches can still occur. Ensure that an action plan is in place, so you comply with your regulatory obligations and minimise the impact of any breach.
  • Lead by example. Remember an unhappy employee will also look for ways to criticise a company’s leadership. The constant stresses of running an enterprise are not immediately obvious to the disgruntled employee, who may see you as a caricature. So prevent yourself being a target in the first place. Before you, or your family, post anything on social media, consider the optics of it and how it could be used against you.

Authored by Jason Frydman and Alex Maunders.

Receive our monthly newsletter

About the Author

Jason Frydman


Jason is an Australian qualified lawyer who specialises in defamation, privacy and commercial litigation

+1 646 934 6219
Our 24 hour number
+1 646 934 6219
Legal information

© 2020 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.