What is Vicarious Liability?
It is well established that where a wrongdoer is an employee (or in a relationship akin to employment) and the wrongdoing complained of is closely connected to their role, then an employer can be liable in law for that wrongdoing. This can be regardless of the fact that the wrongdoing is not endorsed by the company and in breach of the employee’s contract.
The Criteria for Vicarious Liability
There is a two-staged test in order to establish vicarious liability:
- The relationship between the wrongdoer and the company
- The close connection between the nature of employment and the wrongdoing
The first stage test of whether there is a relationship ‘akin’ to employment is dependent on these further considerations:
a) The employer is more likely to have the means to compensate the victim and can be expected to have insured against that liability
b) The act will have been committed as a result of activity being taken by the employee on behalf of the employer
c) The employee’s activity is likely to be part of the business activity of the employer
d) The employer by employing the employee to carry out on the activity will have created the risk of the act being committed by the employee
e) The employee will to a greater or a lesser degree have been under the control of the employer
There has been much litigation in this area which accumulated in two major Supreme Court decisions on one day – 1 April 2020; Barclays Bank v Various Claimants (2020) and VM Morrisons Supermarkets Plc v Various Claimants (2020)
This is a case concerning the relationship test
Barclays Bank at the Court of Appeal1
Dr Bates was employed as an independent contractor by Barclays Bank to undertake medical examinations of existing and future employees. The medical examinations took place at Dr Bates’ home and he was paid a set fee for each examination. Dr Bates was employed on a part time basis by the NHS and had his own insurance and was not obliged to take the work. Dr Bates died in 2009 but in 2013 a police enquiry unearthed evidence of sexual assault during such examinations, and the victims brought claims against Barclays Bank.
In 2017 the Court of Appeal upheld the original decision which found Barclays Bank liable for the sexual assaults committed by Dr Bates.
Firstly, the medical examinations were for the benefit of Barclays Bank and an integral part of their business activity (selection of appropriate employees). Secondly, the risk of harm arose from the arrangements made by Barclays Bank to facilitate and prescribe such examinations. The employees were not offered any alternative doctor and had no real choice to refuse the medical examination, and would not have undergone the medical examination but for being employed (or due to be employed) by Barclays Bank.
Barclays Bank at the Supreme Court2
The Supreme Court overturned the decision and found that Barclays Bank were not vicariously liable for Dr Bates’ actions.
They felt that it was clear that Dr Bates was carrying on as an independent business (as a contractor) and therefore could not be in a relationship ‘akin’ to employment. There was therefore no need to evoke the 5 stage test (which should be reserved for doubtful cases).
This was a case concerning the connection test
Morrisons at the Court of Appeal 3
An employee (a senior IT auditor) leaked personal details of nearly 100 employees on the internet in a retaliation against Morrisons when he was reprimanded by them. The employee was tried, convicted and sentenced for his criminal acts. A group of over 5,000 employees brought claims against Morrisons for breach of data protection, misuse of private information and breach of confidence.
The Court of Appeal also upheld the original decision in concluding that there was sufficient connection between the wrongdoing and the nature of employment, regardless of motive.
They felt that there had been an unbroken thread that linked his work to the disclosure – a ‘seamless and continuous sequence of events’.
Morrison at the Supreme Court 4
The Supreme Court also overturned the decision and found that Morrisons were not vicariously liable for that employee’s actions.
They felt that the previous rulings had misunderstood and misapplied the principles on vicariously liability.
The key distinction is whether the employee (however misguided) is furthering his employer’s business or is engaged solely in pursuing his own interests (on a ‘frolic of his own’).
They did not agree that the online disclosure was within the employee’s ‘field of activities’ because he had not been authorised to do so
What does this mean for employers?
Whilst each case will always turn on its own facts, both cases illustrate that the courts have little appetite at present to expand the remits of vicarious liability.
Employers can perhaps breathe a sigh of relief given the wide ranging effects if matters had gone the other way.
However, there is little room for compliancy given that it has not been ruled out that employers could be vicariously liable for data breaches – we are just waiting for the right case to come along, especially as most data breaches are inadvertent (not personally motivated). Data breaches in general are on the rise; we are yet to see the full implications of the new regulations introduced in 2018.