Re: Vicarious Liability?
"It's been a while since I looked at a tort law book, but vicarious liability is fixed on an employer when the employee does something negligent in the course of his employment."
Without seeing court transcripts, my best guess would be that vicarious liability was triggered due to the failure of the employer to take all reasonable and practical measures to prevent this foreseeable incident from occurring and any reaction once the breach has been detected.
Moreover, did their action or inaction facilitate the theft? Such as;
- why did this person have access to all those different items of data?
- how did he get the data out?
- were all reasonable steps to prevent unauthorised data transmission taken?
- what provisions were there to ..., etc?
I know it is a fair few decades since I studied law, but IIRC the example given below may help...
If I run a bank and leave cash on the counter it won't be there for long. SOP's to protect the cash will in place so it is negligence by the teller. If the SOP says it is OK to leave it there until the teller has opened the drawer or safe, then the bank is apportioned blame (vicariously liable), as its' action or inaction allowed to theft to occur.
Perhaps with the forthcoming GDPR the financial implications may focus attention.