Vicarious liability - when are you liable for the acts of your employees?

What do the following have in common? A managing director punches an employee at a drinking session in the early hours; a self-employed doctor sexually assaults a bank’s prospective employees during a medical examination; and an IT auditor uploads the personal data for thousands of staff online?  The answer: the employer was held liable for each of these incidents.

In light of recent judgments showing the courts’ increasing willingness to find employers liable for wrongful acts towards employees and customers, we outline below the ways employers can be held to be liable and what employers can do to protect themselves.

Discrimination and harassment

If one of your employees discriminates against a job applicant, such as by refusing to recruit because of the applicant’s race, or your employee harasses a colleague by using inappropriately sexual language, you may be liable for this. It does not matter that you did not sanction this behaviour or even that you did not know about it.

Protection from discrimination and harassment, and the scope of your potential liability, covers not just your employees and job applicants but also workers engaged by your business. In light of recent case law, this could include individuals who are described as self-employed contractors.

Employees causing harm to others

Employers can be held liable for an employee’s wrongdoing or negligence where there is sufficient connection with the employee’s employment. The courts have found this connection even where the employee commits a criminal act.

Recent examples include a senior IT auditor with a grudge against his employer, Wm Morrison Supermarkets, who released on the internet personal information about nearly 100,000 Morrisons employees. The supermarket group was found liable for the auditor’s serious breaches of data protection law.

Last year, the Court of Appeal found a company liable for damages in respect of an employee’s brain damage which was caused by the managing director punching the employee to the floor at a post-Christmas party drinking session.

The connection with the employer in the Morrison’s case was found because handling employees’ personal data was a significant part of the auditor’s role. In the second case, the work function had led on to the drinking session and the managing director was holding forth about his management decisions when he hit the employee.

Liability for self-employed contractors

The scope of liability does not stop at your employees. You may even be found liable for the wrongdoing of an individual working for your business as a self-employed contractor. The Court of Appeal found Barclays Bank liable for sexual assaults committed by a self-employed GP engaged by the bank to carry out medical examinations of employees and job applicants. Having looked at the relationship between the bank and the GP, the court concluded that the relationship was akin to employment.

How can we protect our business?

There are steps you can take to help defend your business from claims arising from one employee alleging that another employee has discriminated against or harassed him or her. You need to be able to show that you took reasonable steps to prevent the discrimination. A good way to do this is to have properly implemented and up-to-date equalities and anti-harassment policies and to train staff on equality and dignity at work.

It may be possible to manage some risks, for example by taking a zero-tolerance approach to aggressive behaviour or by taking appropriate steps to limit the flow of free alcohol at work parties.

Other risks will be unpredictable, and the best solution may be to ensure you have adequate insurance in place. In fact, the Court of Appeal indicated in the Morrisons case that cyber insurance may be the only way to effectively protect the business from a rogue employee committing a serious data protection breach; although having robust IT processes and protocols in place is essential in a post-GDPR world.

We help our clients identify and mitigate areas of potential risk, and work with them to put in place appropriate policies and practices to avoid them incurring liability for the actions of their staff.

Please contact us if you would like to discuss this further.

Chris Tutton