Changez Khan succeeds in the Court of Appeal in Morris v Metrolink – data leaks, misconduct and s.152 TULRCA 1992

Published: 14/06/2018 | News

The Court of Appeal have today handed down their judgment in Morris v Metrolink RATP Dev Ltd. The case concerned automatic unfair dismissal under s.152 TULRCA 1992, confidential data leaks and misconduct. Changez Khan acted for the successful Appellant.

This was a difficult case: a trade union official was dismissed for using confidential information (a manager’s diary) as part of a collective grievance on his members’ behalf. The overall question was whether this was legitimate trade union activity and whether his dismissal had been automatically unfair (contrary to s.152 TULRCA 1992). The Claimant succeeded in the ET, but suffered a reverse in the EAT. Slade J took the stern view that his case had “only a very small percentage chance of success” and issued him with a costs warning. On a further appeal, Changez was able to persuade the Court of Appeal (unanimously) to overturn the EAT and restore the original result in Mr Morris’ favour.

The lead judgment was given by Underhill LJ. It engages with two issues:

(a) what is the protective scope of s.152 TULRCA 1992?
(b) more controversially, if an employee receives leaked confidential information is he under a duty to delete it?

In summary, the Court of Appeal held that:

(a) trade union activity enjoys protection under s.152 unless it is “wholly unreasonable” (which is a high threshold for disqualification);
(b) the recipient of a confidential data leak is not under an absolute duty to delete it – rather, every case turns on its own facts and Mr Morris’ use of the information was not improper.

This is a significant case. It confirms the correct approach to s.152 TULRCA. It also has a wider importance for misconduct cases where data security is used as the basis for dismissal. It cautions employers against overreacting to data breaches and rushing to characterise them as gross misconduct. There are interesting questions for future cases. At what point does a data infraction amount to misconduct? When will a duty to delete confidential information arise? A nuanced approach is required and such questions will be highly fact-sensitive.