Protecting Confidential Information
Background
With increasing employee mobility, together with the problems of enforcing restrictive covenants, protecting confidential information is hugely important. Confidential documents in the wrong hands has significant implications for a business trying to maintain its competitive advantage.
Confidential information is relatively easy for employees to steal. Information can be physically copied, emailed as attachments to private email accounts, or transferred onto memory sticks. Unless an employer obtains specialist computer forensics support, detecting theft of confidential information is extremely difficult, save where an employee has been foolish enough to leave some evidential trail.
Confidentiality in the Contract of Employment
The starting point for any organisation is to make sure contracts of employment contain clauses dealing with both confidential information (specifying the types of information it regards as confidential), and providing for the return of all company property on termination. By having an express clause, it widens the categories of information which the business regards as being confidential, and which otherwise might not meet the test of confidentiality under current case law.
It is also important to include in the contract of employment clauses covering data protection and the right to monitor employee communications. In addtion to any contractual terms modern staff handbooks should contain detailed provisions about data, IT and computer use.
Investigating breaches of Confidentiality
The difficulty in trying to enforce confidentiality obligations post termination is that it tends be restricted to what can be properly regarded as “trade secrets” of the business, a concept which the Courts construe narrowly.
If an organisation suspects a breach of confidentiality by a former employee it must act quickly. Start by undertaking a search of computer systems and other devices (e.g. tablets, smartphones) which might provide evidence of a breach. Be mindful that employees who conspire to steal confidential information will plan ahead, deleting emails and text messages, use memory sticks, or create cloud-based email accounts.
Despite an employee’s ability to hide visible traces of wrongdoing, with the advances in computer forensics, it is relatively easy to reinstate documents (together with metadata) which have been deliberately deleted. There are a small number of highly specialist companies which can support employers with investigations.
In seeking to both protect confidential information, and to investigate wrongdoing employers must stay on the right side of the law. The General Data Protection Regulation (“GDPR”) sets out the legal framework for the collection and processing of employee data. Employers must be mindful about not breaching an employee’s data rights in its efforts to investigate suspicious activity . The Information Commissioner (“ICO”) provides employers with guidance in this area.
Enforcement
In conjunction with any forensic computer investigation, if a breach of confidentiality is serious, employers should take legal advice about the range of interim injunctive orders which are available to them. These include search, delivery-up, and disclosure orders.
Given that employees often steal confidential information which is likely to be for the benefit of a new employer, that new employer will also owe a duty of confidence to the former employer, especially in circumstances where it knows the information is confidential.