Protecting Confidential Information


With increasing employee mobility, together with the problems of enforcing restrictive covenants, protecting confidential information is hugely important. Confidential documents in the wrong hands has significant implications for a business trying to maintain its competitive advantage.

Confidential information is relatively easy for employees to steal. Information can be physically copied, emailed as attachments to private email accounts, or transferred onto memory sticks. Unless an employer obtains specialist computer forensics support, detecting theft of confidential information is extremely difficult, save where an employee has been foolish enough to leave some evidential trail.

Confidentiality in the Contract of Employment

The starting point for any organisation is to make sure contracts of employment contain clauses dealing with both confidential information (specifying the types of information it regards as confidential), and providing for the return of all company property on termination. By having an express clause, it widens the categories of information which the business regards as being confidential, and which otherwise might not meet the test of confidentiality under current case law.

It is also important to include in the contract of employment clauses covering data protection and the right to monitor employee communications. In addtion to any contractual terms modern staff handbooks should contain detailed provisions about data, IT and computer use.

Investigating breaches of Confidentiality

The difficulty in trying to enforce confidentiality obligations post termination is that it tends be restricted to what can be properly regarded as “trade secrets” of the business, a concept which the Courts construe narrowly.

If an organisation suspects a breach of confidentiality by a former employee it must act quickly. Start by undertaking a search of computer systems and other devices (e.g. tablets, smartphones) which might provide evidence of a breach. Be mindful that employees who conspire to steal confidential information will plan ahead, deleting emails and text messages, use memory sticks, or create cloud-based email accounts.

Despite an employee’s ability to hide visible traces of wrongdoing, with the advances in computer forensics, it is relatively easy to reinstate documents (together with metadata) which have been deliberately deleted. There are a small number of highly specialist companies which can support employers with investigations.

In seeking to both protect confidential information, and to investigate wrongdoing employers must stay on the right side of the law. The General  Data Protection Regulation (“GDPR”) sets out the legal framework for the collection and processing of employee data. Employers must be mindful about not breaching an employee’s data rights in its efforts to investigate suspicious activity . The Information Commissioner (ICO”) provides employers with guidance in this area.


In conjunction with any forensic computer investigation, if a breach of confidentiality is serious, employers should take legal advice about the range of interim injunctive orders which are available to them. These include search, delivery-up, and disclosure orders.

Given that employees often steal confidential information which is likely to be for the benefit of a new employer, that new employer will also owe a duty of confidence to the former employer, especially in circumstances where it knows the information is confidential.

Registered Office

2 Thorn Park
EX17 5AG

Tel: 01647 231475
Fax: 03330 160628


Exeter Office

Queensgate House
48 Queens Street
Exeter EX4 3SR

Tel: 01392 539347
Fax: 03330 160628


London Office

Warnford Court
29 Throgmorton Street
London EC2N 2AT

Tel: 0203 9177058
Fax: 03330 160628