15 June 2016

Raising the secrecy stakes: new sanctions for employee data theft

This article was written by Cerys Williams, Counsel

There have been a couple of cheering recent developments for employers whose staff walk out the door with confidential information. Traditional legal remedies in these cases, such as an action for breach of contractual confidentiality provisions, have been around forever but these can feel impractical, expensive and unpredictable to employers who find themselves at the sharp end of information theft.  However the cases mentioned below offer some different lines of attack.

Criminal Prosecution by ICO

The Information Commissioner's Office recently pursued a criminal prosecution against an employee who left his job and took with him information about his former employer’s clients. While the ICO is not concerned about all confidential information, in this case (as in many others) the information contained  personal data relating to clients. This breached data protection legislation and constituted criminal activity under section 55 of the Data Protection Act 1998, since the data was obtained unlawfully.

Although the sanctions applied were small (fine of £300, victim surcharge of £30 and £400 costs), the threat of a criminal conviction will be a serious deterrent to most professionals and, of course, the employer does not directly bear the costs or administrative burden of pursuing the prosecution. In practical terms, the value of this sanction may be mostly in the threat, particularly if clients/data subjects can be persuaded to make or threaten direct complaints to the regulator.

It is also noteworthy that the ICO specifically publicised this prosecution and warned other employees who might be considering similar actions, which may be taken as a change in enforcement policy for cases of this type.

Order for Destruction of Confidential Materials

In a different case, Arthur J.Gallagher Service (UK) Limited v Skriptchenko, the court took the novel step of making an emergency injunction order that confidential information had to be deleted from computers of the ex-employees and their new employers. Odd as it may seem, such orders are not part of the normal legal repertoire in disputes of this kind and this type of order does not have any authoritative legal precedent.

While destruction of illicit copies may seem like an obvious measure to take, the permanency of this remedy can deter judges from ordering it at the interim stage (i.e. when an emergency injunction hearing is taking place). There are a number of good reasons for that. Firstly, injunctions ordering you to do something (rather than not do something) are, in general, harder to obtain. Secondly, interim orders are made on an emergency application and without the benefit of a full trial, so judges have to give consideration to the risk of injustice if their interim decision turns out to be wrong.

The evidence against the defendant was unusually strong in this case, which may be why the court was willing to take this novel step. The claimant also gave several assurances intended to pre-empt the judge's concerns about making the order; in particular by committing to keeping a complete image of the hard drives so that the information could be reinstated later, if the order proved to have been unjustified.

What does this mean for employers?

Both these cases should provide comfort to employers who are frustrated by a lack of practical and effective remedies when faced with confidential information breaches.  And for employers who are on the receiving end of information they know or suspect to be ill-gotten, these cases are a reminder to tread carefully.  In either case, expert advice should be sought at an early stage: to ensure a wronged employer can explore the widest range of legal options, or in the case of the receiving employer, to avoid getting into seriously hot water.

Data Central

Have you checked out our new Data Hub? Data Central contains a range of resources to help our clients minimise the legal, regulatory and commercial risks this data-driven environment presents and ensure that its full value is being realised.

A Guide to Investing in Australian Real Estate

Investing Down Under offers a quick overview of the legal, taxation, FIRB and structuring issues you may encounter when investing in Australian real estate.

A Guide to Doing Business in China

We explore the key issues being considered by clients looking to unlock investment opportunities in the People’s Republic of China.

Doing Business in China
Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    Like many businesses, in light of COVID-19, many individuals who are self-employed are facing the significant challenges of business continuity and cash flow

    30 March 2020

    Recent caselaw sheds light on how to investigate allegations which pit one person's word against another's.

    13 December 2016

    EAT confirms that employers have positive duty to arrange for employees' rest breaks.

    12 December 2016

    The Autumn Statement 2016: key points for employers.

    12 December 2016

    Legal services for your business

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.