The unexpected resignation of a key employee can present a range of challenges to an employer business. Where an employee resigns to take up a position with a trade competitor, particular attention needs to be paid to the security of the business’s confidential information assets (“CI assets”).

At the very least, the business should formally notify the departing employee of his or her obligations not to use the business’s CI assets after they cease employment, and not share them with a new employer. This will typically involve reminding the employee of relevant obligations under their employment contract.

Whether further measures are warranted will depend on an assessment of the specific security risks for each employee.

If the risks are considered serious enough (such as where the employee has had access to mission-critical CI assets), a business might engage the services of a forensic IT investigator to examine the “digital footprints” left by the employee while using the business’s computer systems in the lead up to their departure.

A forensic examination can uncover how and when the employee accessed computer files that embody or contain CI assets of the business, such as client lists, technical manuals and financial reports. If an examination reveals signs of suspicious access by the employee outside of what they would normally do in their day-to-day activities, this could be an indicator of foul play.

Beware the smoking gun

But forensic investigations have inherent limitations. Crucially, they don’t directly shed any light on the conduct of the employee after their departure from the business.

Even so, where an investigation reveals that, for example, an employee sent a large number of important company documents to a personal email address immediately before departing, the business might understandably be tempted to treat this as a smoking gun – a precursory sign of inevitable misuse of CI assets by the employee.

Businesses should resist this temptation however. More extensive enquires and investigations will generally be necessary in addition to obtaining forensic evidence, regardless of how “guilty” the employee may appear on the face of that evidence alone.

The pitfalls of not undertaking these broader enquiries, and relying solely on forensic evidence, were highlighted in a recent decision of the Australian Federal Court (see Coffey Information Pty Limited v Cullen [2015] FCA 28).

The Coffey case

The case involved an application for preliminary discovery by Coffey against three of its former employees and their new employer, Qualtest, each of whom Coffey suspected of misusing its CI assets.

Preliminary discovery is a court process whereby a party (a “prospective applicant”) may make a stand-alone application to the court seeking discovery of documents in the possession of another party (a “prospective respondent”) where those documents would assist the prospective applicant in deciding whether to commence proceedings against the prospective respondent.

In Coffey’s case, it sought preliminary discovery based on a belief that its former employees had shared Coffey’s CI assets with Qualtest to assist their new employer in obtaining a lucrative accreditation with a major industry association called NATA, and for Qualtest to use otherwise in running a business in competition with Coffey.

Coffey argued that, while it did not have sufficient evidence to prove such conduct had in fact occurred, obtaining preliminary discovery would enable Coffey to decide whether or not to proceed with court action against the former employees and Qualtest.

The requirements for preliminary discovery

To succeed in its preliminary discovery application, Coffey needed to satisfy the court that:

  • it had a reasonable belief of a potential legal claim against the former employees and Qualtest for misuse of its CI assets;
  • after making reasonable enquiries, it did not have sufficient information to decide whether to commence proceedings for such a claim; and
  • it had a reasonable belief that the former employees and Qualtest had documents in their possession that would assist Coffey in deciding whether to commence proceedings against them.1

In support of its preliminary discovery application, Coffey relied primarily on the results of a forensic examination of its computer systems that it commissioned from a third party investigator shortly after the employees left the business.

The examination revealed numerous documents that had been accessed by the employees and emails that they had sent to their personal email addresses shortly before their departure from Coffey.

Outcome of the Coffey case

On 30 January 2015, Justice Farrell of the Federal Court handed down a judgment dismissing Coffey’s application with costs.

Her Honour found that Coffey had failed to satisfy the requirements for preliminary discovery for a number of reasons:

  • Coffey had not undertaken any enquiries beyond the forensic examination of its computers. In Justice Farrell’s view, Coffey was trying to use the preliminary discovery process as an alternative to making the enquiries it should have made prior to bringing the application.
  • The forensic results relied on by Coffey were insufficient to found a reasonable belief that the former employees had or would misuse Coffey’s CI assets, or pass them on to Qualtest. Speaking generally, Justice Farrell noted that where former employees have a legitimate basis for accessing CI assets prior to their departure, it is not enough merely to demonstrate that such access has occurred and that the employees are persons who would be in a position to compete effectively with their former employer.
  • Coffey had not made enquiries of its other staff who were involved in the formal handover process that each of the three former employees was required by Coffey to undertake before leaving.
  • Justice Farrell accepted the evidence of the former employees explaining their reasons for accessing documents and sending emails to their personal email accounts. This included evidence from one former employee that he had accessed a number of old archived documents “out of nostalgia and curiosity”. In considering this evidence, Justice Farrell found that it was “entirely plausible that an employee of 32 years standing who had resigned and was performing handover might spend 25 minutes (or more) glancing at archival documents which represented a body of his work”.

In another example, the former employee said he would occasionally send emails to his personal email account at home to either read at leisure or in order to complete work. The employee preferred doing this on his home computer which had a large screen and was more reliable than the laptop he had been provided by Coffey.

  • Justice Farrell accepted Qualtest’s evidence that it had relied on documentation given to it by an interstate affiliates to obtain accreditation from NATA, and had not used any of Coffey’s documentation. Significantly, this evidence was not contradicted by documentation obtained from an earlier subpoena issued to NATA in April 2013 on Coffey’s application.

To get the right answers, you have to ask the right questions

The Coffey case brings into sharp focus the pitfalls of prematurely reaching conclusions about the intentions and actions of departing employees with respect to CI assets, without adequately considering all the relevant surrounding circumstances.

Proper enquiries are a must before any court action is taken, including applications for preliminary discovery.

Businesses should expect fierce opposition from former employees and their new employers when making allegations of misuse of CI assets. Forensic evidence, whilst useful, is likely to be closely scrutinised in the courtroom environment. It should be used cautiously where an employee had a legitimate basis for accessing the business’s CI assets prior to their departure.