We live in a digital age in which the confidential information of employers is easily disclosed or misused. However, two contrasting recent cases provide cautionary tales for employees with plans to join a competitor who are tempted to take their employer’s confidential information with them and misuse it in their new post. Likewise, businesses would be well advised to ensure they do not encourage or turn a blind eye to the misuse by newly hired staff of the confidential information of their competitors.

Civil claim risks

In the first case, Mr Skriptchenkov was an employee of the Arthur J. Gallagher group until July 2014. The group specialised in various types of insurance broking and underwriting. In the middle of 2015 they discovered that Mr Skriptchenkov had taken their confidential information and was using it to contact and seek business from their clients on behalf of his new employer, Portsoken.

Portsoken admitted that a client list belonging to Gallagher had been uploaded onto their IT systems and had been used to contact over 300 of their clients. They provided the disclosure of over 4,000 documents to Gallagher, which revealed that a group of directors and employees of Portsoken had been using the confidential information to a greater extent than initially appreciated. For example, they had been using the information to identify clients’ renewal dates and pricing and then pitch their pricing specifically to undercut Gallagher’s rates. A further five former employees of the Gallagher group – including the Porstoken chairman who had referred in email traffic to keeping the confidential information out of presentations but keeping it in their back pockets “to show on a nudge nudge wink wink basis” – were joined as defendants to Gallagher’s claim.

In order to prevent the defendants from continuing to use their confidential information before the full trial, Gallagher applied for an interim mandatory injunction to have Portsoken’s electronic devices and databases imaged and searched. In a novel twist, they also applied for an order requiring any confidential information found in Portsoken’s possession to be deleted. The High Court felt a high degree of assurance, given the strong evidence already disclosed and the admissions made, that Gallagher would establish at trial that Portsoken had unlawfully misused their confidential information and that the order for deletion would be upheld. It acknowledged the unprecedented nature of an order for deletion, but nevertheless granted it, bearing in mind that there was a real risk Portsoken would continue to use the information in the run up to the trial.

However, the order was subject to a number of safeguards to ensure Portsoken’s position was protected in the event the order was found at trial to have been wrongly granted:

  1. the imaging, review and deletion would be carried out by Portsoken’s IT consultants;
  2. a copy of any information, which Portsoken disputed belonged to Gallagher, would be deleted irretrievably from their devices, but a copy would be retained by their IT expert; and
  3. a third party court or agreed arbitrator would have the final say in relation to any disputed information.

Voluntary undertakings and court orders for the delivery up, imaging and inspection of electronic devices and computers have become a common feature of employee competition cases in recent years. Now that they have been given judicial blessing, we can expect requests and applications for the destruction of confidential information to become more common going forward, but the process used to identify and destroy the confidential information will need to be given careful consideration. Inevitably there will be considerable scope for disputes about the process and its outcome, and the risk of satellite litigation.

Employers should ensure they include well drafted non-compete provisions in their executive contracts to protect themselves from the misuse of their confidential information and team moves. The drafting of such provisions has become increasingly sophisticated in recent years and requires real care. It is also sensible to put precautionary measures in place to ensure data security, e.g. preventing employees from downloading entire client lists to portable storage devices or monitoring large data files being sent to personal email accounts.

Data Protection Act – criminal litigation risks

Finally, rogue employees be warned – taking client records to a new employer may also be a criminal offence under the Data Protection Act 1998, punishable by a fine on conviction. This has been highlighted by the ICO in a recent press release regarding the case of a man who was convicted after sending personal and commercially sensitive information concerning 957 clients of his employer to his personal email account as he prepared to join a rival company. The ICO is even calling for harsher penalties, including custodial sentences, to punish offenders. It really is time to put down the flash drive and think again.