All businesses, especially those involved in innovation, need to take steps to prevent employees from heading out the door with confidential information.
The self-driving car industry is awaiting the December trial in the US which will decide whether Uber misappropriated trade secrets from Google's self-driving car spin-off, Waymo.
Uber's self-driving car project was led by Anthony Levandowski, a former Googler who allegedly downloaded 14,000 files from Google before he left in January 2016.
Regardless of the outcome, the US case serves as a reminder to all businesses, especially those involved in innovation, to take steps to prevent employees from heading out the door with confidential information, such as client lists or unregistered intellectual property (IP).
As discussed below, there are a number of steps that should be taken to prevent departing and former employees from using your confidential information and becoming your biggest competitor.
Impose contractual obligations
Employees should be bound by contract to preserve their employer’s confidential information. It is standard for employment agreements to such obligations.
Employment agreements should also contain non-compete clauses. These will need to be reasonable in scope, as they will not be enforceable if they prevent the ex-employee from being able to make a living.
Where the confidential information consists of high value information that has a short life-span (ie under six months), employers should consider implementing a restraint of trade (so called “gardening leave”), which prevents ex-employees from working for a competitor whilst the information remains confidential.
Contractual obligations should also be imposed to prevent employees from taking any inventions they develop in their role and using them to benefit a competitor. Where it is likely that an employee’s position involves inventing, their employment agreement should:
- specifically state that the employee has a duty to invent; and
- oblige them to assign ownership of any inventions they create in the course of their employment to their employer.
Clauses which oblige the employee to make full and prompt disclosures of all inventive ideas and to maintain records of research work undertaken should also be included.
Maintain internal policies and practices which promote maintaining confidentiality
Businesses should regularly undertake an audit to ascertain which employees have access to what data. In some circumstances it may be appropriate to revise the security credentials provided to staff – particularly when a business grows or embarks on a new project and obtains new and valuable confidential information. Access to key confidential information may need to be limited to specific personnel on a need-to-know basis.
Employers should also maintain internal policies detailing the way in which information that is of value to the business is to be kept in confidence, and how employee-created IP is to be dealt with.
Such policies should reiterate the value of confidential information to the business and highlight the importance that employees keep such information confidential. These policies will need to be well communicated to all employees and appropriate training in place to ensure all relevant employees are aware of the terms, including any updates.
In a highly innovative business, such policies should include mechanisms for reporting research and inventive ideas. They should also detail how the contractual confidentiality requirements operate on a regular basis, for example by preventing employees from taking work product out of the office.
It is important that upon receiving access to information of a confidential nature, that employees are reminded of the confidential nature of the information and the circumstances in which it may be used. Should the information be misused the employer may have grounds to commence legal action for breach of confidence.
What legal action may an employer take?
Employers may need to commence legal action to restrain departing or former employees from using their confidential information and may seek an injunction, damages and/or costs orders from the Courts.
Where an employee breaches the confidentiality provisions in their employment contract the employer may, in some instances, have grounds to terminate their employment (assuming they have not yet departed) and may sue for breach of contract.
Alternatively (or additionally) the employer may be able to bring a claim of breach of confidence. For such an action to succeed in Australia, the following elements need to be present:
- the information is confidential;
- the information was imparted in circumstances importing an obligation of confidence; and
- there has been an unauthorised use or threatened use of the information.
Action may also be brought for breach of sections 182 and 183 of the Corporations Act 2001 (Cth).
These sections provide that employees must not improperly use their position, or information obtained because they are or were an employee of a corporation, to gain an advantage for themselves or someone else, or cause detriment to the corporation.
In addition, senior employees may owe fiduciary duties to their employer, which will be breached if they use their employer’s confidential information for private gain.
In some circumstances, unauthorised use of confidential information may amount to copyright infringement. In Luxottica Retail Australia v Grant  NSWSC 126 an optometrist emailed herself documents from her workplace, prior to resigning, and was found to have infringed copyright in the process.
In IPC Global Pty Ltd v Pavetest Pty Ltd (No 3)  FCA 82, two executives resigned from IPC Global but one retained a copy of their testing software on his computer. Upon establishing a new company, Pavetest, a programmer was given a copy of IPC Global’s confidential source code and communications protocol documents for “research” purposes.
Although only a small proportion of code was then reproduced by the programmer on behalf of Pavetest, given this was, qualitatively, a substantial part, it constituted copyright infringement. The start-up and former employees were held to have breached their equitable duty of confidence owed to IPC Global and infringed copyright.
In some circumstances, an employer may seek a springboard injunction where an employee misuses confidential information or acts in breach of a duty, such as a fiduciary duty, and is likely to obtain a head start over their employer. However, such an order is unlikely to be granted where it extends significantly beyond the period provided in a contractual restraint (see for example DXC Connect Pty Ltd v Deibe  NSWSC 1159 at 65).
The popular Australian online fashion retailer, Show Pony Group Ltd (“ShowPo”) launched legal action after the alleged theft by a former employee of its Client Contact List, listing ShowPo’s customers, competition entrants and suppliers, which was provided to competitor, Black Swallow Boutique Pty Ltd (“Black Swallow”).
An interim injunction was initially ordered, following which Black Swallow was restrained from using or disclosing the Client Contact List or any information derived from it, and ordered to pay ShowPo $60,000. Each party had to pay its own costs.
In addition to the time spent by ShowPo in court and mediation, and the unrecoverable costs it incurred, it appears that the case provided Black Swallow with substantial free advertising.
According to Business Insider, Black Swallow’s managing director reported record levels of traffic to its site, resulting from publicity generated by the case. Whilst seeking an injunction through the courts may be necessary to prevent competitors from using critical business information illegitimately obtained from former employees, competitors may still benefit from their misconduct.
Given how easy it is to copy data onto USBs and provide it to a competitor, it is unsurprising that insider threats are on the rise.
Employers should be proactive in taking steps to prevent employees from improperly using confidential information and from providing such information to their new employer when they depart.
Employers should review their employment contracts with staff, consider their internal policies and implement technical safeguards to protect their confidential information.