Investing in front-end solutions to protect your confidential information can be far better than relying on litigation after the horse has bolted.
When you suspect that an employee has disseminated your confidential information to third parties, you may think that litigation offers you a complete solution. A recent case, Actrol Parts Pty Ltd v Coppi (No 3)  VSC 758, teaches us that this may not always be so. You may be better off proactively managing the risk through contracts of employment, policies, and appropriate IT systems.
Mr Coppi walks ‒ but did the employer’s confidential information go with him?
Mr Coppi resigned from his employment and was placed on gardening leave for his four week notice period. Shortly before his notice period ended, the employer discovered that Mr Coppi:
- was about to start a new job with a competitor; and
- sent a number of internal sales records to his personal email address in the weeks leading to his resignation.
The employer obtained an Anton Piller order to search Mr Coppi’s home for confidential information, seizing 21 IT devices. However, a forensic analysis of these devices did not uncover that Mr Coppi had passed on any confidential information to third parties.
Nonetheless, the employer continued to press the case to a trial that spanned seven days. At trial, the employer only sought damages of a nominal amount, because it could not point to any loss or damage arising from the alleged leaking of confidential information (eg. a loss of business to competitors).
The findings, breach of the Civil Procedure Act and the indemnity costs order
Justice Bell found that:
- Mr Coppi did not misuse any of the employer’s confidential information. He had a legitimate reason for sending the records to his personal email address (being a need to work from home);
- Mr Coppi did breach his contract of employment by commencing his new job one day before his notice period came to an end;
- however, this was an “entirely pyrrhic victory”, and a waste of the Court’s time.
Justice Bell dismissed the proceeding, notwithstanding that he found breach of contract. This was because he found that the employer had breached the Civil Procedure Act 2010 (Vic) by maintaining its claim.
The employer was ordered to pay Mr Coppi’s costs (estimated to be $300,000) on an indemnity basis. This was in addition to its own costs, which were estimated to be $600,000.
What went wrong in this case?
The indemnity costs order was largely a product of the judge’s finding that employer had contravened the Civil Procedure Act by failing to ensure that its investment in the proceeding was reasonable and proportionate to the real issues in dispute.
The judge also relied upon the fact that Mr Coppi had provided a number of offers to settle, which included undertakings that Mr Coppi would maintain the confidentiality of the employer’s information. As it turned out, Mr Coppi’s proposed confidentiality undertaking was far more than what the employer was able to obtain from the Court.
Front-end solutions to the back-end problems
The problems faced by the employer predated the litigation. Most importantly, Mr Coppi’s contract of employment did not contain provisions protecting the employer from potential competition and solicitation after cessation of employment.
The decision in this case is a timely reminder that it is far preferable to take pre-emptive steps to protect confidential information, rather than relying on litigation "after the horse has bolted". Pre-emptive action can minimise the risks that confidential information will be misused in the first place, and also ensure that, if misuse does occur, your business is in the best possible legal position to attempt to remedy the problem.
Questions you should ask yourself include:
- Do your employment contracts contain obligations concerning confidentiality, and restraint on competition and solicitation?
- Have these clauses been legally reviewed to ensure that they enforceable, and are they tailored to the circumstances of each employee?
- Do your employment policies and procedures adequately explain the nature and importance of confidential information to the business, and contain appropriate expectations?
- Does your business culture and day-to-day practices align with those expectations?
- Can your IT security systems adequately trace dissemination of confidential information ? For example:
- are you able to monitor cloud activity (eg. Dropbox), external device activity (eg. USB), printing and email?
- do you have backup systems in place that can trace deletion of material?