Confidential information: when and how to deal with it
Employees often acquire confidential information and knowledge of key business interests including such things as the identity of clients, future business strategy and pricing. It is often tempting for employees to use this information after their employment has ended. There are a number of steps employers can take when faced with a situation like this. Two recent cases have highlighted the need for employers to take action when faced with breaches of confidentiality, as well as the different options they have.
Arthur J Gallagher Services (UK) Ltd) and others v Skriptchencko and others 
In the above case, Mr Skriptchencko (‘Mr S’) worked for Arthur Gallagher (‘Gallagher’), a provider of insurance brokerage services, until July 2014. Mr S moved to a rival broker and took a client list which he was previously using in order to do business with Gallagher’s clients on behalf of his new employer. In particular, he was pitching his new employer’s pricings in a way that would undercut Gallagher’s rates.
Gallagher suspected wrongful use of this confidential information, and therefore brought a claim against Mr S and his new employer – Portsoken. Gallagher sought an order allowing them to search and image the defendant’s electronic devices and to destroy any confidential information found. Portsoken maintained that the search and destruction of the information was ‘invasive, unprecedented and unnecessary’.
Although there was no such legal authority supporting the granting of such relief, the Court granted the order subject to certain safeguards. These safeguards included the use of an external expert to search the devices and that the parties would agree the search terms. To provide further assurance to Portsoken, it was also ordered that a copy of the deleted material would be saved so that it could be restored if later found to be wrongly removed.
Mark Lloyd and the ICO
Mark Lloyd worked for Acorn Waste Management Limited. Upon leaving, he sent information related to 957 of Acorn’s clients to his personal email account for use in his new job. The information included personal data of individual clients such as their contact details and purchasing history.
Mr Lloyd was prosecuted by the Information Commissioner’s Office and pleaded guilty to unlawfully obtaining personal data under section 55 of the Data Protection Act 1998 (DPA). He was fined £300, ordered to pay a victim surcharge of £30 and costs of £405.98.
Both these decisions provide some comfort to employers regarding the protection of their confidential information post-employment. Skriptchenko should remind employers of the wide-ranging powers of the Court when faced with breaches of confidentiality. However, the Court only felt justified in granting the order requested as the defendants had already admitted to taking the confidential information in their defence. It will be interesting to see whether the Court’s decision will serve as a precedent for situations where no such admissions are made in the defence. Nevertheless, it is still advisable for employers to include express terms in all employment contracts, specifying what information should be kept confidential and deleted after the employment has ended.
Meanwhile, the prosecution of Mark Lloyd by the ICO is a useful reminder for individuals that taking personal information to a new job without permission is a criminal offence. Although a breach of section 55 of the DPA is punishable by way of a fine only, the ICO continues to call for tougher sanctions including the threat of prison to stop the unlawful use of personal information. Employers should also be mindful of how new employees have obtained client lists as they may also breach data protection law if such personal data was obtained unlawfully.
For any other queries regarding data protection, please contact a member of the Devonshires Employment Team.