Don’t let secrets walk out the door

Staff regularly move around, whether to further careers, branch out, or to set up a business in parallel with their former employer.

The obvious question is: how can businesses protect their confidential information and prevent it from walking out the door with a departing employee?

There are three general categories of confidential information: general skill and knowledge; confidential information such as client lists, financial information, and marketing strategies; and trade secrets that include commercially valuable data that gives the owner a competitive advantage.

During employment, employees have an implied duty to keep all this information confidential.

However, once they have left, the picture is different, and employers will be more at risk of confidential information and data being misused.

Although employees are still subject to an implied duty to keep trade secrets confidential, without specific post-termination confidentiality terms in the employment contract wider valuable information is at risk of being passed to a competitor.

However, there are four practical steps that can be taken to protect information.

IDENTIFY

Organisations should pinpoint the confidential information that they own. This may include intellectual property, such as designs and trademarks, or it may be as simple as a list of client names and contact numbers.

Once identified, that information should be labelled with “confidential” or “not to be disclosed externally”, stored, and handled accordingly. Individuals with access to confidential information should be documented.

Not everyone in a business needs access to company confidential information to do their job. Administrative staff, for example, may require access to client contact details, but not to new designs.

Similarly, some may need to know sourcing arrangements, but not the details of the company’s overall supply chain. Understanding which employees have access to this information will assist when justifying employment contract protections that need to be put in place.

PROTECT

Once the information is identified, along with the individuals who can access it, employers can use contracts and policies to ensure there is a legal disincentive against information and intellectual property being poached. The first layer of business protection will come in the form of bespoke confidentiality clauses incorporated into employment contracts.

These should be specifically tailored to information which is relevant to the business and tightly drafted to capture only that information the business can lawfully protect. However, more is not necessarily better.

Restrictions will only be enforceable if they operate in a way that is no wider than necessary to protect a business’ legitimate interests as well as goodwill and the stability of the workforce.

This can also include trade secrets and confidential information. The same principles apply when drafting clauses in a settlement agreement where an employee is exiting the business.

Given that settlement agreements are often drawn up under slightly contentious circumstances, it is particularly important that the employer focuses on the confidential information that it is seeking to keep protected.

The agreement may need to ensure a specific payment is made in return for new confidentiality restrictions. This will protect the tax treatment of any separate compensation payments and may assist with enforcement.

Similarly, employers should put in place a confidentiality policy – and there is little benefit in hiding this in the employee handbook – make sure everyone knows about it.

TRAIN

Training is more important than ever now that so many employees have been regularly working from home and may continue to do so through hybrid working arrangements.

It is likely to be beneficial to run refresher training sessions that highlight any additional measures and reiterate the importance of protecting confidential information, no matter the location that an employee is working from.

MONITOR

Employers should consider how they can monitor their IT systems to pick up any data and confidentiality breaches promptly.

Given the growth of hybrid working, employers may now be more vulnerable to the loss of confidential information as remote working makes it more difficult to ensure data security. It is possible to monitor the use of confidential information with software, which can alert to suspicious behaviour, such as large downloads, emails to personal accounts or voluminous printing.

However, there are various legal restrictions (not least GDPR) that put employers at risk of overstepping the mark. They will need to ensure that monitoring is proportionate to the legitimate interest that they are seeking to protect.

They would also need to keep employees well informed about the type of monitoring the company is likely to perform by means of data privacy notices and other documents.

Post-employment, checks can be performed on company devices returned by a departing employee to ensure that confidential information has not been downloaded or emailed externally.

Employers may also wish to keep a close eye on former employee’s activity within the industry to spot any early signs of breach of restrictive covenants or leaks of confidential information. This may prompt rapid enforcement action such as an injunction.

AS THE HIRING EMPLOYER

The key attraction of any recruit is often their previous experience, sometimes with a competitor, and their depth of knowledge about the industry.

However, incoming employees may have accessed a large amount of confidential information of their former employer, which will usually be the subject of restrictions.

New employers may be subject to duties of confidentiality that prevent them from using it in a useful way for their business, even if it is of a great benefit.

A case involving travel agent Trailfinders provides a clear warning to businesses that receive information from a competitor, even where they are unaware the information is necessarily confidential.

In this instance, 40 sales consultants at Trailfinders left to join a competitor, which encouraged them to bring their customer contact lists; the consultants weren’t warned that this might lead to a breach in confidence.

The Court of Appeal held that the competitor was in breach of an obligation of confidence. Even though it was not made aware that the information was confidential, it ought to have known that it was or, if unsure, it should have made enquiries as to whether it was.

To avoid falling into any disputes, it is recommended that employers are cautious with the wording of job adverts and in interviews so as not to encourage new recruits to bring along and disclose confidential information from their old employer.

This may be seen as an inducement for an employee to breach their employment contract and could result in a claim agains the recruiting firm for any resulting losses.

Also, incoming employees should confirm whether they have any restrictions in their previous employment contract that will impact on their new role.

Similarly, employees should be discouraged from using or disclosing information that has come from their former employer without its consent; turning a blind eye does not remove the risk.

Lastly, if information is disclosed to the business, it should consider whether it might be confidential. If it is clearly the type of information that any business would consider to be confidential, then it should not be used.