Enforcing Restrictive Covenants upon ex-employees to protect business assets such as customer contact details and prices, has a long history of expensive legal action with very uncertain chances of success.
Case history is full of examples of employers being unable to defend themselves either because of a minor contractual breach on their part, or not specifying exactly what they want to protect, setting unreasonably extensive limits to the restrictions, or trying to protect information that is not considered by a court to be confidential.
As a result many businesses feel insecure and unable to protect what they consider to be essential to their security and long term stability.
A common worry for many businesses is the loss of a confidential customer list, followed by an ex-employee either setting themselves up in business and using that list, or taking it to a competitor.
Traditionally employers who have been subject to such acts of ‘commercial theft’ have taken their claims to the county court, to try and seek compensation for a breach of contract.
However there are other options which managers may wish to consider.
Most businesses store confidential customer personal data using secure files on computers or other such IT equipment.
An employee who breaches the company’s data security procedures, and removes such information without authorisation, is placing themselves at risk of prosecution by the Information Commissioner’s Office for breaching the Data Protection Act 1998.
Employees who covertly email confidential files containing personal data, such as names and addresses, to a private address, or remove it using a memory stick, could be breaching s55 of the Act, which is a criminal offence.
This was proven at Warrington Magistrates Court on the 18th January 2017 when Rebecca Gray was convicted under the DPA 98.
As a consequence she now has a criminal record, has been named on the IOC’s website, was fined and ordered to pay prosecution costs as well as a victim surcharge.
The fact that the prosecution was brought by the IOC also saved the employer considerable time and expense.
In light of this development, employers who want to protect confidential personal data would be wise to ensure that all staff are informed that they could face criminal proceedings, if they misuse personal data which belongs to their employer.
The company should also have a clearly defined data security procedure, which informs employees of what they are not able to do.
That procedure should also enable the company to monitor email traffic from employees who are either working their notice, or for a period leading up to their resignation.