Are you importing your competitor’s confidential information?

Employers can be held liable if confidential information is brought into their business by new employees according to a recent decision in the English Court of Appeal.

This liability can arise even in the absence of any obligations of confidentiality between the new and former employer.

It is a cautionary tale for employers who should ensure that such risks are managed as part of their new employee induction process.

The case concerned a dispute between two UK travel agencies – Trailfinders and Travel Counsellors.

The information was the names, contact details and other information about Trailfinders’ customers. A number of sales consultants had left that company and taken it with them when joining Travel Counsellors.

At an earlier stage of the dispute, a court had decided that each employee had acted in breach of implied terms in their contracts of employment and in breach of their equitable obligations of confidence owed to Trailfinders.

This appeal focussed on their new employer and the allegation that Travel Counsellors had acted in breach of an equitable obligation of confidence owed to Trailfinders.

What are the facts?

The moving employees had compiled lists of clients’ contact information from Trailfinders’ database to take to their new roles at Travel Counsellors.

It was found that Travel Counsellors encouraged their sales team to generate their own customers and had not specifically warned against breaching confidentiality when doing so.  Leads generated by Travel Counsellors’ sales teams were then added to its customer database.

The issue here is that the new employees brought with them a lot of new data, which should have set off alarm bells that it had been copied from Trailfinders.  Perhaps if Travel Counsellors had challenged what was being done and obtained a convincing explanation, then the position would have been different.  On the evidence, that did not happen and no questions were asked.

The decision

The English Court of Appeal decided that when a recipient of confidential information knows or should know that information they are receiving is confidential, then they are acting in breach.

Whether a person should know is objectively assessed by reference to a reasonable person in the shoes of the information recipient.

If a reasonable person would have made enquiries, but the recipient decides not to, then an obligation of confidentiality will arise.

The full decision can be found here.

What should you do to prevent this?

• Ensure that your new employee induction programme makes it clear that employees are not allowed to bring in information which might be confidential from earlier employment.  If information is disclosed, make reasonable enquiries as to whether it is confidential and, if there is any concern that it may be, do not use it.
• Such instructions to staff should also be part of your ongoing staff and management training programme.
• Ensure your employment contracts and policies are up to date and relevant for such risks, containing appropriate provisions in relation to confidential information and, if appropriate, imposing restrictive covenants.
• You should have technological controls over data being imported into your business, requiring appropriate approvals if data is found to be of a certain nature or size.
• With information such this, there may have been GDPR liability for both companies and that would also need to be considered.
• Of course this applies equally, if not more, to consultants who move more regularly from business to business picking up information as they go.

Perhaps with the move to home-working exiting employees may feel less concerned about removing data from their old employer to give them a boost in their new role.

The losers from such activity can be both the new and old employers.

If you wish to avoid this situation please contact us, our expert IP and Employment teams are actively involved in advising clients in this area.