• Home
  • Latest
  • Data theft in the life sciences industry: the importance of taking decisive, and early, action

Data theft in the life sciences industry: the importance of taking decisive, and early, action

Posted on 20 November 2018

Data theft in the life sciences industry: the importance of taking decisive, and early, action

As any entity operating in the pharmaceutical sector will be aware, information derived in the course of a research and development project is highly confidential and critical to its success and profitability. In the hands of a competitor, the damage that a company could suffer could be astronomical.

For these reasons, companies go to considerable lengths to protect their confidential information through a range of various methods. However, with continued advances in technology, prevention and detection of the theft of information has become increasingly difficult, particularly when balanced with the need to be able to readily access information wherever you are in the world.

We recently acted for a global pharmaceutical business with over 140 years of experience (the "Company") in an action against a departing employee who had been working in various roles for almost 5 years, and had access to highly confidential information relating to its research, development and clinical trials. The employee had tendered his resignation to join another entity in the pharmaceutical sector. At the time, there were no obvious signs of wrongdoing and he was well thought of and liked within the business.

However, in the week prior to him leaving, the Company detected a virus alert on its systems. We assisted with an internal investigation to ascertain the extent of any compromise to the Company's IT systems and to ensure that the Company's confidential data was protected.

Working with the Company's IT team and external IT forensic specialists, we identified that the virus alert originated from a USB device connected to the employee's laptop. Upon further investigation, a number of highly concerning facts emerged regarding his conduct in the days leading up to his departure including:

  1. Downloading a vast amount of highly confidential information in the week before his departure, much of which he would have had no need to access in order to perform his duties to the Company;
  2. Deleting the entire contents of his mailbox for the last week of his employment;
  3. Connecting USB devices to his laptop which was against company policy.

Whilst there was no "smoking gun" to evidence the fact that the employee had stolen the Company's confidential information, there was strong circumstantial evidence, and further investigations were carried out to prevent the Company's confidential information falling into the hands of a competitor.

Working closely with our Cyber-Security team and an independent IT forensic team, we identified further critical evidence including:

  1. On the last day of his employment, the employee had connected a portable hard drive to his laptop shortly after downloading a batch of documents from the Company's cloud server;
  2. The portable hard drive contained file directories which indicated that it contained the Company's confidential information;
  3. The employee's internet history showed him accessing various cloud based storage accounts within the last week of his employment when he would have had no reason to do so;
  4. The internet history also evidenced the fact that in the days leading up to his departure he also purchased a new portable hard drive capable of storing a vast amount of information;
  5. Written confirmation from the employee stating that he had not retained any confidential information belonging to the Company;
  6. Having recovered the deleted mailbox, various emails were discovered which the employee had sent to his personal email address containing the Company's confidential information in the form of contact lists and customer details.


As a result of the information obtained from the investigation, there was a strong case to suggest that the employee had in fact unlawfully downloaded and retained the Company's confidential information. Given that he was joining another company in the same sector, the Company needed to ensure that the confidential information was immediately returned and that no use had been made by the employee or any other third party to whom the information may have been passed.

There are a number of options available to a company looking to protect its sensitive and extremely valuable confidential information. These include:

  1. Civil Search Orders – these are very draconian orders which the Court will grant in certain circumstances and which allow a Claimant's legal representatives to enter residential and/or business premises and conduct a physical search of those premises to locate and secure relevant documents.
  2. Computer Imaging Orders – these require a respondent to the Order to make all electronic devices (such as mobile phones, PC's, laptops, portable hard drives, etc), web based email accounts, cloud storage accounts and so on available to an independent IT specialist to allow forensic images to be taken.
  3. Doorstep Delivery-Up Orders – these require a respondent to immediately deliver up hard and soft copies of confidential information.
  4. Restraining Injunctions – to prevent any misuse of confidential information.
  5. Provision of Information – this requires the respondent to provide an explanation of certain issues, in these types of cases usually relating to the use that has been made of confidential information.

The above Orders all carry a Penal Notice - if the respondent to the Order breaches the Order, they could be held in contempt of Court which is punishable by being fined, having their assets seized, or imprisonment. Similarly, any party who becomes aware of the Order and does anything to assist a respondent to breach the Order would also be subject to the same potential penalties.

Given the background to the misappropriation of the Company's information, the Company sought and obtained from the Court a Computer Imaging Order, a Doorstep Delivery-Up Order and a Restraining Injunction.

These Orders were granted on a 'without notice' basis; the Company was able to go to Court to obtain the Orders without the employee knowing of its intentions. This is common as, given the actions of the employee, there will be serious concern that, had they been notified, they would simply destroy and/or conceal relevant information and/or documents. This would make it impossible for a company to ascertain the extent of the confidential information which had been misappropriated and to determine the extent of the use made by the employee or a third party.

The outcome

As one would imagine, it was a complete surprise for the former employee to find the Company's solicitors and a Court appointed solicitor (the Supervising Solicitor) arriving at his door at 7:30am with a High Court Order which required him to provide access to all of his electronic storage devices, as well as immediately to deliver-up all of the Company's confidential information.

Faced with the Court's Order (the terms of which must be explained in considerable detail), the former employee delivered-up a number of USB devices and portable hard drives which he confirmed contained the Company's confidential information. He also confirmed that a substantial volume of the Company's information had been saved on his PC and delivered-up various hard copy documents relating to clinical trials and customer details.

As a result of the Company's steps in seeking interim relief, it has been able to resolve the proceedings in a cost effective and timely manner. For instance, if it had not pursued injunctive relief, it would not otherwise have received disclosure until several months after the proceedings had been commenced. Moreover, the Company would have been reliant on the former employee providing a truthful account of what confidential information had been taken. Given the extent of the wrongdoing uncovered, it is highly unlikely that the Company would have recovered all of its confidential information, without having taken these steps.


Having taken swift and decisive action, the Company was able to recover all of its confidential information and prevent its misuse. In doing so, it was able to prevent a situation which could have caused considerable financial loss if its confidential information had got into the hands of a competitor through the actions of a rogue employee.

Whilst the action was of course very front loaded in terms of costs, the overall benefit was readily evident in that, in taking the action it did, the Company was able to protect its business interests. With the information recovered as a result of the injunctive relief obtained, the Company was able to avoid what may otherwise have been a protracted piece of litigation, the cost of which would have been significantly greater.

How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

COVID-19 Enquiry

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select a contact method

I'm a client

Please enter your first name
Please enter your last name
Please enter your enquiry
Please enter a value

I'm looking for advice

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select a department
Please select a contact method

Something else

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select your contact method of choice