Discovering that a senior employee has taken confidential information can be a nightmare scenario for any business. The stakes are even higher when they plan to take it to a competitor. This digital session guides you through the steps to take in this critical situation, ensuring you protect your business swiftly and effectively.
Gathering and securing evidence
Upon suspicion or evidence that a senior employee has stolen confidential information, the immediate focus should be to act quickly to gather information, secure evidence and gain an understanding of the scope of the wrongdoing that has occurred. This involves:
- Initial conversations with key individuals (such as the employee's line manager and the company's IT function) to create a mini working group.
- Attempting to discern answers to key questions:
- What areas of the business does the employee work in and who do they work with?
- What information have they taken and what do they have access to? How important is that information?
- Is it possible to deduce what they want the information for?
- Is anyone else involved, inside or outside the business?
- Suspending any policies that might lead to the deletion of potentially crucial data.
- Identifying all possible sources of evidence, which include:
- automatic and remote backups;
- the contents of the employee's work laptop;
- their company mailbox; and
- backups of the company phone.
Throughout this process, it is imperative to maintain secrecy to avoid alerting the individual under investigation, until the extent of their wrongdoing can (so far as possible) be ascertained. This task can be highly technical and time-consuming, requiring close collaboration between the various members of the investigation team.
Prompt action is critical, as delays can hinder the recovery of necessary information, as well as the availability of relief from the Court further down the line.
Key things for employers to consider when carrying out an investigation
When conducting an investigation, the primary concerns are likely to be (i) securing key client relationships and preventing the employee or a competitor interfering with those, and/or (ii) protecting and recovering the company's valuable confidential information. Care is necessary to ensure the employee is not "tipped off" while the investigation is ongoing. Some potential sources of tipping off are:
- Leaks from within the business, e.g. personal relationships with other employees, and employees' propensity to talk.
- Other unusual activity, such as disabling access to the company's emails or document management systems.
As above, whilst any disciplinary action should be taken reasonably promptly, it is advisable to avoid sending a notice of disciplinary action immediately and to keep the investigation team, at least initially, small and discreet. Secrecy can also be important in some situations, as it preserves the utility of certain orders that the court can make, such as delivery up orders or imaging orders for personal electronic devices.
The steps to be taken next will depend on the findings of the initial investigation, and the business's priorities.
Next steps: disciplinary action or securing your confidential information?
Is the confidential information of sufficient value that its recovery is the principal concern? Or is the business's priority to take disciplinary action against the employee, prevent further breaches of their contract of employment, and prevent potential further unlawful action (for example, preventing a team move or the poaching of customers)?
If the former, consider whether it is possible to resolve matters by obtaining written undertakings from the employee(s). If the individuals in question are recalcitrant to pre-action correspondence, it might be necessary to seek a Court order compelling the individual to hand over the confidential material. In the most serious cases, it might be appropriate to apply for a search and imaging order to collect and preserve relevant evidence from the employee (and potentially any other co-conspirators involved), without prior notice to those individuals or entities.
Litigation
If it is necessary to resort to litigation, either because of the seriousness of the situation and/or because the employee (and potentially a competitor who might be the beneficiary of the breach) refuse(s) to provide appropriate undertakings, it is likely to be necessary to write to both the employee(s) and the competitor. Any such letter should put them on notice of the fact that you have become aware of their actions, and threaten proceedings if they do not return the confidential information promptly and provide undertakings (i.e. a formal written promise) to cease their unlawful conduct .
Writing to a potential competitor whom you believe to be the intended recipient of your confidential information serves two purposes: letting them know you are aware of the situation, and fixing them with the knowledge that their actions are unlawful (such that they cannot later claim ignorance). It is also often the first step necessary before joining them to any potential legal action.
If your investigation reveals behaviour that appears to amount to misconduct, appropriate disciplinary action against the employee can, and should, be taken. But, as ever, a fair process must be followed to avoid allegations such as unfair dismissal. Such processes are, in practice, likely to be dealt with in the aftermath of securing the confidential information that you believe to have been compromised or leaked. In short-term, employers should consider suspension where necessary but keep it as brief as possible.
It is crucial that employers conduct themselves carefully when handling investigations and processes of this nature, to ensure that they do not provide grounds for an employee to claim a repudiatory breach of their employment contract, which could allow them to not only claim constructive dismissal but also to walk away from the contract and any post-termination restrictions.
Consider clawback actions
In the event of disciplinary action, it is important to keep in mind the range of potential sanctions available, including clawback provisions in bonus or incentive schemes.
What preventative measures can employers put in place to safeguard information?
There are various steps that an employer can take to prepare for the possibility of an employee stealing confidential information.
IT systems
First, businesses should have a thorough understanding of their IT systems and infrastructure, including where data is stored and who can access it. Consideration should be given as to how much access an employee needs to be able to perform their role – if information is particularly sensitive then it may be worth putting in place protective measures, such as download limits, or alerts when sensitive data is accessed. The business' IT department should also be able to flag potentially suspicious activity, and it is useful to know what logs are kept on systems (and where) should a data breach occur, as this may provide evidence of misconduct.
Employees' contracts should also clearly state that there is no expectation of privacy when using company IT systems and should contain express confidentiality provisions and appropriately drafted restrictive covenants.
Taking these steps will help prevent data theft occurring and minimise the damage in the event that it does.
Data Privacy Impact Assessments (DPIA)
DPIAs are important when downloading employee communications. Employment contracts should be robust, with clear confidentiality clauses to ensure enforceability in the event an injunction is needed.
Investment and bonus schedules
Adequate rules should be in place in bonus plans for share schemes to allow for the suspension or clawback of bonus payments and/or payment of any other deferred awards. Employers should also be mindful of vesting schedules and when bonuses become payable, as misconduct may occur following a vesting period or immediately after a bonus payment has been made.
Protecting your business's public image
In dealing with such disputes, protecting the business's public image is crucial. Using code names in the investigation can help protect identities, and having a PR firm lined up with prepared statements can be beneficial. It is also important to consider informing the investor relations team, if there is one, to manage any potential fallout.
When faced with the theft of confidential information by a senior employee, it is crucial to act swiftly and strategically. By following the steps outlined above, you can secure your business's assets, maintain your public image and take appropriate legal action to address the breach.
How Mishcon de Reya can support your business when confidential information is taken
If a business finds itself in the unfortunate situation where an employee has taken confidential information to a competitor, we can offer a range of legal services and support to address the issue swiftly and effectively. For further information on our services please see:
Virtual pop-ups
To help you benefit from our specialist disputes expertise, we are offering you a free 15 minute online session, where you can discuss with one of our senior disputes team any follow-up questions you may have arising from one of our disputes events or webinars.
Find out more