• Facebook
  • Twitter
  • LinkedIn
Call us now: 01243 836 840   [email protected]
Pure Employment Law
  • Who We Are
    • Nicola Brown
    • Peter Stevens
    • Elena Elsam
    • David Jones
    • Linda Nye
    • Brenda Cherry
  • For Employers
    • Advice on HR and People issues
    • Investigations, Hearings and Appeals
    • Restructuring and Redundancy
    • Defending Employment Tribunal Claims
    • Dismissal of Senior Executives
    • Contracts, Handbooks and Policies
    • Employment Law Training
  • For Employees
    • Settlement Agreements
    • Workplace Issues including Disciplinary and Grievance
    • Bringing an Employment Tribunal Claim
  • Employment Law Events
  • Legal Updates
  • Testimonials
  • Vacancies
  • Contact us
  • Search
  • Menu Menu

The enemy within – employees misusing or stealing data

29th March 2017/in News /by Nicola Brown

Businesses have to consider the security of their data, and in this technical age, that issue is of great importance. One area of particular concern is confidential data which, if it was stolen, could be used to take business away, such as lists of client or customer contact details. Often the risk here is not from external sources, but instead from employees working within the company who may depart and decide to take copies of the confidential data with them to use in their new job, or to set up a competing business.

As always, prevention is better than cure, so employers should make reasonable attempts to prevent such incidents from happening. Steps such as ensuring contracts of employment cover confidentiality, getting employees to sign confidentiality agreements, and monitoring access to confidential data, can all help.

If an employee does steal important data, what can be done?

Employers can take action in the civil courts against the employee. However, before proceedings are commenced, usually the first step is to seek undertakings (essentially a legal promise) from the employee so they agree to return data they have taken and promise not to use such data. Usually these will be sought in a letter before action. If this fails, then it is possible to seek injunctions from the courts to prevent the employee using the data, and also to seek damages for any financial loss caused as a result of the data theft. Injunctions can be sought to obtain the return, or destruction, of any data held by the employee (including data held on their electronic devices if relevant – see our previous article here). In regard to seeking damages for any financial loss caused, the word of caution here is that it can, in some circumstances, be difficult to prove any financial loss to a court. This can mean that the effort (i.e. the time and cost) of going to such lengths is relatively fruitless. That said, when the stakes are high if data is misused, then the costs and time can seem insignificant compared to the cost of doing nothing at all.

An example of how difficult it can be to demonstrate financial loss was shown in a recent case in the High Court (Marathon Asset Management LLP v Seddon & Ors). In this case, two employees had copied 40,000 documents prior to departing from the business. Notably only limited use was made of any of the documents by those two individuals. Marathon took them both to court and tried to argue that the employees had to pay for the value of the data they had taken, which they said was worth around £15 million. The court disagreed and said that no actual injury had been caused to Marathon – the judge said there was a ‘vast gulf’ between the extent of the use which Marathon said could potentially have been made of the files, and the very limited use which was actually made of them. Marathon were awarded nominal damages of £2 (£1 from each of the individuals)!

Court action aside, there is another potential step to consider, which is to report the employee to the Information Commissioner’s office, as they could be committing a criminal offence under the Data Protection Act 1998. The Information Commissioner’s office recently prosecuted an individual for such a theft of data (R v Rebecca Gray). Ms Gray worked for a recruitment company, and just before she was leaving to go and work for a rival recruitment company, she emailed herself the personal data of around 100 clients and potential clients. She then used this information in her new job. She was fined £200, ordered to pay £214 of costs and pay a £30 victim surcharge. Whilst the fines are not large amounts, Ms Gray does now have a criminal record which could affect her ability to obtain other jobs in the future. Therefore, informing employees of this risk could be a very good preventative measure indeed!

We would recommend that employers seek advice before deciding whether to report an individual to the Information Commissioner’s Office, as there may be other considerations to take into account, such as whether this then creates duties to report the matter to other regulatory authorities.

If you would like to talk through a situation you are dealing with concerning an employee misusing confidential data, please contact any member of the Pure Employment Law team (01243 836840 or [email protected]).

Please note that this update is not intended to be exhaustive or be a substitute for legal advice. The application of the law in this area will often depend upon the specific facts and you are advised to seek specific advice on any given scenario.
Share this article
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share on Reddit
  • Share by Mail
https://www.pureemploymentlaw.co.uk/wp-content/uploads/2019/02/Pure-Employment-Law-logo.jpg 0 0 Nicola Brown https://www.pureemploymentlaw.co.uk/wp-content/uploads/2019/02/Pure-Employment-Law-logo.jpg Nicola Brown2017-03-29 10:29:072017-11-23 15:19:58The enemy within – employees misusing or stealing data

Join our mailing list

* = required field
Mailing Lists


Recent Legal Updates

  • FAQs about COT3s 18th December 2020
  • Can an employer withdraw a notice of redundancy? 18th December 2020
  • Will employers be able to insist that staff have the Covid-19 vaccination? 18th December 2020
  • Furlough over Christmas? 18th December 2020
  • Update – Furlough scheme extended 18th December 2020
Link to: Contact Us

Any questions? Why not get in touch!

Our advice is always given in plain English without any waffle, and we focus on providing practical solutions to our clients’ problems.

Contact us

LEGAL INFORMATION

Pure Employment Law | 1 Little London, Chichester, West Sussex, PO19 1PH
[email protected] | Tel: 01243 836840

Pure Employment Law is the trading name of Pure Employment Law Limited, registered in England and Wales with company number 07134294 and whose registered office is 1 Little London, Chichester, West Sussex, PO19 1PH. Pure Employment Law Limited is authorised and regulated by the Solicitors Regulation Authority with registration number 533794. A list of the company’s directors is available for inspection at the registered office

DISCLAIMER

The information contained in this website is for general information purposes only. The information is provided by Pure Employment Law and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

Privacy Policy | Cookies Policy | Terms & Conditions | How to make a complaint | Sitemap

© Pure Employment Law 2021

Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies as defined in our cookie policy.

Accept Cookie Policy

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visit to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Other cookies

The following cookies are also needed - You can choose if you want to allow them:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Privacy Policy
Accept settingsHide notification only