Business Information

Updated September 2013

Introduction

This Briefing Note explores the key issues that surround business information.

This Briefing Note should not be relied upon as legal advice and you should contact us for advice on your specific circumstances.

Background – what is it?

Most businesses will possess information which is not just important for their own success but which also be of great value to a competitor or a departing employee who was planning to set up on his own in competition. Typically, this business information will take the form of a secret formula, computer software or algorithm or most commonly a list of business contacts or customers some time supplemented with information about their purchasing habits.

Some businesses take the protection of their business information extremely seriously by implementing some of the strategies described on this website. Many, however, don’t give the protection of their business information any thought at all until it is too late. However, as we shall go on to see, even where a business has taken no steps to protect its confidential business information, certain remedies may still be available to the business depending upon the type of information concerned and the manner in which it was obtained.

With the increasingly portable nature of business information in the electronic age, it is crucial that businesses take steps to protect their confidential data. As Mr Justice Peter Smith recognised “it is becoming increasingly common with the computerisation of information for employees who wish to set up their own competing business to help themselves to their employer’s confidential information”^[1].

Categories of Business Information

It follows that it is important to correctly categorise the information in order to determine the extent to which it can be protected and the type of remedies available in the event of its disclosure.

There are four categories in descending order of protectability, namely:

1. Trade secrets
2. Confidential information
3. Information amounting to skill and knowledge of an employee
4. Public information.

The main categories of business information are considered below but it should be noted that some or all of this information may be contained in a database. The employer’s database rights are considered separately.

Trade Secrets

According to the Court of Appeal, these include secret processes of manufacture, such as chemical formulae, designs or special methods of construction; and “other information which is of a sufficiently high degree of confidentiality to amount to a trade secret”.^[2]

Over the years, the courts have regarded the following as trade secrets:

• Confidential information concerning products and methods[3]
• The formulations for various inks developed by a company[4]
• Plans for the development of new products and for the discontinuance of existing products[5]
• Secret formulae for the manufacture of products but also in an appropriate case, the names of customers and the goods which they buy[6]
• Drawings, quotations, pricing, costs and other financial documents and business strategy of the employer[7]
• Information in a database having regard to the nature of the work; the nature of the information; the attitude of the employer; the steps that had been taken to protect the information; and the separability of the information.[8]

Confidential Information

This is sometimes known as “mere confidential information” to distinguish it from trade secrets. It is still propriety information belonging to its owner but it is not so confidential as to amount to a trade secret. Mr Justice Goulding in Faccenda described it as information that employees must treat as confidential but which, once learned, necessarily becomes part of their skill and knowledge applied in the course of business. So long as their employment continues, Goulding J said, they must not use or disclose the information without breaching their contractual obligations. Once the employment terminates, however, in the absence of express confidentiality covenants, the employee can use his full skill and knowledge for his own benefit in competition with his former employer.

Information Amounting to Skill and Knowledge of an Employee

It has long been the case that an employee is free to use the skill and knowledge that he has picked up from his previous employer once his employment comes to an end. According to Lord Justice Mummery, the critical question is whether the information can be fairly regarded as the employer’s property as distinct from the skill, experience, know-how and general knowledge which can fairly be regarded as the property of the employee to use without restraint for his own benefit or in the service of a competitor.[9]

Public Information

As the name suggests, this is information that is in the public domain and cannot be protected under any circumstances. However, an employee will not be able to rely upon the fact that the information is in the public domain to defeat an action for damages or an injunction against further leaks, if he is the reason the information is available to the public.

Why are the categories/distinctions important?

It is crucial to correctly identify the category of business information you are trying to protect, whether in terms of drafting employment contracts or seeking to enforce breaches of confidentiality through the courts. Trade secrets being the highest class of business information are protected by an implied duty of confidentiality, even after termination of employment. In other words, the employer can protect trade secrets even if the employment contract contains no confidentiality clauses at all.

Mere confidential information on the other hand is protected by an implied term whilst the employment contract subsists but can only be protected against misuse or disclosure after the employment has come to an end by an express term in the contract.

The line is most commonly blurred between what amounts to confidential information and what amounts to an employee’s skill and knowledge. There is an important distinction between making use of information recalled from years spent in a particular job (which is not protectable) and information which is specifically committed to memory during employment^[10]. Much may depend upon the effort the employee went to, to memorise the business information. If it was imprinted on his memory through becoming immersed in his duties, it will not be protectable but if he had to make a specific effort to memorise it, it may well be.

Protection of business information during employment

In the absence of fiduciary duties, the only way that business information can be protected is through the contract of employment. The contract may contain express clauses ideally written but occasionally verbally agreed, or clauses that are implied by law in order to give business efficacy to the contract or because it was obvious that that was what the parties would have intended at the time they entered into the contract had they thought to write it down. In order to avoid uncertainty, it is obviously preferable for there to be express terms of confidentiality in the contract.

Whilst an employer cannot make non-confidential information, confidential simply be deeming it so, one of the factors that the court will take into account when determining the category of the business information is to assess the employer’s attitude towards it. Employers should consider practical ways of putting employees on notice that certain information is considered confidential and commercially sensitive and the most obvious way of doing this, is specifying it in the contract. However, other steps could include marking documents with a confidentiality stamp; printing confidential information on different coloured paper (a practice widely used in schools) or simply marking documents private and confidential and circulating them in sealed envelopes.

There is a term implied by law into all employment relationships, that employees will conduct themselves with good faith and fidelity[11]. This implied duty includes an obligation upon the employee:

• To act honestly towards the employer.
• To disclose to the employer all information relevant to its business.
• Not to make secret profits from the employer’s business.
• To respect the confidentiality of the employer’s commercial and business information.
• Not to compete with the employer’s business.

This applies to all employees regardless of seniority and is in addition to any fiduciary duties owed by directors and some senior employees.

Protection of business information after employment

The only category of business information which can be protected by the implied duty of confidentiality, once employment has come to an end, is trade secrets. If the information can be categorised as a trade secret, then the employee is prevented from using or disclosing it after termination of employment, even if there is no express clause in the contract[12]

But what of information that falls into the second category of mere confidential information? According to Nourse LJ mere confidential information “may not be used by the employee during employment except for the benefit of the employer but, if and only to the extent that it is inevitably carried away in the employee’s head after the employment has ended, it may then be used for the benefit of himself or others”[13]. This does not, however, permit employees to deliberately cram as much confidential information as they can into their heads before they go. Deliberately memorising information during employment is treated in the same way as copying and removing it[14].

In the Roger Bullivant case the ex-employee, Mr Ellis, took with him a card index system containing the names of some 325 of the employer’s business contacts. The Court of Appeal made it clear that, had the card index not contained such a vast quantity of information, it might have found that the information was capable of being carried away by the employee in his head, in good faith. In this case, however, the sheer quantity of information made it impossible for the employee to carry it away without having taken deliberate steps to memorise it or copy it. In the Roger Bullivant case the court granted the employer an injunction preventing Mr Ellis from contacting any of the 325 organisations whose details were contained in the card index even though Mr Ellis claimed to know many of those details from years of working with those contacts or could have looked them up from public sources.

Many employees pursue this line of argument but it rarely succeeds, because the employee’s actions are inconsistent with an ability to carry the information away in their heads. In many of these cases, the Defendants find themselves in a far worse position than they would have been had they not taken any information at all. Mr Ellis, for example, was not subject to express post-termination restrictions. He had found himself injuncted from using commercial information or contacting clients that would otherwise have been available to him. The Court of Appeal rejected his argument that an injunction would be unduly burdensome, primarily because the difficulties in which he found himself were of his own making.

It is of course prudent not to rely on implied duties. Express terms will help the court determine the correct category of business information and will draw the employee’s attention to the secrecy obligation. Such clauses should be precisely drafted. Whilst it is tempting to define the business information as widely as possible, it is just as important that the clause defines specific items of information that the employer regards as confidential[15].

A well-drawn confidentiality clause in an employment contract will explain the following:

• That the information specified is categorised either as a trade secret or confidential information.
• The importance of the information to the employer which is why it has taken steps to protect this information.
• That it does not cover information in the public domain.
• The damages may not be an adequate remedy and an acknowledgement that the employer is entitled to seek an injunction.

If the employee has, or is, required to take legal advice upon the express confidentiality clause, so much the better. However, such clauses are not a panacea. They can be extremely difficult to police. In general, whenever an employee is likely to have access to protectable business information, it would be wise for the employer to include post-termination restrictive covenants and garden leave clauses which in general are far more effective.

The Challenge of Social Media

The exponential growth of social media sites such as LinkedIn and Facebook has the potential to undermine efforts an employer makes to protect its confidential information, especially in respect of trade connections and customer contacts. Particularly where employees are encouraged to market themselves and the employer’s business by online social networking, there is a significant risk that the employer will be deemed to have waived any claim for confidentiality over their contact list. They have essentially encouraged their employee to publish a list of their business contacts on the internet – so how can they claim that the information is confidential?

In the case of LinkedIn, the problem is exacerbated by the contractual terms of membership which states that the profile that a LinkedIn member creates automatically becomes part of LinkedIn and is owned by LinkedIn. However, the question arises as to what extent the member’s contract with LinkedIn overrides or is subject to the member’s contract of employment with his employer.

The courts have shown an increased willingness to side with the employer in cases of blatant abuse.

A list of contacts created and kept by a journalist on his employer’s email system which contained personal contacts that he made before he commenced employment was held to be owned by the employer – the High Court concluding that if the journalist had kept his personal contacts separate from the employer’s contacts then he would have been entitled to use them[16].

The High Court was also prepared to entertain an argument that where an employee transferred contacts from his employer’s database to his LinkedIn profile immediately before leaving the company, the fact that the contacts had lost the requisite quality of confidence by being posted on line may not have provided the employee with a defence to his actions of deliberately copying over the contacts in breach of his contract of employment.[17] This was, however, an application for pre-action disclosure where the evidential threshold that the claimant had to establish was low.

Most recently, the Court has been willing to grant an interim injunction to prevent ex-employees from accessing LinkedIn group accounts and ordering the ex-employees to hand over the passwords and control of the LinkedIn groups where the employees had taken steps to compete against their employer for more than a year before they resigned, including the creation and promotion of LinkedIn groups that were supposed to be created for the benefit of their employer[18].

Many of the problems associated with social media contacts can be overcome by the imposition of well-crafted restrictive covenants. In addition, employers should:

• Implement a social media policy that provides guidance on the use of social media accounts and contacts from the outset of employment.
• Require employees to replicate contacts on the employer’s own database.
• Take steps to integrate the social media account with the employer’s systems, for example, by using the employer’s email address, logo, generating a password to be surrendered on termination and insisting that the social media account is only used via the employer’s computer systems.
• Include an express duty to only use professional networking to promote the employer’s business and to develop connections in furtherance of the employer’s interests.
• Include a clause in the employment contract assigning any proprietary interest in professional contacts created via social media during the course of employment, to the employer.
• Impose a contractual obligation requiring deletion of all connections belonging to the employer upon termination of employment.

Enforcement

Misuse or disclosure of protectable business information, as seen above, is a breach of contract. As such, there are a range of remedies the wronged employer can deploy to protect itself in such circumstances. The most basic form of protection is to extract suitable contractual undertakings from the ex-employee. In a suitable case, the ex-employee might be required to give the undertakings to the court. In certain cases undertakings can also be extracted from third party recipients or beneficiaries of the business information.

If the parties are unable to resolve the matter through the agreement of appropriate undertakings, either contractual or to the court, then the employer may apply for an injunction. The court is also likely to grant an order for the defendant to deliver up the confidential information taken. An interim injunction can be granted early in court proceedings in order to preserve the ex-employer’s position pending a trial. Often, in these cases, the court will grant an order for a speedy trial.

In very serious and urgent cases the court may be willing to grant a search and seizure order to the claimant, requiring the ex-employee to allow the claimant’s representative to enter his premises to search for, copy and remove documents and material. This is a particularly draconian remedy, only granted where there is a real risk that the evidence may be concealed or destroyed.

Where employees have used their former employer’s business information to their own advantage, and by doing so have gained a head start in competition with their former employer, the court may grant a springboard injunction to prevent them from taking unfair advantage of the “springboard” that the information has given them.

Where the misuse or disclosure of protectable business information causes the employer to suffer financial loss, the employer can apply for an assessment of damages for breach of contract in addition to an injunction.

As an alternative to damages, an ex-employer may seek an account of profits which is focused upon the ex-employee’s profits from misuse of the business information rather than the ex-employer’s losses.

Defences

There are only a limited number of defences available once a breach of confidentiality has been established. The principal defence is that it is in the public interest for the information not to be treated as confidential. In other words, public policy overrides an implied or express duty of confidentiality.

Commonly, the public interest defence is raised to draw to the public’s attention issues relating to public health[19], consumer protection[20], financial irregularities[21] or criminal conduct[22]. The Human Rights Act 1998 has only had very limited impact on this area of the law and there is a well-known distinction between what is in the public interest (justifying disclosure of otherwise confidential information) and what is merely of interest to the public (which will not). Individuals may not spread malicious or salacious information that is otherwise confidential under the guise of public interest[23].

Attempts to justify a breach of confidentiality, in anticipation of a legal claim, have been equally unsuccessful. In one such case, an employee transferred a large amount of her employer’s confidential information to her private email address and tried, unsuccessfully, to argue that it was an implied term of her contract that she was entitled to use or disclose confidential information to protect her legal rights or to defend herself where legal or disciplinary proceedings between her and her employer had been threatened[24]. It was accepted that the employee had only intended to “arm herself for the future” in the event of a dispute with her employers but the court doubted that the mere possibility of litigation with an employer could ever justify an employee transferring or copying specific confidential documents which might be relevant to that dispute. The court noted that in litigation there is a disclosure process which the employee could have utilised had litigation ensued.

Finally, there have been attempts to argue that when an employer commits a fundamental breach of the contract of employment, which the employee then accepts thus treating the contract as terminated, that any ongoing obligations of confidentiality fall away – the repudiatory breach defence. However, all attempts to pursue this line of argument in relation to confidentiality have failed to date[25]. Even where the employer commits a fundamental breach of the contract, it is likely that business information will remain protected.

Practical Steps

The following practical tips are recommended to protect the misuse of business information. Some are obvious – some less so. The employer should have to have regard to the proportionality of any of these steps, taking into account the importance of the business information and the size of the business itself.

Employers should ensure that certain information is kept confidential and that its confidentiality is communicated to the workforce by:

• Circulating key information to limited numbers of employees.
• Marking or stamping information confidential.
• Using different colour paper for documents.
• Use of password protection to gain access to some database.
• Regularly monitoring use of emails, USB memory storage devices, printers and photocopiers.
• Incorporating express confidentiality clauses into contracts of employment or other commercial agreements.
• Where possible avoid publishing customer names and details on the company website[26]

We recommend the use of dummy entries into important databases which will not be obvious to the user and which will direct back to the email address or the home address of one of the owners or the managers in the business. In our experience, this can be an extremely effective way of establishing whether an employee has taken and used the database or confidential information after his employment has ended.

Employers should also be alive to suspicious behaviour on the part of their employees, including:

• Working outside of normal hours when the office is empty, especially shortly prior to employment ending.
• Excessive photocopying or printing.
• Requests for secretaries or team members to collate business information, such as customer lists.
• Unusual periods of time out of the office can indicate that the employee is preparing to set up a competing business.
• Making extensive use of personal email accounts or emailing documents, such as customer lists to personal email addresses.
• Unusual use of a memory card or other storage device.
• A sudden build up of LinkedIn or other social media contacts.
• Increased social medial activity generally.

Where employees handle extremely sensitive data, employers should be astute enough to regularly monitor suspicious activity. External computer security consultants may be able to put into place effective monitoring systems via a main computer server.

The key risk period is the time leading up to the employee handing in his resignation. Common indicators that an employee is contemplating moving on included a request for a copy of their contract of employment; a downturn in performance, particularly in respect of business development and marketing; expressions of dissatisfaction and even attempts to contrive a grievance.

When an employee tenders his resignation, immediate consideration should be given to placing the employee on garden leave; requiring the return of any company property and information; seizure (and where appropriate interrogation) of any company laptop or mobile telephone and reiterating to the employee the terms of his employment contract.

An investigation into the employee’s recent conduct may be warranted. Consider speaking to colleagues, customers and other business contacts in order to ascertain whether the employee may have committed other breaches of duty such as soliciting business. In our experience, where there is an indication that the employee has breached his contractual duties in one way, the likelihood of him having helped himself to the confidential information increases markedly.

In addition to a review of the employee’s files and manuscript documents, an internal IT investigation into the IT activity of the employee ought to be undertaken. This can be limited in the first instance to copies of database and other confidential information which may have been created on the employee’s desktop or laptop computer. A detailed review of recent email traffic may indicate the employee has sent confidential information or copied emails to a personal email address.

In appropriate cases an external IT forensic investigation may be warranted. Both employees and employers frequently underestimate the amount of data that can be recovered from computer systems even when an employee has gone to great lengths to ensure that documents or emails have been removed from a computer. The use of sophisticated forensic techniques ensures that, with time and manpower, almost everything can be recovered from the hard drive of a computer or a network system.

IT forensic experts will normally take an image of the hard drive of the relevant computer and then begin to interrogate the same. It will usually be possible to establish the following:

• Whether any data was transferred on to external hard drives or USB sticks including the make, model and serial number of the external device and the size of the documents copied (which can sometimes be matched precisely to the size of documents elsewhere on the network).
• Identifying the time and date that such transfers were made.
• Whether emails were sent to the employee’s personal email address and whether documents were attached.
• Whether internal databases have been accessed and whether data was copied from such database, including time, date and location of such access.
• Whether the employee has logged in to the system following termination of employment.
• The printing history of the employee or of any particular document.

Mobile telephones and other mobile devices provided by the employer can equally be interrogated. Texts can be retrieved and itemised telephone bills recording the recipient and time of calls can also provide useful evidence.

As soon as you have any suspicion at all do not try to investigate the matter yourself. Immediately consult a solicitor that specialises in this area of work. The sooner a solicitor is involved in the investigation process, the more effective that investigation will be and the more likely it is that there will be a successful outcome.

[1] First Conference Services Ltd v Richard Bracchi [2009] EWHC 2176 (Ch)

[2] Faccenda Chicken Ltd v Fowler [1987] Ch 117

[3] Balston Ltd v Headline Filters [1990] FSR 385

[4] Johnson and Bloy (Holdings) v Wolstenholm Rink plc [1989] FSR 135

[5] Lansing Linde Ltd v Kerr [1991] ICR 428 (CA)

[6] Ibid

[7] PSM International Ltd v Whitehouse [1992] FSR 489

[8] Vestergaard Frandsen A/S & others v Bestnet Europe & others [2009] EWHC 657 (Ch)

[9] FSS Travel and Leisure Systems Ltd v Johnson [1998] IRLR 382

[10] Printers and Finishers Ltd v Holloway [1965] 1 WLR 1

[11] Robb v Green [1895] 2 QB 315, CA

[12] Roger Bullivant v Ellis [1987] FSR 172

[13] Ibid

[14] Robb v Green – see above

[15] In Ixora Trading Incorporated v Jones [1990] FSR 251 a feasibility study contained in two manuals was not capable of protection despite an express contractual obligation not to disclose any of the employer’s affairs or trade secrets due to a lack of specificity.

[16] Pennwell Publishing (UK) Ltd v Ornstein [2007] EWHC 1570

[17] Hayes Specialist Recruitment Holdings Ltd v Ions [2008] EWHC 745

[18] Whitmar Publications Ltd v Gamage [2013] EWHC 1881 (Ch)

[19] X v Y [1990] All ER 648

[20] Initial Services Ltd v Putterill [1968] 1QB 396

[21] Re a Company’s Application [1989] 3 WLR 265

[22] Bristol Steel Corporation v Granada Television Ltd [1981] 1 All ER 417, HL

[23] Campbell v Frisbee [2003] ICR 141 and Lady Archer v Williams [2003] EWHC 1670

[24] Brandeaux Advisers (UK) Ltd v Chadwick [2010] EWCH 3241 (QB)

[25] Rock Refrigeration v Jones [1997] 1 All ER 1

[26] This was fatal to establishing confidentiality in WRN Ltd v Ayris [2008] EWHC 1080 but not in Crowson Fabrics v Rider [2008] IRLR 288 where the information was copied during employment.