Dealing with the issue of stolen customer data is a complicated area of law with a myriad of options and avenues to consider. Michael Shroot, our chief executive officer and a solicitor with specialist expertise in director and contract disputes, offers four practical steps to help retrieve stolen data, claim compensation and avoid it happening in the future.
Establish what information was taken
If you believe that an ex-business partner or director has stolen sensitive data from your business the first thing is to establish exactly what information has been taken, the importance of the information to your business as well as how the information was stored and how it was taken.
This may even require a forensic IT report to be prepared by a specialist, to ascertain this information. This is particularly important if you think the information was taken in a clandestine manner as this may assist in more readily persuading the ex-business partner to return the stolen confidential information. The report may also be valuable in court proceedings if there is a need to take more urgent action.
Check what contracts exist between the parties
It will be essential at this point to also check contracts between the parties to see what protection they offer. Contracts that are properly drafted should readily spell out what business data is considered confidential, how it is considered to be protected and what your ex-business partner is allowed to do from a business point-of-view after he leaves your business. Contractual restrictions for departed employees may include a fixed period that they must not approach your customers or take your customer business to their next employment.
The documents you would be looking for include:
- If the ex-business partner was an employee, check the employment contract.
- If the ex-business partner was a shareholder check the shareholding contracts.
- If the ex-business partner was a partner of the business, check the partnership deed.
Consider the application of other areas of related law
Aside from the abovementioned contracts you can also consider the application of other areas of relevant law, this may include:
- The application of the equitable doctrine – where a person who has received information in confidence cannot take unfair advantage of it and must not use it to the prejudice of the person who gave the information without obtaining consent.
- Consideration of whether the information is a trade secret, which can be protected not only by the equitable doctrine of confidence but also the Trade Secrets (Enforcement, etc) Regulations 2018 (SI 201/597) (Trade Secret Regulations).
- Database rights contained in the database regulations and copyright protection.
- The risk of a breach of the GDPR regulations and what criminal offences may apply.
Consider how to enforce your rights to protect your business
Finally, you will need to consider how to enforce your rights to protect your business and to prevent the use of the confidential information. You may consider taking further action as follows:
- Applying to court for an injunction to prevent the ex-business partner using the confidential information and to return it to you.
- Applying to court for a search order, particularly appropriate in cases of fraud, allowing you to enter the ex-business partner’s premises and to search for, copy and remove, documents or other relevant materials.
- Depending upon whether matters go to court, and what the ex-business partner has done with the confidential information, it is advisable to take legal advice to seek compensation for the loss and/or an account of profits made by the other party and for recovery of your costs incurred in carrying out this exercise.
Michael Shroot is WHN’s chief executive officer and head of WHN’s employment law team. Michael has specific expertise in employment law, shareholder, director and contract disputes. He is a member of the Employment Lawyers Association.
If you need help on such matters, please contact Michael on 0161 761 8087 or by email via [email protected]