Key players regularly move around, whether to further their careers, to branch out or to set up a practice in parallel to their former employer. The obvious question is this: how can a practice protect its confidential information and prevent it from walking out the door with a departing employee?
Information is protected by confidentiality
There are three general categories of confidential information. These are:
- General skills and knowledge
- Confidential information such as client lists, financial information and marketing strategies
- Trade secrets, which include commercially valuable secrets that give an owner a competitive advantage
During employment, employees have an implied duty to keep all this information confidential; however, once they have left, the picture is different, and employers will be more at risk of misuse of their confidential information and data. Although employees are still subject to an implied duty to keep trade secrets confidential, without specific and robust post-termination confidentiality terms in the employment contract, wider valuable information is at risk of being passed on to a competitor.
Practical steps to protect confidential information
However, there are four practical steps that can be taken to protect your confidential information.
A practice should pinpoint all the confidential information that it owns. This may include intellectual property such as designs and trademarks, or it may be as simple as a list of client names and contact numbers. Once identified, that information should be appropriately labelled with “confidential” or “not to be disclosed externally”, securely stored and handled accordingly.
A practice should pinpoint all the confidential information that it owns. This may include intellectual property… or it may be as simple as a list of client names and contact numbers
Individuals with access to confidential information should be documented as not everyone in a practice needs access to this information to do their job. Administrative staff, for example, may require access to animal history but not to client details. Similarly, some may need to know sourcing arrangements but not the details of the practice’s overall supply chain. Understanding which employees have access to this information will assist when it comes to justifying the employment contract protections that need to be put in place.
Once the important information is identified, along with the individuals who have access, employers can use contracts and policies to ensure that there is a legal disincentive to poaching information and intellectual property.
The first layer of business protection will come in the form of bespoke confidentiality clauses incorporated into employment contracts. These should be specifically tailored to information that is relevant to the practice and tightly drafted to capture only the information it can lawfully protect. Recent cases have shown that trying to restrict an employee from disclosing generic information “relating to the business, products, affairs and finances” of a business is unlikely to be enforced by the courts.
As well as confidentiality clauses, well-drafted appropriate restrictive covenants can also effectively protect confidential information
As well as confidentiality clauses, well-drafted appropriate restrictive covenants can also effectively protect confidential information. In particular, an enforceable non-compete restriction can prevent an employee from joining a competing practice for a specified period of time after their employment ends. Generally, this is no longer than 12 months. Similarly, non-solicitation and non-dealing restrictions may prevent former employees from contacting and/or working with any key clients or suppliers for a limited period. However, more is not necessarily better. Restrictions will only be enforceable if they operate in a way that is no wider than necessary to protect a business’s legitimate interests, as well as goodwill and the stability of the workforce. This can also include trade secrets and confidential information.
The same principles apply when drafting clauses in a settlement agreement where an employee is exiting the practice. Given that settlement agreements are often drawn up under contentious circumstances, it is particularly important that the employer focuses on the confidential information that it is seeking to protect. The agreement may need to ensure a specific payment is made in return for new confidentiality restrictions. This will protect the tax treatment of any separate compensation payments and may assist with enforcement.
Employers should put in place a confidentiality policy that highlights the practice’s expectations about confidentiality
Similarly, employers should put in place a confidentiality policy that highlights the practice’s expectations about confidentiality. This should include the types of confidential information existing within the practice and ways to keep such confidential information secure. For a policy to be effective, it must be read and understood by the workforce, so there is little to be gained from hiding a confidentiality policy deep in a filed handbook. Instead, it must be clearly visible and publicised to all employees and should be read alongside other relevant policies such as IT security and data protection.
In addition to legal documents that may be deployed, training should also be provided as a means of further reducing risk. This will help employees to identify the confidential information they may be working with or have access to and to understand how to keep that information confidential, and will raise awareness of their contractual obligations both during employment and after leaving.
Training is more important than ever now that so many employees have been regularly working from home and may continue to do so through hybrid working arrangements. It is likely to be beneficial to run refresher training sessions that highlight any additional measures and reiterate the importance of protecting confidential information, no matter the location an employee is working from.
Training is more important than ever now that so many employees have been regularly working from home and may continue to do so through hybrid working arrangements
Employers should consider how they can monitor their IT systems so they can pick up any data and confidentiality breaches promptly. Given the growth of hybrid working, employers are now more vulnerable to the loss of confidential information as remote working makes it more difficult to ensure data security.
It is possible to monitor the use of confidential information with software which can alert you instantly to suspicious behaviour, such as large downloads, emails to personal accounts or voluminous printing. However, there are various legal restrictions – not least the GDPR – which can put employers at risk of overstepping the mark. Employers will need to ensure that any monitoring is proportionate to the legitimate interest that they are seeking to protect, namely the confidentiality of business information. They would also need to keep employees well informed about the type of monitoring the company is likely to perform by means of data privacy notices and other documents.
Post-employment, checks can be performed on company devices returned by a departing employee to ensure that confidential information has not been suspiciously downloaded or emailed externally. Employers may also wish to keep a close eye on former employees’ activity within the profession to spot any early signs of breach of restrictive covenants or leaks of confidential information to a competitor. This may prompt enforcement action such as an injunction.
Considerations for the hiring employer
The key attraction of any recruit is often their previous experience, sometimes with a competitor, and their depth of knowledge about the profession. However, incoming employees may have accessed a large amount of their former employer’s confidential information, which will usually be the subject of restrictions. New employers may find themselves subject to duties of confidentiality that prevent them from using such data in a useful way, even if it is of great commercial benefit to them.
A recent case involving Trailfinders provides a clear warning to businesses which receive information from a competitor, even where they are not aware that the information is necessarily confidential. In this instance, 40 sales consultants at Trailfinders left to join a competitor which encouraged them to bring their customer contact lists; the consultants weren’t warned that this might lead to a breach of confidence. The Court of Appeal held that the competitor was in breach of an obligation of confidence. Even though it was not explicitly made aware that the information was confidential, the competitor ought reasonably to have known that it was, or, if they were unsure, should have made enquiries as to whether it was confidential or not.
Employees should be discouraged from using or disclosing any information which has come from their former employer without its consent
To avoid falling into any disputes, it is recommended that employers are cautious with the wording of job adverts and the conducting of interviews so as not to encourage new recruits to bring along and/or disclose confidential information from their old employer. This may be seen as an inducement for an employee to breach their employment contract and could result in a claim against the recruiting firm for any resulting losses. Also, incoming employees should confirm whether they have any restrictions in their previous employment contract that will impact on their new role. Similarly, employees should be discouraged from using or disclosing any information which has come from their former employer without its consent – turning a blind eye does not remove the risk.
Lastly, if information is disclosed to the practice, it should consider whether it might be confidential. If it is clearly the type of information that any business would consider to be confidential, then it should not be used.
Confidential information is by its very nature valuable, and practices should take great care to protect it against loss and misuse. Similarly, employers should ensure that they are not put in a position where they might be accused of abusing another’s protected information.