Beware the former employee with sensitive information?


employee with sensitive information

When a person changes jobs, they bring with them skills and knowledge that can benefit their new employer. It might be tough to distinguish between information that an employee may lawfully utilize in their new position as part of their own experience and restricted information that should not be disclosed under any circumstances, particularly when an employee moves to a competitor.

Four former employees of Trailfinders Limited (UK and Ireland), a travel agency based in the United Kingdom and Ireland, filed a claim against the firm with Traction & Safety Specialists Limited (“TSS”). After leaving in 2016 to join TCL as travel consultants, these former employees are accused of making use of Trailfinders’ trade secrets, which violated their implied terms of employment contracts and/or equitable duties of confidence owed to Trailfinders. Trailfinders claimed that TCL committed a breach of confidence by having received confidential customer information and providing its former workers with the opportunity to exploit it for TCL’s gain.

What information can employees access?

Case law has established three categories of information that an employee may access while working for the company and how they can utilize it going forward.

  • Information that is already public would not be considered sensitive.

A company may not place any sort of fiduciary duty on its employee regarding such information, merely because it is no secret. When an employee changes jobs, they are free to freely distribute, share, and utilize the information.

  • Confidential information acquired during the ordinary course of employment continues to reside in an employee’s head and becomes part of their own experience and expertise.

The basic duty of good faith owed by an employee to their employer prohibits them from misusing such information (such as disclosing it to the employer’s competitor) – during the course of their employment. However, it ends when the employee’s employment comes to an end. After the job is finished, it may be freely utilized for the interest of either themselves or others (such as their new employer).

  • ‘Trade secrets’ are highly confidential information in the form of unique ‘trade secrets.’

This sort of secret information is also covered by the employee’s general duty of good faith to their employer. Confidential information (e.g., a company’s manufacturing process, including specific chemical formulae or designs or special construction techniques) may not be utilized by the employee for anything else outside of the employer’s benefit – and this duty extends beyond the duration of their employment. An employee should not discuss or misuse such sensitive information since he or she leaves the company.

Creating a distinction between the numerous sorts of sensitive data defined in points 2 and 3 (referred to as “class 2” and “class 3” confidential information, hereinafter) is not always simple. Furthermore, employees and potential employers should be on their guard because simply because information may fall into class 2 does not imply it can be freely utilized or disclosed at the conclusion of the employment.

  • Where the class 2 confidential information has been copied or deliberately memorized while still employed – though such acts might only be discovered after the employee has left their previous position, case law confirms that such procedures taken while still employed are actionable under the former employer’s confidence.
  • However, where the class 2 private information is not utilized to generate a livelihood but instead sold to a third party – even if the plaintiff can establish that he or she would have used their talents and expertise to their own (or new employer’s) benefit had they remained employed – courts will have difficulty determining whether such confidential information was misused.

Was the information critical to keeping the operation running?

In the case, the judge had to ensure that Trailfinders’ information was actually sensitive, which necessitated a determination of whether it could fall into class 2 or class 3. The following kinds of information were used (“Client Information”):

  • The names, nationalities, dates of birth, passport information, and frequent flyer numbers of the company’s clients
  • Your client’s contact information, such as their home addresses and telephone numbers (and, in some cases, email addresses)
  • Trips took with Trailfinders in the past and provisional bookings (including itineraries, hotel reservations, flight data, and prices)
  • The number of booking reference numbers, also known as booking references (used by clients to access Trailfinders’ online trip portal, Viewtrail)
  • Details of clients’ budgets, hobbies, interests, special requirements, and booking patterns (such as for anniversaries or honeymoons)

The judge determined that the Client’s Information was class 2 confidential information. The argument that the Client Information could not be confidential since it had not been sufficiently safeguarded by Trailfinders was dismissed owing to the fact that only an ID and alphanumeric password allocated to each employee, as well as the individual client, may access it. The judge wrote that the facts were, “while there may appear to be a technicality, in this case, proof of disclosure does exist.”

How did the previous workers get their hands on the Client Information?

On the last day of employment, one of the ex-employees (the Second Defendant, or “D2”) copied information from Trailfinders’ software system Superfacts) onto a piece of paper and took it home. It was claimed that this was only for convenience and that the information could have been obtained from other sources (such as D2’s own knowledge, personal accounts/devices, and publicly available sources). D2, therefore, argued that the information he gained from Superfacts was not confidential. In fact, D2 provided TCL with more than 200 contact details.

D2 also sent hard copies of information about a certain client to D3, who was in the process of booking two major trips for the customer. D2 wanted access to the data so that he could finish the reservations after leaving Trailfinders.

The other former employee (the “D5”) had begun putting together his “Contact Book” – which contained the names, contact information, booking references, and other information about 136 of his clients – approximately six months before leaving Trailfinders. D5 claimed that most of the data in the Contact List came from Trailfinders’ Superfacts software.

After quitting their jobs with Trailfinders, both D2 and D5 accessed Viewtrail (Trailfinders’ online trip portal for clients) without authorization. On several occasions, however, these individuals have claimed to be granted permission through oral agreement with just a few of their clients; on other occasions, they’ve stated that they’ve been given permission via phone from 32 clients (claiming to have had it from 23 over the phone).

Have any of the former employees failed to live up to their obligations as Trailfinders?

The judge agreed that D2 and D5 owed Trailfinders an implied term of confidentiality in their contracts of employment not to use or disclose the Client Information (other than for Trailfinders’ benefit) while they worked for them (as per class 2, above) and, secondly, a common law duty of confidence extending beyond the termination date, they had to disclose training or experience gained during their work with Trailfinders that was not covered in the original letter. However, the court acknowledged that while Trailfinders could not prevent D2 and D5 from using knowledge kept in their minds when they departed, this excluded information that was memorized on purpose.

The information D2 copied from Superfacts (including any information about his specific client), according to the court, was outside of D2’s experience and abilities. During the duration of his employment, copying such data was a breach of the implied term in his employment contract, as well as an infringement on Trailfinders’ equitable duty of confidence. The fact that the data was available from other sources had no bearing. The judge, on the other hand, found it difficult to infer whether D2 obtained permission from each of his ten customers to access their information on Viewtrail.

Turning to D5, the court was unconvinced that this defendant had obtained permission from any of his clients to view their information on Viewtrail (there was no documentary evidence and, during cross-examination, he admitted that he did not have permission in the majority of cases). The court rejected D5’s claims that Trailfinders had given his Contact Book the green light, and that similar arguments could be applied to the fact that the information was already freely available elsewhere. The implied term of D5’s employment contract was found to have been breached in compiling his Contact Book, and he was subsequently held to a corresponding equitable obligation. D5 departed Trailfinders’ employment to obtain and utilize information about his former clients, he also violated his equitable obligation to Trailfinders by circumventing Viewtrail after leaving Trailfinders’ employment.

Has there been a breach by Travel Counsellors in the past?

A new employer is bound by a duty of confidence if it obtained information that it should have known was confidential and was reasonably regarded as such. According to TCL’s business model, potential consultants (such as those from Trailfinders) were expected and encouraged to bring with them information about existing customers in order to get started building their client portfolio.

The court took into account that TCL considered its own equivalent information to be confidential, and deemed it “highly improbable” that TCL would believe Trailfinders’ client lists were not private. Furthermore, within TCL’s operations, a reasonable person would have been aware that at least part of the information supplied by D2 and D5 was likely to have been duplicated — there was simply too much to remember.

TCL was found to have breached its duty of confidence by receiving and failing to safeguard against confidential information.

Practical advice for businesses

Employers should educate their workers about their confidentiality obligations. In their employment contracts, employers who wish to use and handle confidential information should make it clear. It is also important to establish and enforce policies regarding the use of sensitive data, as well as provide training on the protection of confidential information to all employees in their specific job responsibilities, such as securing sensitive information (by storing physical copies away, encrypting electronic copies, limiting and maintaining records of access requests).

When employees leave a business, employers should do an audit to determine what sensitive data the employee had access to. Employees should be reminded of their confidential information obligations to their former employer and must be compelled to confirm in writing (as needed) that they have returned all electronic and physical copies of secret data – to ensure everything is taken is in the employee’s mind. It may be necessary to track and/or cut off access to highly-confidential papers for the departing individual in order to minimize the risk of any unauthorized copying or printing of such materials.

Be careful if an employee appears to be more informed than they should be (an overabundance of client data, product pricing, design specifics, ingredient or component lists, and so on). Even if no contract exists between you and the prior employer, there will be a duty of confidence in place if you know or ought to know that such information is considered confidential. If it is deemed valuable, you should inquire as to how the information was obtained. Turning a blind eye to the source of the information will not protect you from liability. 

On data protection, please note that although it was not considered in the original claim before the Intellectual Property Enterprise Court (and hence outside of the scope of this note), employers must be current on issues relating to data protection – particularly dealing with potential breaches if they become aware that a former employee has obtained any sort of personal information.

Leave a Reply

Your email address will not be published.