Confidential information at risk with hybrid working model

Out-Law News | 03 Mar 2022 | 11:00 am |

Anne Sammon tells HRNews about protecting employers’ confidential information as staff switch between office and home 

HR-News-Tile-1200x675pxV2

We're sorry, this video is not available in your location.

  • Transcript

    How can businesses protect their trade secrets when staff are hybrid working? Employees are constantly switching between office and home working, emailing work to their home so they can work remotely, and it’s putting at risk the employer’s confidential information. So what can be done about it?

    The BBC asked the question this week: ‘Hybrid working: Will staff ever return to the office full-time?’ and the answer seems to be no, or, at least, not any time soon because this is what most employees want, especially the younger generation. As the CIPD explains, ‘there’s a talent war going on which means employers will have to accommodate home and office-based working from now on, if they want to attract the best young talent.’ The article goes on to cite numerous employees in various firms switching seamlessly between office and home, enjoying the new-found flexibility.

    So, the Covid pandemic has certainly changed the working landscape but, for employers, it brings new challenges when it comes to protecting their confidential information, risks that HR needs to be alive to. So let’s consider that. Anne Sammon has been advising on this throughout the pandemic and she joined me by video-link to discuss it. I put it to Anne that the move to hybrid working has brought a new level of risk to employers:

    Anne Sammon: “I think that's absolutely true and it's why we've spent quite a lot of time talking to clients about how to protect confidential information in light of COVID because all of a sudden we've asked employees to do work from home, we've given them printers, we've asked them to bring documents home, and as soon as they're out of the employer’s sphere of control in that way, there is a risk that some employees may choose to use them in a way that was never intended. So, I think the starting point tends to be well, actually, let's look at what policies you've got in place, what practices have you got in place to try to first of all make it really clear to employees what they can and can't do with confidential information, but also what guidance you’re giving them about how to destroy documents. I've seen in one instance, a client who suggested to employees that they needed to bring all printed documents back into the office so that they can be shredded, which in principle sounds like a great idea because you can check off manually that they printed 10 documents, and we've got 10 documents here so therefore they've clearly been destroyed. But there's the risk of that those documents have been copied somewhere along the way, or also the risk that what happens if the employee then leaves the documents on the train, you've got a data breach there, which is quite concerning. So, it’s about looking at these things in the round and thinking about how you protect the confidential information, but also not forgetting the data privacy implications of breaches.”

    Joe Glavina: “If the employer suspects the individual is emailing materials to their home what should they do about it?”

    Anne Sammon: “So, I think the first issue is identifying what the area of concern is, so is this somebody who's sending highly confidential documents to a home email address and have you given them guidance to say that they shouldn't do that? Or is it concerning for some other reason, for example, volume of documents? I think in that situation you want to talk to them about what it is that they're doing, why they're doing it, there's a danger slightly of jumping the gun, so you may have employees who genuinely are doing these things for the right reasons. You know, I've seen people say the IT systems are really slow and therefore I've sent it to my home email address because I just need to work on this document really quickly. So, I think what you need to do, first of all, is that first step in every employment type issue, which is investigate, find out what the employee is doing, what their reasons are for doing it, and think about whether those are reasonable. If you continue to have concerns, I think it's absolutely right to highlight what your employment contract says in relation to confidential information which is, hopefully, that that it's only to be used for legitimate purposes. Again the danger is if you start going down the route of saying, well, you've got restrictive covenants, you're not allowed to go and join a competitor, etcetera, etcetera, there is a risk that the employee starts to say, oh, you've lost trust and confidence in me, this is some sort of repudiatory breach of my employment contract, and the reason that we're so concerned about that in this particular scenario is because if an employee successfully argues there's been a repudiatory breach, then that means all of those nice restrictive covenants that we've got that provide us with the protection will fall away. Now, the confidentiality provisions won't, but the enforcing of restrictive covenants quite often can be easier than going down the confidential information routes.”

    Those ‘nice’ restrictive covenants that Anne referred to, are the express terms written into the contract of employment designed specifically to protect the employer’s confidential information when the employee exits the business. We have just seen an example of that in the case of Nissan v Passi where the car giant successfully applied to the High Court for an injunction to enforce restrictive covenants in the employment contract of their former Global General Counsel. Earlier this week lawyer Aisleen Pugh talked to this programme about that case in: ‘Passi case shows value of express confidentiality provisions’. That programme is available now for viewing from the Outlaw website.