It’s the perfect smokescreen. The Covid pandemic is causing employees to switch between office and home working, and all too often they’re emailing work to their home so they can work remotely. So, what’s the problem with that? The practice is putting at risk the employer’s confidential information which can all too easily move from the employer’s database to the employee’s personal account and, potentially, misused.
This is precisely what happened in a case we reported last week, Richard Baker Harrison v Brooks and Sambrook, here the employer discovered what the employee was up to and took the necessary legal action in the High Court to limit the damage. The employer was RBH, a distributor of minerals and chemical raw materials. The defendants were two of its former employees, Mark Brooks and Andrew Sambrook. They resigned to set up a start-up competitor business but in the months leading up to their resignation they planned together to divert business, and a key client in particular, away from RBH to their own business. RBH brought a claim to enforce obligations of non-competition, confidentiality, and post-termination restrictions against the employees – the claims were successful in their entirety.
As part of their preparations, over the course of several months, Andrew Sambrook emailed documents, including confidential information, to his home email account. In court he said he was working a lot from home because of the pandemic and the emailing was just a convenient way for him to work. The High Court judge didn’t believe him and he was found to be in breach of an array of restrictive covenants designed to protect that confidential information.
Although the employer was successful in this case the practice of employees emailing documents to their home, and often printing them off at home, is an issue that HR needs to be alive to for a number of reasons. There’s the GDPR risk which we highlighted last week in our programme ‘Hybrid working creating GDPR risk as staff print documents at home’. There is also, potentially, the risk to the employer’s most precious assets, it’s confidential information and trade secrets. So, let’s hear more about that now. Anne Sammon has been advising on this issue throughout the pandemic and she joined me by video-link to discuss it. I put it to Anne that Covid has created a unique risk to employer’s confidential information:
Anne Sammon: “I think that's absolutely true and it's why we've spent quite a lot of time talking to clients about how to protect confidential information in light of COVID because all of a sudden we've asked employees to do work from home, we've given them printers, we've asked them to bring documents home, and as soon as they're out of the employer’s sphere of control in that way, there is a risk that some employees may choose to use them in a way that was never intended. So, I think the starting point tends to be well, actually, let's look at what policies you've got in place, what practices have you got in place to try to first of all make it really clear to employees what they can and can't do with confidential information, but also what guidance you’re giving them about how to destroy documents. I've seen in one instance, a client who suggested to employees that they needed to bring all printed documents back into the office so that they can be shredded, which in principle sounds like a great idea because you can check off manually that they printed 10 documents, and we've got 10 documents here so therefore they've clearly been destroyed. But there's the risk of that those documents have been copied somewhere along the way, or also the risk that what happens if the employee then leaves the documents on the train, you've got a data breach there, which is quite concerning. So, it’s about looking at these things in the round and thinking about how you protect the confidential information, but also not forgetting the data privacy implications of breaches.”
Joe Glavina: “If the employer suspects the individual is emailing materials to their home what should they do about it?”
Anne Sammon: “So, I think the first issue is identifying what the area of concern is so is this somebody who's sending highly confidential documents to a home email address and have you given them guidance to say that they shouldn't do that? Or is it concerning for some other reason, for example, volume of documents? I think in that situation you want to talk to them about what it is that they're doing, why they're doing it, there's a danger slightly of jumping the gun, so you may have employees who genuinely are doing these things for the right reasons. You know, I've seen people say the IT systems are really slow and therefore I've sent it to my home email address because I just need to work on this document really quickly. So, I think what you need to do, first of all, is that first step in every employment type issue, which is investigate, find out what the employee is doing, what their reasons are for doing it, and think about whether those are reasonable. If you continue to have concerns, I think it's absolutely right to highlight what your employment contract says in relation to confidential information which is, hopefully, that that it's only to be used for legitimate purposes. Again the danger is if you start going down the route of saying, well, you've got restrictive covenants, you're not allowed to go and join a competitor, etcetera, etcetera, there is a risk that the employee starts to say, oh, you've lost trust and confidence in me, this is some sort of repudiatory breach of my employment contract, and the reason that we're so concerned about that in this particular scenario is because if an employee successfully argues there's been a repudiatory breach, then that means all of those nice restrictive covenants that we've got that provide us with the protection will fall away. Now, the confidentiality provisions won't, but the enforcing of restrictive covenants quite often can be easier than going down the confidential information routes.”
Aside from the issue of protecting your confidential information, that at High Court judgment in RBH v Brooks & Sambrook shines a light on two others key issues. The data protection risk when staff email documents to their home and printing them off is one we covered in our programme ‘Hybrid working creating GDPR risk as staff print documents at home’. In many cases there is also a need to apply to the High Court for injunctive relief to stop the employees’ in their tracks and limit the damage. Jon Coley explains how employers wanting that equitable remedy will need to satisfy a number of criteria as a prerequisite. That programmes is ‘RBH case shows value of restrictive covenants as enforcement succeeds ‘in entirety’. Both those programmes are available for viewing now from the Outlaw website.
- Link to High Court’s judgement in Richard Baker Harrison Ltd v Brooks and Others