Out-Law News 4 min. read
22 Nov 2011, 2:00 pm
F&C Alternative Investments (Holdings) Limited (F&C Holdings) believed that one of the partners in the LLP needed the permission of the management committee of the whole group of companies to conduct covert monitoring in accordance with the group's IT policies but the High Court has said that this was not the case.
The partner in the LLP financial services firm was therefore not in breach of UK data protection laws when he secretly monitored email correspondence of group employees, the Court said.
Mr Justice Sales ruled that Anthony Culligan was entitled to search through email correspondence involving Brian Tilson and Nicholas Sparks because he was authorised by the data controllers, F&C Partners LLP (F&C Partners), to do so and that his actions were justified.
F&C Partners was set up as a LLP by Culligan and fellow partner Francois Barthelemy under the corporate ownership structures of F&C PLC, an asset management company. Culligan and Barthelemy each owned 20% of F&C Partners, with a subsidiary of F&C PLC - F&C Holdings – owning the remaining 60% of the LLP. F&C Partners was set up with the specific purpose of managing fund of hedge fund financial products.
A legal dispute between Culligan and Barthelemy and F&C Holdings arose over the financial performance of F&C Partners. F&C Holdings had claimed that Culligan and Barthelemy had acted in a manner which was unfairly prejudicial to the interests of F&C Partners, contrary to the terms of the UK's Companies Act. Culligan and Barthelemy had counter-claimed that F&C Holdings itself had acted in unfair prejudice to the interests of the business.
Culligan began monitoring Tilson's and Sparks' work emails when he became suspicious that they were passing information relevant to the dispute onto Fernando Ribeiro, a senior manager within F&C PLC. Ribeiro was also the chairman of F&C Partners' management committee which had been set up to "have responsibility for the management and control of [F&C Partners]," the ruling said.
F&C Holdings claimed that in order to conduct covert monitoring of employees' emails Culligan had to first obtain the permission of the group management committee. However, Mr Justice Sales said that because F&C Partners' business was separately regulated and managed from F&C PLC, it was F&C Partners which was the data controller of Tilson and Sparks' emails. Culligan was authorised to search the emails under F&C Partners' own "governance structures," the judge ruled.
Under the Data Protection Act it is a generally an offence for a person to "knowingly or recklessly, without the consent of the data controller: obtain or disclose personal data or the information contained in personal data, or procure the disclosure to another person of the information contained in personal data".
Under the Act obtaining or disclosing personal data is legitimate in certain circumstances, including if the person "acted in the reasonable belief that he had in law the right to obtain or disclose the data or information or, as the case may be, to procure the disclosure of the information to the other person".
Mr Justice Sales said that Culligan was authorised to secretly monitor Tilson and Sparks' email and was justified in doing so because Tilson had "by-pass[ed] the ordinary processes of government within [F&C Partners]." he said.
"There were sufficient grounds for Mr Culligan to have a legitimate concern that Mr Ribeiro was seeking secretly to co-ordinate actions with Mr Tilson and that Mr Tilson was acting with him to take steps damaging to the LLP; that Mr Ribeiro might in this way be subverting the proper structures of authority in the LLP; and that Mr Ribeiro might also be doing so by communications with other senior members of staff, including in particular Mr Sparks," Mr Justice Sales said in his ruling (303-page / 1.83MB PDF).
"In my view, the steps taken by Mr Tilson to by-pass the ordinary processes of government within [F&C Partners], the appearance of a degree of co-ordination with Mr Ribeiro, other steps taken by Mr Ribeiro by-passing the ordinary governance structures of [F&C Partners] ... all read against the background of sharply conflicting interests of [Culligan and Barthelemy] and F&C in the context of the dispute, combined together to produce an adequate justification of the step taken by Mr Culligan," the judge said.
"Since he had legitimate objective grounds to be concerned that Mr Ribeiro might be seeking to by-pass proper governance of [F&C Partners] by contact with Mr Tilson, he also, in my view, had legitimate objective grounds for concern that he might also be seeking to do so by contact with Mr Sparks. I therefore find that Mr Culligan’s covert investigation of e-mails of staff of [F&C Partners] was authorised by [F&C Partners] under its relevant policy and was justified on the facts which presented themselves to Mr Culligan at the time," he said.
Mr Justice Sales said that Culligan's email monitoring "was confined within reasonable bounds proportionate to the legitimate objects of his investigation".
"I accept Mr Culligan’s evidence that as soon as he discerned that an e-mail was personal or did not concern possible improper activity, he did not open it or scrutinise it further," the judge said.
The Data Protection Act sets out lawful grounds for organisations to process personal data. It is unlawful to process the data without having legitimate grounds for collecting and using it and using it in a way that causes unwarranted intrusion on their privacy and may adversely affect individuals.
Mr Justice Sales also rejected claims by F&C Holdings that Culligan had committed a criminal offence under the Computer Misuse Act. Under that Act it is generally an offence for a person to knowingly cause, without authorisation, "a computer to perform any function with intent to secure access to any program or data held in any computer, [or to enable any such access to be secured]".
