Data theft has long been an issue for employers especially when employees leave businesses. This is particularly concerning when the theft relates to confidential customer or client information.
The loss of other staff to competitors when they follow significant departing individuals is also troublesome, as is the leakage of intellectual property and/or precedents, processes and policies. What can be done is limited without strong evidence of theft, clarity on resulting loss, robust restrictions and generally the funds to cover potentially considerable legal and other costs. Injunctive action is the most effective way of ensuring a business is protected but it is time consuming and expensive, and often considered to be a hammer to crack a nut. It is therefore fairly rare for an employer to take this action and this is something many employees rely on when considering their actions.
However a recent criminal prosecution for theft of personal data has added a new focus to the protection of data.
The Information Commissioner’s Office (ICO) is warning employees that walking off with the personal information of their employer when changing jobs is a criminal offence, after an employee was recently convicted of it. A paralegal who changed firms has been successfully prosecuted after he sent home information in the form of precedents, spreadsheets and other information which contained sensitive personal data of individuals. He was charged and convicted under s.55 of the Data Protection Act for illegally taking the sensitive information of over 100 people before leaving a solicitors firm for a rival firm in April 2013 where he hoped to use the information.
ICO head of enforcement Stephen Eckersley said: “Stealing personal information is a crime. The information contained in the documents taken included sensitive details relating to individuals involved in ongoing legal proceedings. He took this information without the permission of his former employer and has been rewarded with a day in court and a substantial fine.”
He said: “Employees may think work related documents that they have produced or worked on belong to them and so they are entitled to take them when they leave. But if they include people’s details, then taking them without permission is breaking the law.”
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by a fine only – up to £5,000 in a magistrates court or an unlimited fine in a crown court.
The ICO is continuing to call for “more effective deterrent sentences”, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.
It is therefore appropriate for employers to draw this potential action to employees’ attention to help bolster and reinforce provisions in contracts preventing theft of data.
Other blogs of interest: