Stealing a march on the data thieves

It is well-known that the theft of client and candidate databases by consultants who hop from agency to agency is a common problem faced by the recruitment industry. The level of wrongdoing varies from an employee inadvertently leaving a business with a handful of client contacts in his or her mobile phone to a team of consultants leaving a business to set up a competing desk in a rival agency around the corner on the following day, armed with their previous employer’s confidential candidate data and even financial information. The courts are handling an ever-increasing number of these cases as competition for fees among agencies and commissions between consultants intensifies.

The position in law is simple. The database belongs to the business and the courts will assist the business in protecting that asset against the unlawful use of it and any corresponding unfair competition that ensues. The business is entitled to recover financial compensation arising from the misuse of its data from the errant employee.

The business has various legal remedies, which, at the top end of the scale, would entitle the business to obtain High Court Orders for the immediate delivery up of the database and permanent restraining injunctions preventing the individual or rival agency from using the information for an indefinite period going forward. The court may also order that full disclosure be given of precisely what use has been made of the database and who has copies of it to assist the business in recovering its information from other third parties who have obtained the data by hook or by crook.

However, before invoking legal proceedings, the business should decide whether its money is best invested in taking legal action. While the court will provide effective protection against the misuse of confidential client and candidate information and will assist the business in recovering its data, this is a costly process and there is no guarantee that those significant costs will ultimately be borne by the wrongdoer. The business should first determine what its objectives are and what is the level of risk that it faces. For example, does the business wish to prevent unfair competition? Does it need to recover the data to prevent this or is the data now outdated? Does the business want financial compensation and if so does the individual have sufficient assets to meet the liability? And so on.

As a prudent and practical tip for all agencies, it is sensible to invest now in ensuring that the employment contracts are properly drafted with valid, enforceable and signed confidentiality and restrictive covenant clauses that will deter data theft and assist the business in taking legal action should this be necessary. Further, there are steps that may be taken to protect data against the risk of it being stolen such as configuring computer systems to prevent mass downloads and copying of data. It is often cheaper and more effective to implement such preventative measures rather than seeking to recover data once it has been stolen.

Hugo Plowman

Share with:

Business, career, information