Stopping Employees stealing confidential data – new Regulations

Wed, 27 Jun 2018

Mugni Islam-Choudhury, June 2018.

On 9 June 2018, the Trade Secrets (Enforcement, etc) Regulations 2018 came into force. Any employee wanting to steal Mr Willy Wonka’s secret candy recipes had better watch out as it applies to anyone who is an “infringer” of “trade secrets”.

Over the last 12 months or so, I’ve been instructed on a number of matters where an employee has stolen data to take to a competing business or (mis)use for themselves. I don’t know if it just a coincidence or that there is more of this activity going on, or that it is now more easily detected. Usually consideration is given to whether the business should apply for an injunction in breach of express or implied terms of confidentiality and possibly breach of fiduciary duties for very senior employees. Now, the employer can rely on the 2018 Regulations for remedy.  

The EU, recognising that data theft from businesses (what used to be called rather excitingly, “industrial espionage”) can be very damaging, passed Directive (EU) 2016/943 for the “Protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure”. The 2018 Regulations bring the Directive into to UK law. 

The 2018 Regulations recognise that English law affords protection for such data under common law and equity, but that the Regulations have been made, according to the Explanatory Notes, to “fill in the gaps” and make the law more coherent.

“Infringer”, “infringing goods” and “trade secret” is now given a statutory definition, although what constitutes as breach of confidence is left to the common law. As mentioned, the infringer could be an employee, but also his/her new employer, his/her new competing enterprise or any third party.  Regulation 3(1) makes it unlawful for anyone to acquire, use or disclose a trade secret which constitutes a breach of confidence in confidential information. 

By Regulation 3(1) and (2), the victim of a breach can apply to a court for measures and remedies to rectify the breach under common law and equity and also under the Regulations. These include interim orders for cessation of use and delivery up of the confidential information. 
Notably, under common law and equity, an employer would normally have to give a cross-undertaking in damages to get an interim order. However, under Regulation 11(8) the giving of cross-undertakings is not expressed as being mandatory.

The scope of when a court will order an interim or final injunction has developed through case law over many decades. Regulation 15 now sets a statutory test of matters to be considered when making an order. Finally, there are also powers to assess and award damages. Notably, in assessing damages, the court can take into account not only the profits lost by the victim, but also the profits made by the infringer. 

Although some might argue that there was actually no need to introduce the 2018 Regulations as the courts afforded adequate protection under common law and equity, the provisions do provide a simplicity and coherence to this area of law. It will be interesting to see, as the courts deal with the scope of the Regulations, whether the “gaps have been filled” and the scope of the court’s powers have been broadened. 

View Mugni Islam-Choudhury's profile here

 

Related articles

Richard Adkinson will take up the role of a Salaried Employment Judge of the Employment Tribunals (England and Wales)...

Date: Thu, 29 Aug 2019
Two cricket tournaments staged by No5 Barristers’ Chambers in memory of a late member have raised a total of £3,375 for the national charity of the Bar – Advocate....

Date: Thu, 08 Aug 2019
The Court of Appeal has today handed down judgment in the case of the Chief Constable of Norfolk Police...

Date: Fri, 21 Jun 2019