Data theft Companies are vulnerable to their database being stolen by former employees. However, as Robert Wynn Jones and Rhymal Persad explain, preventive measures and remedies are available
The database of landlords and tenants is the cornerstone of a property company’s rental business and the most valuable asset of that aspect of its business. The database is therefore vulnerable to theft and misuse.
Most companies invest a lot of time and money in maintaining and enhancing their database.
If a company’s confidential information falls into the hands of a competitor or the latter can benefit from breaches of confidence and/or restrictive covenant, the financial performance of the business and its commissions will be adversely affected. Furthermore, this could threaten the existence of the business.
Property agents operate in a mobile and competitive job market and often move between competing agencies. With this fluid market comes the risk that the landlord and tenant database could be taken by a former employee or business partner.
Trends in data theft
Statistics from Mishcon de Reya show that data theft and covenant-breach related matters increased from 2006 to the third quarter in 2008. However, as the economy went into meltdown in the fourth quarter of 2008 and the credit crunch became felt, data theft decreased. The fall in the number of cases prosecuted resulted from employees being less willing to move agency or set up their own in uncertain economic times.
However, since mid- to late-2010, data theft in the property sector has increased significantly as the market recovers. This rise is alarming but not unpredictable, and the industry should not ignore it.
How is the data stolen?
Although many prudent employers have taken steps to safeguard their confidential database from falling into the hands of competitors or rogue employees or business partners, many opportunities remain for unscrupulous employees to steal information. Whether it be by downloading confidential information onto a USB memory stick, sending e-mails to a personal e-mail address, downloading information to a social networking site or printing hard copies of confidential material.
This will be a concern to employers in the real estate market. With the technological advances during the last decade, employees who are intent on stealing confidential information will find a way to do so. For instance, Mishcon’s survey shows that the use of USB memory sticks, iPods, CDs or DVDs has increased by 300% in the last three years and accounts for more than 15% as the method used for stealing confidential information.
Detection and prevention
How can businesses prevent their confidential information from being stolen? This threat can be addressed in various ways:
? solid and enforceable employment contracts, particularly with regard to confidentiality, restrictive covenants and database, e-mail and internet use (particularly in respect of social networking sites);
? strict security and compliance policies for the use of landlord and tenant databases ;
? appropriate security protection in the database IT software;
? lawful monitoring of employees’ use of the databases and IT systems generally;
? a review of e-mail traffic for the few months prior to resignation to detect the misappropriation of any confidential information; and
? thorough exit interviews and written reminders of the former employee’s duties of confidence and restrictive covenants.
If data is stolen
What are the options if these preventive measures do not work and the databases are misappropriated? One option is to do nothing. However, this will cause serious problems that are difficult to resolve. Clients often regret not acting immediately. There are a number of reasons for this.
First, it is best to act immediately so that the misuse of a database has not reached a stage where the loss to the company is significant and/or irreparable (however, this is not always possible). Rights should be enforced before significant damage is done. The main aim is to protect the existing business before it moves elsewhere, not to pursue a large damages claim. Some businesses never recover if the problem is not dealt with early.
Second, if the decision is made to take injunctive relief, the courts are more inclined to grant such orders if the aggrieved party acts swiftly.
Should a theft occur, areas to be investigated include:
? e-mail accounts;
? recent database searches;
? print logs;
? contacts on social networking sites; and
? address/contact books.
It is also worth investigating whether a former employee has contacted his former landlords and/or tenants.
Different types of court orders
If the evidence of misappropriation and misuse of the database is strong, it may be sufficient to obtain an application for an injunction in the High Court. The application is often made without notice to the other party. Various types of injunctions are available:
? an order for the immediate delivery-up of the misappropriated confidential material to a solicitor;
? a restraining injunction prohibiting the use of the confidential information;
? an imaging order, which requires the defendant company and/or individual to take a copy of its; computer systems so as to preserve any evidence of wrongdoing; or
? a search order, which is the more powerful of all orders.
Powerful weapon
A search order is granted to the aggrieved party and allows the search of the business and/or home premises of the individuals or companies who have misappropriated and misused the confidential information. The court application takes place without notice to the defendant(s). The main reason for seeking such an order is that given the conduct of the defendant(s) in misappropriating the databases, should normal proceedings be commenced, the defendant would destroy, conceal or alter the evidence so as to avoid liability. The search order allows for evidence to be preserved by searching the relevant premises. A High Court judge lists in the order the categories of documents that can be removed.
An imaging order is often included as part of a search order because key evidence is frequently found on computers rather than hard copy documents.
If, following the search, overwhelming evidence is discovered to demonstrate that the former employee has misappropriated a database and breached his restrictive covenants, this often leads to a quick and favourable settlement of the matter for the aggrieved party, including the payment of its costs.
Obtaining and executing a search order is expensive. However, in the right factual, legal and commercial circumstances, it represents the most powerful legal weapon available. It is not without risk and the courts do not grant them lightly, but they can provide the ultimate protection to a business.
Social networking sites
The High Court’s decision in Hays Specialist Recruitment (Holdings) Ltd v Ions [2008] EWHC 745 (Ch); [2008] IRLR 904 demonstrates that the courts will recognise that an employer is entitled to protect its confidential client information that is placed onto social network sites. The decision reassures businesses that they have claims where an employee uploads business contacts from the employer’s database to social networking sites without authority with a view to using it for the benefit of a competing business.
Nevertheless, it is advisable to ensure that employment contracts and/or company handbooks contain adequate provisions dealing with the use of social networking sites by employees.
Act now
Data theft remains a real threat to estate agents and as the economy continues to improve, that threat will become more significant. Property agents should act now and take the appropriate steps to protect their businesses from data theft and prevent this from becoming a greater problem in the future.
However, if confidential data is stolen, swift and strong action can be taken to protect property agents’ confidential client lists and other confidential information.
TIPS TO PREVENT DATA THEFT |
? Employment contracts should contain a definition of confidential information and restrictive covenants and they should be tailored to the business. |
Robert Wynn Jones is an associate and Rhymal Persad is a solicitor in the fraud and insolvency group at Mishcon de Reya
