Rogue Employee Data Theft Cases
π Key Laws Involved in Rogue Employee Data Theft
| Law | Application |
|---|---|
| Data Protection Act 2018 | Makes it a criminal offence to unlawfully access or share personal data without consent. |
| Computer Misuse Act 1990 | Covers unauthorised access to or interference with computer systems or data. |
| Breach of Confidence (Civil) | Enables employers to sue for misuse of confidential information. |
| Contract Law | Restrictive covenants and duties of confidentiality in employment contracts are enforceable. |
| Employment Law | Gross misconduct includes data theft; leads to dismissal and civil remedies. |
βοΈ Case Law: Rogue Employee Data Theft
1. Faccenda Chicken Ltd v Fowler [1986] 1 All ER 617 (CA)
Facts: Fowler, a former employee, set up a competing business and used customer lists and pricing info taken from Faccenda Chicken during his employment.
Legal Issue: Did the employee misuse confidential information after leaving?
Decision: The Court of Appeal distinguished between truly confidential information (protected even after employment ends) and general knowledge gained during employment (not protected).
Significance:
Foundation case on employee duties of confidentiality.
Employers must clearly define and protect sensitive data.
Helps distinguish between "know-how" and "trade secrets".
2. Briggs v Northwood (Liverpool) Ltd [2020] EWHC 2425 (QB)
Facts: Briggs, an employee, accessed confidential company files and emailed them to himself before resignation.
Legal Issue: Breach of contract and confidentiality.
Decision: The court held that emailing data to personal accounts without authorisation was a breach of duty of confidence and contractual obligations.
Significance:
Shows how civil courts deal with employee data theft even before leaving employment.
Reinforces employersβ rights to seek injunctions and damages.
3. Wilson v Exponential-E Ltd [2015] EWHC 2419 (QB)
Facts: A senior employee forwarded sensitive customer data to his private email account before leaving to join a competitor.
Legal Issue: Misuse of confidential information and breach of restrictive covenants.
Decision: Injunction granted to prevent use of the stolen data, plus an award of damages.
Significance:
Courts will act swiftly with injunctions to protect stolen data.
Breaching confidentiality and restrictive clauses can lead to significant consequences.
4. R v Rebecca Gray [2020] (Crown Court)
Facts: A medical secretary was prosecuted for unlawfully accessing the medical records of people she knew, without any work-related reason.
Legal Issue: Offence under the Data Protection Act 2018 (s170 β unlawfully obtaining personal data).
Decision: Gray was prosecuted and received a criminal conviction, although no jail term was imposed.
Significance:
Demonstrates the criminal liability under DPA 2018 for rogue access to personal data.
Especially serious in healthcare and sensitive sectors.
5. R v David McCabe [2008] (Crown Court)
Facts: McCabe, a former customer service employee, used his access to confidential financial data to commit identity fraud and steal money.
Legal Issue: Charged under Computer Misuse Act 1990 and Fraud Act 2006.
Decision: Convicted and sentenced to 3 yearsβ imprisonment.
Significance:
Illustrates criminal prosecution for data theft with fraudulent intent.
Shows how internal system access is abused in financial services.
6. Tullett Prebon Plc v BGC Brokers LP [2010] EWHC 484 (QB)
Facts: A group of brokers were accused of copying client contact databases before moving en masse to a rival firm.
Legal Issue: Misuse of confidential information and breach of employment duties.
Decision: The High Court found the employees in breach and granted significant injunctive relief and damages.
Significance:
Major commercial case on mass employee defection involving data theft.
Employers can sue not just individuals but recruiting competitors too.
π Key Legal Themes from These Cases
| Legal Principle | Application |
|---|---|
| Confidentiality continues post-employment | Information classified as trade secrets remains protected even after leaving. |
| Criminal and Civil Routes | Both available β criminal for unauthorised access or theft; civil for damages, injunctions. |
| Emailing files to self = breach | Courts treat unauthorised data transfers seriously, even if not shared with others. |
| Restrictive Covenants Matter | Non-disclosure, non-compete, and non-solicitation clauses are enforceable if reasonable. |
| Employer Duty to Safeguard Data | Must classify, restrict, and monitor sensitive data to uphold legal protections. |
π Summary
Rogue employee data theft is a growing legal concern, especially in sectors like tech, finance, healthcare, and recruitment. UK courts have developed a robust approach, applying both civil liability (for breach of contract/confidence) and criminal sanctions (under DPA and CMA) depending on the facts.
Employers can:
Seek injunctions to prevent misuse.
Claim damages for commercial loss.
Report offences for prosecution where personal data or computer systems are misused.
Employees are legally bound not just by contractual clauses, but also by implied duties of trust and confidence, especially when dealing with client data, trade secrets, or business strategies.
RELATED Blog
0 comments