HR Services and Employment Law specialist
Menu
HR Services and Employment Law specialist
Call Us: 01491 598 600 Email Us: cw@gaphr.co.uk
  • Home
  • Services
  • Quiz
  • HR Information Centre
    • Redundancy
    • Disciplinaries
    • FAQs
  • Blog
  • About us
    • Hospitality HR
    • Client Case Studies
  • Contact us

How Lucrative Is Stealing Client Data – Is It THAT Bad?

Written by Carolyne Wahlen

Most of us have a non-compete and confidentiality clause in the contract reminding employees that the data they work with is confidential and not to be taken outside of the company (if you don’t, give me a call!).

However, if you do have an ex-employee who you discover has taken your client data to a rival company or to set up on their own behalf, then an effective way to deal with it – especially with the GDPR (General Data Protection Regulation 2018) now in place – is to report the breach to the Information Commissioner’s Office (ICO), who will enforce the regulations.

You could try a civil prosecution against them, but that will cost a lot in legal fees and you would have to prove a loss. Much better to leave it to the ICO.

Successful Prosecutions

  • In 2011, two T-Mobile employees were fined £45,000 for passing nearly 500,000 customer details onto a competitor.
  • In 2013, Paul Hedges was fined £3,000 after he accessed his employer’s customer details with the intention of setting up a rival business.

  • May 2016

    • Mr Lloyd (L), a ex-employee of Acorn Waste Management (AWM), was successfully prosecuted.
    • Before leaving his employment at AWM  to start work with a rival company, L sent an e-mail containing the details of 957 of his employer’s clients to his personal e-mail address.
    • The e-mail contained personal data, such as client contact details, their purchase history and other commercially sensitive information.
    • L pleaded guilty to unlawfully obtaining personal data, was fined £300 and ordered to pay £406 in costs and a £30 victim surcharge.
    • At the end of 2016, Karun Tandon was also successfully prosecuted.
    • Tandon, who previously worked at Lex Autolease Ltd, used his work computer to access the personal data records of 551 customers who had been involved in road traffic accidents.
    • He then emailed those details to his personal email address and subsequently sold them to a third party as personal injury leads.
    • He was prosecuted for unlawfully obtaining personal data and unlawfully selling personal data. He pleaded guilty and was fined £500 and ordered to pay costs of £364.

 

  • May 2018

    • Daniel Short left the recruitment company he was working for, VetPro Recruitment, in October 2017 and a short time later set up his own similar company called VetSelect.
    • During an investigation it was discovered that Short had stolen the details of 272 individuals from VetPro’s database for commercial gain.
    • Short pleaded guilty to unlawfully obtaining personal data, was fined £355 and was ordered to pay costs of £700 as well as a victim surcharge of £35.

 

  • January 2021

    • Kim Doyle (KD) pleaded guilty to charges of conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data. She was sentenced at Manchester Crown Court on 8 January 2021 to eight months’ imprisonment, suspended for two years.
    • KD unlawfully compiled lists of road traffic accident data including partial names, mobile phone numbers and registration numbers despite having no permission from her employers. She then unlawfully transferred the data she obtained to William Shaw (WS), the director of an accident claims management firm. WS was also sentenced to eight months’ imprisonment, suspended for two years after pleading guilty to conspiracy to secure unauthorised access to computer data.
    • They were both ordered to each carry out 100 hours’ unpaid work and contribute £1,000 costs.
    • A Confiscation Order, under the Proceeds of Crimes Act, to recover benefit obtained as a result of the offending had been given by the Court in which KD must pay a benefit figure of £25,000 and WS must pay a benefit figure of £15,000. Both will face three months’ imprisonment if the benefit figures are not paid within three months.

It is important to note that it’s completely irrelevant how personal data is removed from your control – exactly the same principles would have been applied if the data had been downloaded to a USB flash drive or physically photocopied.

 

In our handbooks we have “sending company information to a private email address” as gross misconduct. So you could dismiss them for this breach of confidentiality as well as reporting them to the ICO.

Reporting Threat

Where you reasonably suspect that an individual has removed confidential information on leaving your employment, and this includes third parties’ personal data, you might be able to obtain some leverage over them by threatening to report the matter to the ICO.

 We can send them a letter threatening to contact the ICO.

stealing client dataA Sufficient Deterrent?

A fine from the ICO can potentially be unlimited, and the penalties under GDPR are much worse than they were before.

However, whilst the deterrent effect of reporting an employee to the ICO may well be limited, most people certainly won’t want to risk having a criminal record as well as the bad publicity it will attract.

Be aware however, that if there is a data breach, you, as the employer, will need to prove that you have trained staff on data protection and that they were aware of their personal legal obligations.

Having a clause in the contract will NOT be enough to prove that you were not negligent in keeping data safe.

 

Filed Under: Confidentiality, Contracts of Employment, Non-compete, Non-solicitation

About Carolyne Wahlen

Carolyne is the founder and owner of Gap HR. She's seen what works in HR and what doesn’t, and has practical answers to real problems that small businesses can apply with immediate effect.

Schedule a meeting with Carolyne

Click here to download

• We exist to help you stay legal, compliant and profitable, without shelling out for an in-house HR manager.

• Our founder Carolyne has worked in people management since 1995, which means you’ve got decades of experience you can rely on.

• Over 170 clients benefit from the experience and expertise of the Gap HR team.

 


Call Us: 01491 598 600

 


email us: cw@gaphr.co.uk

Click here to download

Where our clients are:

Mark Ghafoor, KCC Basildon

“Whether it’s a simple question or a more complex query, GAP HR have ensured that we have the most up to date knowledge of current legislation and processes to ensure we can offer the best support to our teams.
It is reassuring to know that expert advice is only a phone call or video conference away!”

Deb Green, Vermatech Pest Control

“We have been using Gap HR for several years now. Carolyne and her team are professional and efficient and we would not hesitate in recommending them for small businesses. It is a great relief to know we are supported by them for our HR advice and paperwork is kept up to date.”

Justin Wilkie, 2Excel Logistics

“I have been working with Carolyne and her team for 6 years now , when I first purchased 2Excel Logistics I found the HR scary as I wanted to do the right thing for my staff , with Gap HR on my side this all seemed easy and we have gone from 9 staff to 28 with no hassle what so ever , thank you to all at Gap HR”

Ashley Lewis, Wallingford Tiles and Bathrooms

“So pleased to be working with Gap HR. They’ve straightened us out in no time. Their pricing is clear and they really know what they are talking about.”

Helen Gordon, Kitecreative

“We are a growing company but do not have facilities in house yet for HR services in house. Gap HR is our go to service for all kinds of advice about HR for our business and we have found them very reliable, communicative and efficient. Would definitely recommend them”

“Carolyne and team continue to provide great support to our business, with quick and accurate responses to help with our various HR needs.”

“Gap HR have been at our side for a number of years now and are a great help in dealing with our HR needs”

Copyright © 2021 Name & Registered Office:

Gap HR Services Ltd.
Wallingford Road, Goring, Reading, RG8 0HN, UK
Phone: 01491 598 600

Company No. 08146299 | Contact us | Privacy & Cookies Policy | About this Website