06 September 2021
Commitments are not made to be broken: enforcing employee post-employment obligations and protecting confidential information
The employer/employee relationship is usually one where a lot of trust is given by the employer to the employee very quickly. The employer must, for example, entrust its confidential information, IP and goodwill to its employees. It does so to enable its business to function and to further its growth and best interests. But what do you do when that trust is broken, an employee breaches their employment contract and their overarching obligations to the business?
In this article we consider some of the practicalities and pitfalls in protecting the business after an employee departs.
Does your employment contract contain protections for the business?
In most employment contracts, an employer will seek to protect its confidential information and the goodwill that it has spent years or decades building. While the law may separately protect truly confidential information and an employer’s intellectual property, it is critical for the employment contract to contain an agreed restraint clause.
Restraint of trade clauses
While there is often a preconceived idea that restraint clauses are useless and difficult to enforce, a properly constructed restraint clause can be a very useful and powerful instrument for an employer, particularly if the clause is constructed well.
Restraint clauses should include:
details about the employee’s position
what risk the restraint clause is seeking to protect
information about the specific industry/business of the employer
specific detail about the area, duration and scope of the restraint.
The latter detail is critical. The restraint should identify, precisely what it is the employee cannot do, for a period of time post-employment, for example, is the employee restrained from being employed by a specific competitor for a period of time, or is the employee not to solicit and lure clients they dealt with during their employment away from the employer?
Employers should ensure that restraint clauses are not overly burdensome and restrictive. For example, restraining an employee from working anywhere else in Australia for a period of 10 years will be unreasonable and an unenforceable restraint. The restraint should be tailored based on the specific employment, the level of trust placed in the employee and the legitimate needs of the business to protect its confidential information and goodwill.
Protection of an employer’s information and property
Intellectual property and confidentiality clauses are another common and useful mechanism to ensure that confidential and sensitive employer information is protected.
These clauses often define what documents and information are considered as confidential by the employer. Information that is confidential will include trade secrets, secret formulas and recipes, client and customer lists, pricing information, and any other information that is unique to the business and unknown to people outside of the business.
But not all information can be protected. Employers should be mindful that the information that they are seeking to protect must be considered as confidential rather than simply general knowledge (or know-how) acquired by an employee during the course of their employment or general and trivial information.
While these clauses are useful, employers must also ensure that they implement measures to limit any risk of sensitive information being shared with others outside the organisation. Employers should consider doing the following:
having formal policies in place detailing access and permitted use of company information
training for employees regarding expectations in respect of access and use of confidential and sensitive information
limiting access to certain information if it is confidential, including having appropriate security measures in place such as implementing an electronic document management system which controls access and log employee access to material
prior to an employee leaving an organisation, the employee should be reminded of their post-employment obligations.
Tips and hints
While we all like to hope than none of our employees would breach their post-employment obligations or steal confidential information for their future business or employer, a study done by McAfee found that in 43% of information and data theft incidents, the culprit was someone internal to the organisation and 60% of the times the culprit sought to obtain client information.
Sometimes, ascertaining what has occurred can be difficult, whilst in other cases not so much. We recently ran a case where a simple internet search history of an outgoing employee was rather telling. The employee had searched amongst other things programs for converting the employer’s database to a new format for their future use.
In effect, these searches showed that the outgoing employee was seeking to transfer the businesses confidential information from one server to another so that they could gain access to it after their employment ceased.
Although each occasion will not be as simple as the above to uncover, in circumstances where it looks like an employee has stolen confidential information or taken steps to prepare to compete and steal your business, it is important to act quickly and interrogate all available information, even if you have no restraint provision or even a written employment contract.
Investigating the matter remains worthwhile as the law imposes important obligations on employees like good faith and fidelity and obligations to maintain confidence. The Corporations Act and other legislation may impose other duties to not misuse information for a personal gain. These duties and obligations may enable the courts to provide meaningful remedies in the form of restraints and/or significant damages (unrestrained by the usual misguided arguments that the client would have left anyway).
Here are a few tips and hints to consider if you believe that your confidential information or client connection may have been stolen by an employee or ex-employee:
1. Secure and retain all available evidence of the breach as soon as possible.
2. Undertake an extensive review of all records (including but not limited to access logs, phone calls, emails, printed documents, downloaded documents, USB and portable hard drives which were connected to the employee’s computer) to ascertain what information or documents were accessed and downloaded, when this information was accessed and by whom.
3. Interview employees or talk to clients who may have information regarding the former employee, information about any possible access to confidential information or information regarding whether the former employee has taken up employment elsewhere and or has tried to take business.
4. If, following investigations, you suspect that a former employee has breached their employment contract or has accessed/stolen confidential information or other property, seek legal advice on next best steps. It could, in serious cases, involve an urgent approach to the courts or it may involve writing to the former employee to:
a. remind them of their employment duties and any post-employment obligations;
b. make them aware that you know that they may have already breached these obligations;
c. demand that they cease and desist from any behaviour that is contrary to their obligations;
d. demand that the former employee returns any confidential information or company property; and
e. demand that they provide an undertaking to ensure that no further breaches occur.
This is not an exhaustive list and may differ in each situation.
5. If the former employee does not satisfactorily respond to the correspondence or at all, court intervention may be required. You may ask the court to:
a. grant an injunction which prevents the former employee from engaging in any activity that they are restrained from doing;
b. seek damages and/or an account of profits for the breach; and
c. seek orders for the return of company property and information.
This is not an exhaustive list and the required remedies may differ in each situation.
Sometimes employers also want to write to the new employer. Any such communication needs to be carefully considered, based on best evidence, to avoid any counter claims, especially if the employee suffers loss as a result of any comments that are false and or defamatory.
 Grand Theft Data; Data Exfiltration study: Actors, tactics and detection (2015)