What counts as confidential information when an employee leaves?

Answer

When an individual moves to a new role, they take valuable skills and knowledge which they will use for the benefit of their new employer. Where this happens, particularly where an employee moves to a competitor, it can be difficult to draw a line between information that an employee can legitimately use in their new position as part of their own experience, and specific information which should not be disclosed even though the terms of their former employment contract have ceased to apply.

Trailfinders Limited, a UK and Ireland based travel agent, issued a claim against four of its former employees, alongside rival agency Travel Counsellors Limited (TCL). Trailfinders claimed that, after leaving in 2016 to join TCL as travel consultants, these former employees had made use of Trailfinders' trade secrets, in breach of implied terms of their employment contracts and/or equitable obligations of confidence owed to Trailfinders. Trailfinders also alleged that TCL acted in breach of confidence through having received its confidential customer information and having allowed its former employees to exploit such information for TCL's benefit.

What information might an employee access?

Established case law broadly identifies three classes of information to which an employee may gain access during the course of their employment, and how they might be permitted to use it going forward.

Information which is not confidential (eg, information already in the public domain)

An employer cannot impose any duty of confidence on its employee in respect of such information, simply because the information is not secret. It can be freely disseminated, shared and used by the employee when they move to a new employer.

Confidential information acquired during the normal course of employment which remains in the employee's head, and becomes part of their own experience and skills

The general duty of good faith owed by an employee to their employer means that this type of confidential information should only be used for the benefit of their employer, and restrains the employee from misusing such information (such as disclosing the information to the employer's competitor) – during the course of their employment. However, this duty comes to an end upon termination of employment. If it is carried away in the employee's head after the employment has ended, it may then freely be used for the benefit either of themselves or others (such as their new employer).

Confidential information in the form of specific 'trade secrets'

The general duty of good faith owed by an employee to their employer also applies to this type of confidential information. Such confidential information (eg, a secret process of manufacture, such as specific chemical formulae, or designs or special methods of construction) may not be used by the employee, while they remain secret, for anything other than the benefit of the employer – and this obligation extends beyond the course of their employment. An employee must not disclose or otherwise misuse such confidential information even after cessation or termination of employment.

Whilst seemingly simple, drawing a distinction between the different types of confidential information set out in points two and three above (hereafter referred to as "class 2" and "class 3" confidential information, respectively) is not always straightforward. Furthermore, employees and potential employers need to beware that simply because certain information might fall within class 2, does not necessarily mean it can be freely used or disclosed after the end of the relevant employment.

Where the class 2 confidential information has been retained by copying a document or deliberately memorising the information while still employed – although such acts may only become known after the employee has left their previous employment – case law confirms that such activities undertaken whilst still employed are liable to constitute a breach of confidence to the former employer (as a breach of their duties while in employment).

Where the class 2 confidential information is not exploited to earn a living, but is sold off to a third party – the possibility of liability where, instead of using their skills and experience to their own (or their new employer's) benefit, the ex-employee sells such confidential information to a third party, is still open to be determined by the courts.

Was the relevant information confidential?

In the case, the judge firstly had to satisfy himself that information relied upon by Trailfinders was in fact confidential (ie, to establish whether it could fall into class 2 or class 3). The types of information relied upon ("client information") included:

• clients' names, nationalities, dates of birth, passport details, and frequent flyer numbers;
• clients' contact details (home addresses, telephone numbers, email addresses);
• past and provisional trips booked with Trailfinders (including itineraries, hotel bookings, flight details and prices);
• booking reference numbers (used by clients to access Trailfinders' online trip portal, Viewtrail); and
• details of clients' budgets, interests, preferences, special requirements and booking trends (eg, for anniversaries or honeymoons).

The judge concluded the client information was class 2 confidential information. He dismissed TCL's argument that the client information could not be confidential because it had not been sufficiently protected by Trailfinders, on the basis that it could only be accessed via an ID and alphanumeric password allocated to each employee, plus the individual client. He also rejected submissions that Trailfinders had not made its employees aware of the confidential nature of such information and at least some of the information was publicly available.

How had the former employees procured the client information?

While compiling a list of contacts and relevant information to be uploaded to TCL's system ahead of his starting date, one of the ex-employees (the Second Defendant, or D2) took details of a 'small number' of clients from Superfacts (Trailfinders' software system) by copying the information onto a sheet of paper on the last day of his employment. It was suggested that this was simply for expediency and that the information could have been obtained from other sources (such as D2's own knowledge, personal accounts/devices and publicly available sources). As such, D2 argued that the information he took from Superfacts was not confidential. In fact, details for more than 200 contacts were passed to TCL by D2.

D2 had also printed hard copies of information relating to a specific client, where D2 was in the process of booking two large trips for the client. D2 wanted the information so he could complete the bookings after he left Trailfinders.

The other ex-employee (the Fifth Defendant, or D5) had started to assemble his 'contact book' – containing the names, contact details, booking reference and other information about 136 of his clients – about six months before leaving Trailfinders. D5 acknowledged most of the information in the contact book had come from Trailfinders' Superfacts system.

In addition, both D2 and D5 admitted accessing Viewtrail (Trailfinders' online trip portal for clients) after they had left Trailfinders' employment: D2 on around 30 occasions in relation to 10 clients (claiming to have been granted permission orally from each of his clients), and D5 on 63 occasions in relation to 32 clients (claiming to have gained permission from 23 of them over the phone).

Had the former employees breached any duties to Trailfinders?

The judge confirmed that D2 and D5 owed to Trailfinders, firstly, an implied term of confidentiality in their contracts of employment not to use or disclose the Client Information (other than for Trailfinders' benefit) during the course of their employment (as per class 2 confidential information above) and, secondly, an equitable obligation of confidence extending beyond the term of their employment with Trailfinders, but with a narrower scope (as per class 3 confidential information above), in that it did not cover experience or skills acquired during the normal course of their employment with Trailfinders. However, the judge noted that, while Trailfinders could not prevent D2 and D5 generally from using information held in their minds when they left Trailfinders, this excluded information which was deliberately memorised.

It was held that the information D2 copied from Superfacts (including that relating to his specific client) was, at least in part, beyond his experience and skills. The copying of such information during the term of his employment was in breach of the implied term in his employment contract, and the uploading of that information onto TCL's system and its subsequent use was also in breach of his equitable obligation of confidence to Trailfinders. The fact that the information could have been available from other sources was irrelevant. However, the judge was unable to say that D2 did not have permission from each of his 10 clients to access their information on Viewtrail.

Turning to D5, the judge was not convinced that this defendant had obtained permission from any of his clients to access their information on Viewtrail (there was no documentary evidence and, during cross-examination, he admitted that he did not have permission in the majority of cases). The judge dismissed D5's arguments that Trailfinders had sanctioned the compilation of the contact book, and similar arguments regarding the fact the information was publicly available elsewhere. D5 was found to have breached the implied term of his employment contract in compiling his contact book and the equitable obligation using it thereafter. D5 was also in breach of his equitable obligation to Trailfinders when he accessed Viewtrail after he left Trailfinders' employment to obtain and use information about his former clients.

Was there any breach by Travel Counsellors?

A duty of confidence is imposed on a new employer if it received information it knew, or ought to have known, was fairly and reasonably regarded as confidential. By its business model, TCL expected and encouraged potential consultants (such as Trailfinders' ex-employees) to bring with them details of existing clients to begin building their client portfolio.

The judge considered it "highly improbable" that TCL would have believed Trailfinders would not regard its customer lists as confidential, particularly because TCL viewed its own equivalent information as confidential. Further, a reasonable person within TCL's operations would have been aware that at least part of the information brought by D2 and D5 was likely to have been copied – there was too much for them to have memorised it.

It was held that TCL ought to have known that it was in receipt of information which Trailfinders reasonably regarded as confidential, and, therefore, the obligation of confidence imposed on TCL had been breached.

Practical tips for employers

All employers should educate their employees about their confidentiality obligations. Express terms regarding the use and treatment of confidential information should be included in their employment contracts. Policies regarding the use of confidential information should also be implemented and regular training provided to all staff about the identification and protection the confidential information to which they might have access within their specific role, for example, securing confidential information (by locking away physical copies, password-protecting electronic copies, limiting and keeping records of access requests, and so on).

Whenever employees leave a business, as part of the exit process employers should conduct an audit of what confidential information to which the employee has had access. Their confidentiality obligations to their former employer should be reiterated to them and employees should be required to confirm in writing (as appropriate) that they have returned all electronic and physical copies of confidential information – to ensure all that is being taken is in the employee's head – and to acknowledge such particular confidential information (including trade secrets) to which they have had access during their employment. Depending on the circumstances of the departure, it may be prudent for access to highly-confidential documents to be monitored and/or blocked to the departing individual, to reduce the risk any unauthorised copying or printing of such materials.

If an employee is joining your business from a competitor or otherwise, be cautious if they appear to have more information than they could possibly have remembered (an excess of client information, product pricing, design details, ingredient or component lists). If you know, or ought to know, that such information would fairly or reasonably be regarded as confidential, there will be a duty of confidence imposed – even though no contractual relationship exists between you and the former employer. A good indication might be whether you would treat such information as confidential if it belonged to you, but you should also make enquiries with the employee as to by what means the information came into their possession. Turning a blind eye to the source of the information will not absolve you from liability.

Note on data protection: Although it was not considered as part of the claim before the Intellectual Property Enterprise Court (and it is therefore outside the scope of this note), employers also need to be live to issues regarding data protection – in particular, dealing with potential breaches, if they become aware that a former employee has taken any form of personal data.

Rose Smalley, James Love and Patrick Cantrill are lawyers Womble Bond Dickinson. Rose is an associate, James is a partner and Patrick is senior counsel – they are all based at the firm’s Leeds office