How companies can protect their crown jewels

As the country gears up to the coronation of King Charles III, we are reminded that the royal family are not the only institution to be in possession of highly valuable crown jewels. In fact, almost every company in the country has them, but rather than being jewel encrusted treasures, they are a little more mundane but equally as valuable and usually take the form of details of the company’s clients and customers, their spending habits and preferences.

Unlike the royal family, most commercial organisations do not have the luxury of the Tower of London or Beefeaters to guard their prized possessions. However, there are tools that might not look as magnificent, but are equally as effective and generally does not mean investing large sums in software or security measures.

However, it does involve paying a lot of attention at the start of an employment relationship and what is in the documentation. The worst offenders are generally start-ups, who focus on investment and funding and little on basic contractual provisions. Overnight the company can find itself worth millions and they are then on the back foot. The worst contract I have seen in 35 years did not start well when it described the employee’s role in the company as ‘Gorgeous Greek Bird’.

Essentially there are two key ways of protecting the crown jewels in any business: (1) a tailored contract that spells out restrictive covenants and confidentiality provisions specific to that business and that employee and (2) policies that prevent certain basic behaviours and which are enforced – combine the two and you create your very own Tower of London.

The employment contract

The starting point is a well drafted contract, which is signed by both parties (much overlooked but pretty essential for enforcing restrictions) and it is worth spending some money having this tailored to your business, rather than using standard documents from e.g ready available legal resource/ insurance backed HR providers. The drafting of restrictive covenants is very technical and outside the ability of many lawyers, never mind HR professionals and so it is important to seek specialist legal advice. Just rogue word can invalidate all of the restrictions.

Include a specific clause making it clear that all LinkedIn connections made whilst an employee are the property of the company and so must be deleted when an employee leaves and before they announce where they are going to next. The cases have been clear that employers can enforce such clauses and employees who notify their current company contacts via LinkedIn of their next move will be in breach of the non-solicitation covenants in their contract and liable for any damages suffered by their former employer if clients move across.

The contract should also say that at the end of employment an employee should have to give written confirmation that they have not downloaded or sent to their home email any confidential information belonging to their employer and that they have returned all company property and information and the signing of this confirmation should be rigorously enforced. If an employer later discovers that the employee has sent their confidential information to their personal email, or downloaded it all to a data stick, this signed piece of paper will broaden the options available.

The policies

Many senior managers wrongly regard HR as a bit of a nuisance, the fun police whose sole aim in life is to stop them from running the business as they would like. Nothing could be further from the truth but where HR really come into their own is in the policies they write and implement. A business should also ensure that policies are in place which specifically bar an employee from sending emails to their home email address or copying documents onto USB sticks. This means that when their computer is forensically examined once they leave, and it is discovered that they have done this in breach of policy, this makes persuading a judge to grant an order without their knowledge, a lot easier (see below).

The IT policy should give an express right to an employer to monitor the employee’s emails for the purposes of ensuring that they are complying with the policies and procedures of the company and the specific right to look at anything accessed via the employee’s work computer, as well as the ability to enter the employee’s home to inspect an employee’s home computer after they have left to ensure that confidential information has been deleted from it.

Restrictive covenants

These are clauses which say that after the employment has ended the employee cannot e.g work for a competitor, solicit clients they previously dealt with, or deal with them. They will also contain restrictions on interfering with suppliers and soliciting former colleagues.

Companies should not be tempted to impose a blanket restrictive covenant for all employees irrespective of their role, if they do this it makes it harder to enforce as clearly no thought has gone into the specific risk and the legitimate aim that they are trying to protect. Consider each role and what risk they present and tailor the covenants and as employees are promoted then review and amend their restrictions. Do not just insert an arbitrary period of restriction as a court will not impose?a lesser, more reasonable, period, they will just strike out the whole of the restriction for being unreasonable.

If an employee has confidential information about the company’s plans and strategy then this can be protected through a ‘non-compete’ clause, preventing them from working for a competitor for a period of time. The length of this will be determined by how long this information will remain confidential for. Although associated with senior employees, it can apply to more junior ones if they too possess confidential information on e.g pricing in a very small and specialised market. There is an urban myth that such clauses are not enforceable – they certainly can be if properly drafted and used in the right circumstances.

For those in sales and account management then to protect client contacts a non-solicitation and non-dealing covenants must be used. These must be for no longer than will be necessary for a new contact to build up the relationship and how long that is will be determined by how frequently there is interaction between the employee and the client. Restrict it to those that they personally dealt with in the 12 months prior to termination.

Although the government is currently consulting (again) over the use of restrictive covenants, as the law stands at the moment, they play an important part in an employer’s armory when defending the Crown Jewels – but they are not the only ones.

Confidentiality clause – the employer’s real ‘Tower of London’

One of the most important clauses in the employment contract is the confidentiality clause, and it is astounding how many times this is missing or says that confidential information is ‘anything which is confidential’ without giving specifics which renders it useless.

Although there is a common law duty of confidentiality, it is limited and although there is some protection for databases and also the possibility of using the Data Protection Act criminal sanctions if the information taken contains personal data, they also have conditions which need to be met. It also takes time and an employer should not have to be falling back on any of this when there are other much easier and quicker steps that can be taken.

An express contractual confidentiality clause should be tailored to your business and, if properly drafted, is much easier to enforce than a restrictive covenant, when the court will look at the covenants length and breadth as well as the consideration given, when it was entered into and the drafting.

Attempted attacks on the Tower of London

In all the injunctions I have obtained over the years they have all had a common theme – my client has taken action to enforce the confidentiality provisions and not the restrictive covenants. The ex-employee may have taken actual pieces of paper or business cards with client details on, which the ex-employee has signed to say she/he has returned. They may have emailed complete databases of clients to personal email addresses when the policy says not to; or new enquiries have been diverted to personal email addresses prior to leaving - but their actions have all served one purpose – to convince a judge in a private (ex-parte) hearing (the ex-employee is not invited) that this ex-employee has the appearance of someone who is up to no good and that alerting them by giving three days’ clear notice of an injunction application is likely to lead to them trying to destroy the evidence.

So, what we ask for is on the face of it very innocuous – a neutral order that says that the ex employee must not destroy this confidential information we think they have and that they must come along in three days’ time to the court to defend themselves and our further application that the confidential information must be delivered back to our client, together with an explanation as to what they have done with it in the intervening period.

However, although the order is fairly innocuous, the practical effect of having a High Court order served on you personally, which comes with a warning in bold red letters that failure to comply may lead to imprisonment, generally seems to have the desired effect – the ex-employee seeks legal advice, they tell their solicitor what they have done and the solicitor explains how much trouble they are in and that early settlement should be their top priority. The ex employee pays most of our client’s costs and agree to everything we have asked for.

The only occasion when service of an order did not immediately appear to have the desired effect was when an ex-employee had also been ordered to hand over the password to her personal email account within hours of being served with the order and had failed to do so. When I rang her and asked why, she said that she had received the papers and decided to go shopping. Giving her the benefit of the doubt perhaps she felt her wardrobe was not sufficiently equipped for a High Court hearing three days later or indeed a spell in prison, although she never made it to either as shortly after the shopping trip and granting us access to her personal email account, she took sound advice and the case was settled.

There are of course exceptions – the ex-employees who decide to act for themselves and not take advice, believing that a court will not make a costs award against them as litigants in person. That one always ends in profound disappointment on their part. Or the group of senior managers who think they have been so clever in their plot to set up a rival company and take all the business but have not considered the lowest common denominator – one of their number who has left access into their personal emails wide open as the password is autosaved on their work laptop and revealed numerous emails laying bare their plans in all their glory. However, more often than not it is customers of our clients, who still have the ex-employee’s email address with our client autosaved on the computer, and send an email confirming their next meeting – to the wrong address.

In conclusion

To ensure that the Tower of London remains impenetrable it is important to review documentation regularly, update contracts on promotion or job moves, and consider what risks the company faces if an employee was to walk off with the crown jewels. Even if the necessary policies and contractual provisions have not initially been included in contracts and handbooks it does not prevent an employer from introducing them – but take legal advice before doing so!