This guide was last updated in May 2016
Often, the first step in attempting to prevent the unauthorised use of confidential data is to write to the perpetrators putting them on notice that the data remains confidential and should not be used in any way. If, as is often the case, the perpetrators are former employees this letter should also identify the relevant confidentiality provisions and restrictive covenants in their employment contracts, putting them on notice of your potential claim against them.
Undertakings should also be sought from the perpetrators that they will not use the confidential information, along with a request for all confidential information to be returned to you. However, in circumstances where the perpetrators refuse to provide undertakings or return the confidential data, it may be necessary to obtain an injunction to prevent them from using it.
Most thefts of confidential data are likely to leave a paper or electronic trail. In order to obtain a better understanding of the underlying facts behind the data theft, your civil fraud solicitor will work closely with your IT team and external IT forensics experts to review your electronic systems and databases. They will also discuss the systems and controls which were in place, and the potential harm that could be done to your business if the confidential information is subsequently used in an unauthorised way.
Applying for an injunction
An application for an injunction will need to be carefully considered and supported with a witness statement. Among other things, the witness statement must identify:
- that the information which has been misappropriated is truly confidential;
- the characteristics which make the information confidential; and
- why the injunction is necessary.
The application for the injunction could potentially be made without notice to the perpetrators, depending on the circumstances of the case.
Even if the perpetrators refuse to return the data or to provide the necessary undertakings that they will not use it, it still may not be appropriate to apply for an injunction. This could be because the legal tests for obtaining an injunction are unlikely to be satisfied on the facts of the case, or because the costs of obtaining an injunction are considered to outweigh the advantages of preventing the unauthorised use of the information.
Proceeding with litigation
If the perpetrators have provided the undertakings sought, returned the confidential data and agreed to pay a sum by way of damages and legal fees the matter is likely to have been resolved. However, it will still be necessary to document the terms of that resolution and to identify the consequences of any future unauthorised use of the confidential information by those third parties.
If you decide not to take any further action by way of litigation, you should seek professional advice on how best to protect your confidential information and the practical safeguards that you can put into place to avoid a similar incident occurring in the future.
If the matter is not resolved, at this stage you may decide to initiate proceedings against the perpetrators for the misappropriation and use of the confidential information where that use has caused you damage.
This will require the filing and serving of:
- a claim form;
- particulars of claim.
At this stage, civil proceedings against the perpetrators begin.
After the claim is served
Settlement may occur at any time before the trial takes place, although whether settlement is an appropriate course of action will depend on the circumstances of each case and the stage the parties at in litigation. In our experience, settlement discussions usually happen after a letter of claim (the first communication) is received, proceedings are issued and served, following disclosure or after exchange of witness statements.
After proceedings are served, the perpetrators will be required to file a defence. Both parties will then be required to attend a case management conference, where the court will set out the timetable to trial.
Disclosure must be conducted in accordance with the Civil Procedure Rules (CPR). This process requires both parties to inform the other side of any documents in their control which exist or existed and which they intend to rely on in court, or which adversely affect their own case or another party's case or which supports another party's case. It will include both making disclosure to the other party, and considering their disclosure.
Disclosure will cover both hard copy and electronic documents. The cost of the process will ultimately depend on the volume of documentation involved.
Witness statements will need to be drafted in readiness for trial. These will be used to provide evidence of the wrongdoing to the court by those individuals who are in a position to do so.
It may be necessary to call on expert opinion evidence in order to prove or disprove the case. The expert's role is to assist the court, not to act as an advocate for either party. Expert evidence is used to assist the court when the case before it involves matters on which it does not have the requisite knowledge. In cases to do with the misappropriation of confidential data, expert evidence is likely to be required in order to identify how that data was misappropriated and to quantify the losses that you have suffered as a result.
A significant amount of additional work will need to be completed in the run up to trial. Costs of preparing for trial will include the costs of corresponding with the other side's lawyers, agreeing and preparing bundles, cross-referencing documents and liaising with counsel.
The length of the trial will of course depend on the facts of each case. Factors which are likely to affect the trial length are the complexities of the fraud, the number of documents involved, the number of alleged perpetrators and the number of witnesses.
At trial, the judge will hear the evidence relating to the matter and decide whether the claims are successful. If successful, the judge will also decide the measure of damages and the costs to be awarded.