Legally, What Can I Do When My Company's Data Has Been Stolen?

Introduction

The Centre for Strategic and International Studies has calculated that cybercrime costs the global economy as much as £600bn a year with the Cabinet Office reporting the cost to UK business alone totalling £41bn in 2018.

The majority of businesses operating today have to operate online effectively to survive, yet alone prosper. Customers and employees alike demand constant connectivity with the “Internet of Things” (machine-to-machine communication via sensors which operate and leverage data from cloud storage) being just the tip of the iceberg.  Evidently, the sheer volume of data is increasing with more data being created in the last two years than in the entire history of the human race.  By 2020, a third of all data will be stored in the cloud with an estimated 26 billion connected devices worldwide.

There is no doubt that technology in the next 5 years will develop at an unprecedented rate which will pose many complex security issues and challenges for businesses. Whilst from a strategic standpoint businesses will (to varying degrees) adapt with these technological changes, they must not forget to take the simple steps to ensure they are protecting their confidential data and doing what they can, from a legal perspective, if confidential data is stolen.

Your biggest threat is still....your employees

A Cisco survey of more than 1,000 UK employees showed that whilst 61% of respondents thought their company had a security policy that 48% claimed they weren’t concerned about it as it didn’t affect them. Alarmingly 39% said they thought it was their employer’s responsibility to protect data and not theirs.

Whilst businesses cannot protect against all developing external threats, many (if not the majority) of businesses are not doing all that they can to protect themselves from internal ones. Staff awareness and training is an essential component in reducing accidental data breaches but on a more fundamental level, businesses need to ensure their own house is in order and protected from deliberate internal breaches before considering the external threats. A study conducted by the Ponemon Institute in the US found that 59% of employees who either quit or are asked to leave take confidential or sensitive business information upon their departure.

Protect what your business can control

A company’s confidential data is, in most cases, one of its most valuable assets with customer databases, trademarks, patents and trade secrets giving a company a competitive edge in their market.

Simple steps like ensuring that employment contracts clearly define what the company’s confidential data is, or ensuring that contracts with suppliers clearly define and manage the movement of confidential data (be it collaborative or otherwise) as it is passed down the supply chain, are often overlooked.In addition to employment contracts, companies should have in place and review regularly, polices on the use of mobile devices, social media and a data theft policy which sets out what steps employees should take if confidential data has been stolen (or lost).

Some pertinent questions that all businesses should be able to answer:

  • What IT security systems have you got in place to prevent data theft
  • What measures are in place to prevent data theft by employees?
  • Are there any easy ways to detect a data theft?
  • Do your employment contracts contain a sufficient definition of confidential information and restrictive covenants which are relevant to your business?
  • Does your company have a handbook which contains policies dealing with the use of social media?
  • Are employees aware of, and regularly reminded of, their duties of confidentiality?

What options do I have legally if confidential data has been stolen?

If confidential data has been stolen by an employee (or ex-employee), there are a range of legal remedies which can be sought to discover not only the extent of the theft but to assist with the recovery of the information (and your legal costs).

Search Orders

A Search Order is a form of injunction which we can obtain on your behalf which allows us to enter and conduct a search of the individual’s premises (this can be a business and /or a home address). The Search Order will allow us to seize any relevant evidence. Due to their draconian nature, obtaining a Search Order can be difficult to obtain from the Court but Freeths have extensive experience in obtaining Search Orders and ensuring a successful outcome if such is required.

Delivery up Order

A Delivery Up Order is a type of injunction which forces the Defendant to immediately give back all stolen information (including hard copy confidential information and often copies of computers and other electronic devices). If such an Order is not complied with individuals can be held in contempt of Court, be fined or sent to jail. Freeths have experience in both obtaining Delivery Up Orders and contempt of Court proceedings and have successfully obtained custodial sentences against individual not complying with a Search/Delivery Up Order.

Freezing Orders

In instances where there is a risk of the individual dissipating their assets in the face of a legal claim, we can help you to ensure that these assets (bank accounts, properties, shares, etc.) are frozen. This helps guarantee that any damages awarded by the Court will be recoverable once the legal proceedings have concluded.

If you have any questions on the contents of this article, or the legal remedies available to your company we would be more than happy to discuss these will you via email, or on the telephone.

Please contact Petya Koycheva on 0345 128 6979 or at Petya.Koycheva@freeths.co.uk.

 

The content of this page is a summary of the law in force at the date of publication and is not exhaustive, nor does it contain definitive advice. Specialist legal advice should be sought in relation to any queries that may arise.