Legal briefing | IP & Technology, Commercial & Technology | 21 Jun 2012

Protecting your customer database - preventing misuse by ex-employees

Overview

One of your employees has left to work for a competitor. You suspect that they have taken a copy of your customer database with them. What can you do to stop them poaching your customers? The obvious course of action is to claim that they have broken their employment contract. But in this situation, database rights can often be a potent additional weapon.

Problems with employment contracts

Many employment contracts contain "no poaching" provisions prohibiting contact with customers of the business for a limited period. But even if you suspect that the ex-employee was behind an attempt to poach one of your customers, this can often be difficult to prove – especially if the attempt was made by a colleague of the ex-employee at his or her new place of work.

Restrictive covenants of this type can also be difficult to enforce because the rules on restraint of trade often give the ex-employee ample scope to argue that the restriction should not be upheld.

Database rights can be a potent weapon against misuse of customer data by ex-employees.

What about confidentiality?

You might be able to argue that the ex-employee is misusing confidential information. But much of the information in your customer database (such as contact details) is likely to be in the public domain and in practice, the courts have been reluctant to regard such data as being protected by the laws of confidentiality. Indeed, the real value of a database may be reflected in the effort which went into compiling it in the first place, rather than the confidentiality of the information it contains.

How can database rights help?

Database rights are a form of intellectual property right which can protect your investment in compiling your customer database. In order to prove that such rights actually subsist in your database, you will need to show that "substantial investment" went into the obtaining, verification and/or presentation of the information. Recent cases suggest that customer databases will often meet this requirement, even where much of the data they contain is not confidential.

No need for confidential data

In Crowson Fabrics v Rider (2007), two ex-employees of Crowson set up a competing firm using a copy of Crowson's customer database. Although Crowson failed to establish that there had been a breach of confidence, it succeeded in its claim for infringement of its database rights.

Remedies

If an ex-employee has copied and used your database (or a significant part of it) without permission, that will almost certainly amount to an infringement of your database rights (assuming, of course, that your database qualifies for protection). You might be able to persuade the court to:

  • issue an injunction preventing future use;
  • order the delivery up of the infringing copies; and
  • award damages to compensate you for the use made of your data. 

The broader picture

Although you may be able to rely on database rights as a form of protection, this does not mean you should ignore other legal remedies or means of safeguarding your business.

Contracts of employment – particularly the provisions relating to use of confidential information and restrictive covenants – remain a vitally important source of legal protection and will usually be the best place to start. But where ex-employees have taken physical or electronic copies of your customer data, database rights can often be a potent additional weapon.

Practical steps to protect information:

  • Put in place appropriate computer usage policies and define confidential information carefully
  • Inform employees that the company owns all rights in any database created
  • Control access to databases, in particular the ability to download copies to portable devices
  • Encourage employees to keep separate their work and personal contact details
  • Closely monitor system usage by employees who are working their notice period
  • Include "dummy" contacts in any customer lists – this may alert you to potential misuse and make it easier to prove infringement where your list has been copied

How we can help

Technology and intellectual property rights do not exist in a vacuum and problems like misuse of customer data often require a multi-disciplinary approach. That's why our technology specialists work closely with other parts of the firm, such as our Litigation and Employment Departments. Other recent examples of work on database-related issues include advising:

  • one of the UK's leading cosmetic surgery businesses on the misuse of its patient database by a surgeon who had recently moved to work for a competitor;
  • on the acquisition of a well known social networking website's member database by the UK's leading direct marketing business; and
  • a high-profile UK television production company and an online bookmaker on the data protection implications of losing a laptop and memory sticks containing sensitive and confidential databases relating to staff and customers.

FOR FURTHER INFORMATION, PLEASE CONTACT

Read Dan Reavill's Profile