In an article first published by Thomson Reuters, Managing Associate, Annabel Mackay, considers recent decisions concerning employees who sent confidential information belonging to their employer to their personal email accounts on the grounds that it could assist them in future litigation against the employer.  Annabel considers the cases of Brandeaux Advisers (UK) Ltd v Chadwick and Farnan v Sunderland Association Football Club Ltd, as well as relevant actions by regulators.

Employees face an uncertain time in the workplace as employers continue to look for ways to reduce costs, whether through restructuring, outsourcing or greater reliance on contractors.

It does not usually take an "at risk" meeting or performance management discussion for employees to realise what lies ahead. With everything on email, employees no longer need to enter the workplace out of hours or loiter conspicuously around the photocopier to gather material that might assist them in a future dispute. High volumes of information can be transferred at the click of the mouse and, depending on the sophistication of an employer's IT systems, it may take some time before this transfer of data is detected. What are the implications where employees decide to arm themselves in this way?

In Brandeaux Advisers (UK) Ltd v Chadwick, the High Court considered the case of a former employee who had sent emails from her work account to a private email address. The emails had only been disclosed to her solicitor and had been retained to assist her in connection with her tribunal and wrongful dismissal complaints. Chadwick had also carried out a compliance role for Brandeaux and wanted to be able to refer to the material in the event that any questions regarding her compliance work arose in the future.

During her employment Chadwick suffered from stress-related ill-health due to workplace responsibilities, her relationship with her manager and other personal circumstances. She was dissatisfied with her bonus but failed to secure an increase. An incident occurred at work where she was found in her manager's office searching through papers to locate a draft document that she needed. Chadwick apologised for that behaviour but there was a disagreement on the same day about certain responsibilities being removed. One Sunday she began emailing a huge volume of material home. This activity was resumed out of hours on the Tuesday and continued until the equivalent of around 49 box files had been amassed.

Three months later, Chadwick's role was made redundant and she was put on garden leave. During the garden leave period, the transfer of data was discovered and she was dismissed for gross misconduct. An injunction restraining Chadwick from divulging the material was granted. There was a dispute about the scope of a delivery-up order and whether Brandeaux had been entitled to dismiss her summarily.

Chadwick argued that the documents were required to protect her legitimate interests and legal rights. She argued that she should not be required to deliver up material relevant to legal or disciplinary proceedings brought or threatened by her former employers. The High Court accepted that her objective was: "to arm herself for the future in any disputes with Brandeaux or with the regulators which might arise". Chadwick had emailed a vast quantity of information, regardless of relevance, in the event that it was useful in a future dispute or regulatory enquiry. The explanations which Chadwick offered for her behaviour were "lawyers' justifications".

The High Court found that Chadwick had committed a serious breach of trust, entitling Brandeaux to dismiss her summarily. It was "doubtful if the possibility of litigation with an employer could ever justify an employee in transferring or copying specific confidential documents for his own retention which might be relevant to such a dispute". With regard to the retention of documents to show to a regulator, the court noted that there were no regulatory problems at that time when the material was transferred. In any event, even if there had been such a problem, it was doubtful that an employee was entitled to copy documents to a private computer to show to a regulator.

A similar situation arose in Farnan v Sunderland Association Football Club Ltd. Farnan had been hired by the club to find sponsorship deals. His relationship with the chief executive officer deteriorated to the point where he felt that he was being undermined and that his days at the club were numbered. The club discovered that he had been sending work emails to his wife's personal email account. Some of these emails concerned administrative matters where his wife provided him with support. Others included requests for his wife's advice on work-related matters.

A third category of emails, however, called for a "different analysis". These emails contained confidential information which Farnan had "banked" to protect his interests in the event of a future dispute with the club. Farnan argued that this was legitimate and permitted under his service agreement. The High Court rejected this argument. The service agreement made it clear that confidential information could not be used for non-business purposes and he had not received authorisation from the board to build up a private bank of confidential information at home or on his wife's personal email accounts. This conduct was a serious breach of the service agreement. The court referred to the Chadwick case and another case, Tokio Marine Kiln Insurance Services Ltd v Ms Yi Yang, where it was confirmed that pre-empting the usual disclosure process by transferring or copying confidential documents was invalid. It concluded that the club was entitled to terminate Farnan's contract for gross misconduct.

As well as providing grounds for summary termination, the act of "banking" confidential information for a future dispute or for other purposes can have serious implications from a regulatory perspective. In proceedings before the Lloyd's Enforcement Board, Henley, an underwriter who had been employed at a Lloyd's managing agent, accepted a charge of discreditable conduct for appropriating confidential information of commercial value to her former employer. Under the terms agreed by the parties and approved by the Lloyd's Enforcement Board, Henley was ordered to pay a fine of £23,000 and was subject to a notice of censure. She was also ordered to pay £14,280 in costs. The notice of censure recorded that she had not benefitted financially or otherwise from her conduct. The act of sending emails home, however, breached the standards expected by Lloyd's of an underwriter, in addition to the terms of her employment contract.

Earlier this year, the Information Commissioner's Office (ICO) also reported that an employee who had emailed details of 957 clients (including their contact details, purchase history and commercially sensitive information) to his personal email address for use at a competing employer had pleaded guilty to an offence under s 55 of the Data Protection Act 1998. He was fined £300 and ordered to pay £405.98 costs and a £30 victim surcharge. Other examples of similar fines for emailing personal data to a private email can be found on the enforcement section of the ICO website.

The act of sending confidential information home for private purposes in breach of established IT security policies and procedures and may also feed into the assessment of fitness and propriety under the Senior Managers and Certification Regime. In assessing fitness, criminal convictions, adverse findings in civil proceedings and disciplinary matters may be taken into account. An employee is expected to be open in his/her dealings inside and outside work and the act of storing confidential information for future litigation may cast doubt on whether the individual is trustworthy, fair and accountable, even if they do not intend to disseminate that material to third parties. All the surrounding circumstances would need to be examined but employees who pre-empt the disclosure process and ignore IT security arrangements may be subject to criticism from a regulatory perspective.

The employment law and regulatory implications of sending confidential information home are therefore significant. An employee may find that legitimate complaints about their employer's past conduct are undermined completely or that any compensation recovered is reduced for contributory fault. As the court noted in Brandeaux, employees take a "great risk" whatever their view as to their rights. Farnan was described as "the author of his own misfortune". The temptation to "bank" data should be resisted and employees advised to keep a contemporaneous record of events and seek specific disclosure of key items through the court processes.

Key contacts

Meet the team