Blow to business protection as firm receives just £2 after ex-employees take data

Michael McCartney, a Partner at Fladgate LLP, talks about the implications of a recent high court ruling on business protection

Two employees, who downloaded thousands of confidential files before quitting to set up their own firm, were made to pay just £2 to their previous employer by the high court, which should set off alarm bells for employers.

The case highlights the growing cyber risk to companies and the need to create cohesive and robust internal and external policies to manage the risk.

Marathon Asset Management claimed two of its senior employees, James Seddon and Luke Bridgeman, copied highly confidential and potentially valuable material onto a USB stick to use in a competing business.

The information included a list of clients who had redeemed their investments with Marathon, which would have provided Seddon and Bridgeman with a readymade target list for future competing business.

Because of this potential, Marathon valued the information copied at £15m, however, the court rejected their claim and made an award of just £1 from each man, the nominal price that Bridgeman and Seddon would have agreed to pay Marathon to copy and retain the files before returning them.

Because it had not suffered any actual financial loss, Marathon based its claim on the hypothetical value of the information.

Crucially, forensic searches showed that only a small number of the files copied had actually been accessed by Mr Bridgeman and then only on a handful of occasions, while Mr Seddon appeared to have made no use of the material at all after it had been copied.

“There is no evidence to suggest that Mr Bridgeman derived any material benefit from looking at these documents,” said Mr Justice Leggett. “In circumstances where the misuse of confidential information by the defendants has neither caused Marathon to suffer any financial loss nor resulted in the defendants [making] any financial gain, it is hard to see how Marathon could be entitled to any remedy other than an award of nominal damages.”

Although Bridgeman admitted liability,and Seddon was found to have breached Marathon’s confidence and his contract of employment, the judge said “Marathon has missed the jackpot.”

The judge’s finding could have significant repercussions for business, especially around the idea of misuse only existing if the employee is still in possession of the data and is threatening to use it.

This approach offers little deterrent against widespread copying and retention of sensitive data by employees.

It would mean that a company could not expect a significant award unless there was also significant misuse.

The value of the claim  would hinge entirely on the ability to unearth evidence of material, widespread misuse, and it is this which should ring alarm bells for employers.

Michael McCartney is a Partner at Fladgate LLP, consistently ranked by the Legal 500 for his expertise in business employment law.