The return of data theft and covenant breach in the recruitment industry - May / June 2010
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
May / June 2010 The return of data theft and covenant breach in the recruitment industry
contents INTRODUCTION
Introduction 2 As the recruitment industry starts to recover, so the likelihood of wrong-
doing by consultants who choose to hop from agency to agency or set up
Trends 2 in competition on their own grows. As lawyers specialising in this area, we
forecast a sharp increase in 2010 in incidents of data theft and breaches of
What information is taken? 3 covenant by consultants as the industry begins to bounce back from 18 months
of recession.
Who are the perpetrators? 3
15 years’ experience advising and litigating in this industry has taught us that
How is the information taken? 4 the most valuable assets of a recruitment company are its relationships with
its clients and candidates and the corresponding records stored on a database.
The telltale signs 5 While they are employed, consultants work tirelessly to develop, maintain and
record these relationships for the benefit of the company. However, the same
Prevention is better than cure 6 consultants often appear confused as to who owns that relationship and the
data when they leave to join a competitor or set up on their own.
What information can you protect? 6
This report seeks to build on and refine statistics compiled by us in this area
Protecting relationships 7 from over 130 data theft and covenant breach cases that we have prosecuted
for recruitment industry clients in the past three years. The primary purpose
Taking Action 8 of this report is to provide those involved in the recruitment sector with an
understanding of the key areas of risk, based upon our experience of dealing
How do you prevent data theft and enforce your covenants? 9 with problems of this type, so that you can take action to protect your business
and mitigate the financial exposure caused by such conduct.
Conclusion 10
Since the third quarter of
2009, we have seen a rapid
Trends
increase in the number of
data theft cases.
From an analysis of our caseload during this period, the recruitment industry
experienced a straight line increase in data theft and breach of covenant from
the beginning of 2007 to the third quarter in 2008. However, as the economy
went into meltdown in quarter four, 2008 and the full effect of the credit
crunch was felt throughout the recruitment industry during quarters one to
three in 2009, the number of data theft cases fell to its lowest level since the
late 1990s. This may in part reflect constraints in our clients’ litigation budgets.
However feedback from client business units re-enforces our conclusion that
a downward trend in the business cycle led to lower staff turnover and fewer
instances of unscrupulous behaviour by rogue consultants. Essentially, during
the recession, recruitment crooks went into hibernation and this is reflected
in the nature of the work that we have advised upon during this period.
Since the third quarter of 2009, we have seen a rapid increase in the number
of data theft cases as market pressures have eased and businesses look to
fill short and longer term positions. This is an alarming rise but not entirely
unpredictable. With this, the need for businesses to take swift action to
enforce their restrictive covenants has increased. This is a trend which the
industry should ignore at its peril.
1 2What information is taken? How is the information taken?
Amongst the cases that we have prosecuted in the past three years, by far The most common method for employees to transfer stolen data was via email,
the most common category of stolen, confidential data has been client and accounting for 53% of cases. The second most common method involved
applicant contact details: 86% of cases. The next largest category of stolen data employees printing out lists of contacts and other documents. The use of
(7% of uncovered information theft) was company financial information USB memory sticks, iPods, CDs or DVDs to download and store stolen
(internal accounts, price structures, business plans, projections and forecasts). information accounted for 15% of cases. Given the low cost, ease of use
In 5% of cases, employees stole contractual documentation and confidential and ease of concealment (given the ever reducing size of such devices), this
information relating purely to the employer’s relationship with its clients. In figure has risen significantly. Three years ago it accounted for less than 5%
the remaining 2% employees took web design plans and other intellectual of theft.
property to assist in creating a new start-up business.
As technology continues to advance, the way an organisation protects these
assets needs to be continually revised and updated. The advent of social
networking sites such as LinkedIn will make businesses more efficient and
Who are the perpetrators? profitable. But these sites are also a goldmine of opportunity for the data thief.
Between 2007 and 2010 we have seen cases involving theft of information
On a gender basis, between 2007 and 2010, a staggering 70% of data theft 14 via social networking sites increase by 125%.
cases in the recruitment sector were orchestrated and carried out6 by males, 8
77 7
operating alone or in groups. Only 21%3 percent of data theft was committed 15
by mixed groups. Lone women or groups of women committing data17 theft
53
(9%) are rare in our experience. 67% of thefts were carried out by individuals
3
acting alone.
%
17
We have seen cases involv-
py
By far the most common ing theft of information
Co
category of confidential data via social networking sites
rd
that was stolen was client increase by 125% between
Ha
and applicant contact details. 2007 and 2010.
Email 53% USB memory sticks,
DVD, CD, etc 15%
So
cia
lN
et
wo
r kin
g
7%
Oth
er
8%
3 4The telltale signs Prevention is better than cure
Employees who choose to steal confidential information or breach their Prosecuting data theft is one thing. Still, having effective and up-to-date employ-
restrictive covenants do not want to get caught. ment contracts in place is by far the most effective way of preventing theft
of confidential information and protecting against unfair competition. While
3 77 6 14
In 93% of cases, the employer did not discover the theft of the confidential it is outside the scope of our survey, putting in place and maintaining such
information until after the employee had already left the business. Prevention contracts continues to make up a large part of our work with the recruitment
57 3 31 is always better
7 than cure2and this statistic leads us to conclude that businesses sector. Significant value can be added to a recruitment business by avoiding
3 77 6 14 are still not implementing adequate IT security measures to prevent and problems in the first place. Ensuring employees are completely clear on what
detect theft the moment systems have been compromised. they can and cannot do when they leave is vital, and businesses need to be
57 3 31 7 2
assured that enforcement, if it becomes necessary, is as swift and pain free as
The chart below depicts how our clients first realised that they had been a possible. If proper contracts are in place, recruitment businesses are ahead
victim of theft of confidential data: of the game in pursuing employees who are looking to compete unfairly.
Employment contracts for recruitment companies must contain certain
fundamental provisions that will aid the company in protecting the business
when a consultant leaves. Database policies, email and internet policies and
effective confidential information clauses are all part of a recruitment business’
External Tip-Off 57% armoury in this regard. The key protection, and the trickiest provision in any
contract, is the set of post-termination restrictive covenants that should
appear in every consultant’s contract, along with anyone else who has access
Whistle Blowing 3% to confidential information, has contact with clients and candidates, or is
influential on other members of staff.
Businesses still do not have If proper contracts are in
in place or implement ad- Internal Security Checks 31% place, recruitment busi-
equate IT security measures nesses are one step ahead of
What information can you protect?
to prevent and detect theft the game when it comes to
the moment systems have By Chance 7% pursuing employees who are
The implied duty of confidentiality that exists in every employment relation-
been compromised. looking to unfairly compete.
ship only gets recruitment companies so far. A properly drafted confidentiality
clause is crucial to ensure that there is no doubt as to what information is
Other 2%
regarded as confidential. In addition, we recommend that clients include an
appropriate right of search to check belongings for stolen databases, an email
and internet policy authorising searches of employees’ emails and the monitoring
0 15 30 45 60 of computer use to ensure that there is no drip-feed of confidential information
out of the organisation. A statement of database rights also leaves consultants
in no doubt that recruitment companies consider their database to be
0The majority of cases
15 of data theft and
30 covenant breach45were discovered by 60 extremely valuable, that it can be protected and that the company in question
clients through external tip-offs. For instance, an existing client or candidate will fight hard to protect it.
told the business that they had been contacted “out of the blue” by the former
employee, having not previously registered with the competitive agency.
Internal security measures such as monitoring email accounts and introducing
alert systems to computer equipment helped to detect 31% of the instances
of data theft. Often though, the evidence of wrongdoing emerged by chance.
In one case, the business just happened to review a LinkedIn account and
noticed that there had been a mass migration of its business contacts to the
individual’s personal network just before that employee resigned.
5 6Protecting relationships Taking Action
Departing consultants can do serious damage to a recruitment business without You should act swiftly to preserve evidence of wrongdoing and take legal steps
stealing anything at all. Recruitment is an industry built on relationships, and to recover your data and enforce your covenants.
failure to put in place effective restrictive covenants can fundamentally affect
profitability through loss of staff, clients and candidates. While recruitment There are many options available to your business. By far the most powerful
companies cannot prevent departing employees from taking clients and is to seek the High Court’s assistance in obtaining an injunction. There are a
candidates indefinitely, effective restrictive covenants will give these companies range of Orders that the Court can grant which include the following:
breathing space and a chance to shore up valuable relationships in order to
prevent them walking out the door with the employee. Such provisions can The Search Order
also lay the bases for the type of actions described below.
Often referred to as the “nuclear weapon” in legal circles, this allows a physical
Restrictive covenants are difficult to enforce and need to be properly drafted search of any relevant premises of the persons that have misappropriated and
at the outset of employment. They need to be considered carefully to ensure misused the confidential information. The Search Order allows you to ‘preserve’
that they protect the legitimate business interest of the company, are reason- the evidence of wrongdoing before an individual has an opportunity to destroy
able in time and area, and are no wider than necessary. This is why restrictive or conceal it.
covenants need to be tailored to the individual business having regard to the
type of client, where its business comes from and where it sources its The Computing “Imaging” Order
candidates from. There are many forms of restrictive covenants, including
restrictions on competing per se and restrictions on the solicitation of and This type of Order allows for a copy to be taken of all of the Defendant’s
dealing with key candidates, clients and employees. We also believe that computer systems (and other electronic storage devices) so as to preserve
the poaching of employees will become an increasingly big concern in the your confidential data and any evidence of wrongdoing that may be held on
recruitment industry as the market recovers. Non-poaching and team move those systems. More often than not, the key evidence is found on computers
clauses should therefore be considered for senior individuals who have rather that hard copy documents.
influence over a team.
Recruitment is an industry
“Doorstep” Delivery-Up Order
built on relationships, and The poaching of employees
In the last couple of years, we have seen Courts taking a more relaxed view
failure to put in place effective will become an increasingly
on restrictive covenants. They are allowing longer and wider restrictions to This is a similar order to a Search Order but the aggrieved party and their
restrictive covenants can fun- big concern in the recruitment
be enforced when departing employees are looking to compete, but it remains solicitors are not allowed on the premises unless invited. Instead the suspect
damentally affect profitability. industry as the market recovers.
crucial to obtain proper advice on individual restrictions in order to ensure must, literally, hand over any material he has stolen to your lawyers.
their enforceability. Contracts also need to be up to date and checked every
couple of years, and they need to be signed in order to protect their enforce- Restraining Injunctions
ability.
The above Orders can be combined with restraining injunctions so that suspects
are prevented from using stolen information and must disclose what they
have done with it. It also ensures that they comply with post-termination
restrictive covenants.
This is just a sample of the many options which are available in helping you
protect your confidential information.
7 8How do you prevent data theft Conclusion
and enforce your covenants?
Data theft and unfair competition remains a real threat to all recruitment
The best approach is to take proactive steps rather than simply closing the businesses and as the state of the economy continues to improve that threat
stable door after the horse has bolted. will become greater. Recruitment companies must act now to ensure that
they take the necessary steps to prevent this problem from becoming
Consider the issues below to gauge how well this is currently being done in widespread. We are here to help you.
your business:
– What measures are in place to prevent data theft by employees? How Mishcon de Reya
would you detect it if your data was stolen?
Recruitment Specialists: Fraud Recruitment Specialists: Employment
– How secure are your IT systems?
Dan Morrison Daniel Naftalin
– Do your contracts of employment contain a definition of confidential Tel. 020 7440 7124 Tel: 020 7440 7242
information and restrictive covenants and, if so, are they specifically tailored Email: dan.morrison@mishcon.com Email: daniel.naftalin@mishcon.com
to your business?
Rob Wynn Jones Will Winch
– Do you regularly seek to enforce your contracts? Tel: 020 7440 7443 Tel: 020 7440 7292
Email: rob.wynnjones@mishcon.com Email: will.winch@mishcon.com
– Does your company handbook contain policies dealing with the use of
social networking sites by employees? Hugo Plowman Jennifer Millins
Tel. 020 7440 7149 Tel: 020 7440 7137
– Are you aware of the technological steps you can take to protect your Email: hugo.plowman@mishcon.com Email: jennifer.millins@mishcon.com
assets?
Rhymal Persad Susannah Kintish
– Have you experienced data theft in your organisation in the last two years? Tel. 020 7440 7424 Tel: 020 7440 7166
What did you do? Have you implemented any lessons learnt? Email: rhymal.persad@mishcon.com Email: susannah.kintish@mishcon.com
– Does your company have a high staff turnover?
– Are employees aware of, and regularly reminded of, their duties of
confidentiality?
– Does your business suffer from a culture in which data theft is tolerated
(“these are my contacts not yours”) and restrictive covenants are seen to
be unenforceable?
9 10Mishcon de Reya Summit House 12 Red Lion Square London WC1R 4QD T: +44 20 7440 7000 F: +44 20 7404 5982 E: contactus@mishcon.com www.mishcon.com
You can also read
