Case Study: Employee Data Theft

We detail how we assisted a business who had an ex-employee steal company data. We state the situation within the case study and how we helped manage the fallout from employee data theft.

the background

Our client purchased a list of contact data to whom they would send marketing emails. The data could only be used by our client, and not resold or shared in any way. The seller ensured this by including monitoring emails in the data to ensure the data was not being misused.

the challenge

Some time after the purchase, the seller of the data contacted our client to advise that the data had been misused. They had identified a competitor of our client emailing the contacts contained in the data, including the seller’s monitoring emails. The seller then imposed additional charges, after which our client sought our assistance.

the solution

We advised our client to carry out an investigation, in which they found a former employee had stolen the data and given it to a competitor. After reviewing the former employee’s contract, we identified restrictions on confidentiality and drafted a letter highlighting the theft of the data to both the employee and their new employer, inviting them to remedy the situation.

We drafted a letter for our client to send to the (ex)employee, pointing out that:

  • Taking the data was an act of theft;
  • It contained personal data, to which he was not entitled to take, and was therefore an offence under data protection legislation
  • He had breached his contractual terms in relation to misuse of confidential information.

The letter invited the employee’s proposal to remedy this situation.

We drafted a letter for our client to send to the employee’s new employer to invite their comments:

  • On whether they had induced the employee to breach his contract with our client;
  • On whether they had conspired with our client to commit an act of theft and/or breach the Data Protection Act.

The letter invited the employee’s new employer’s proposals to remedy this situation.

the result

The employee admitted what they had done, and paid the additional costs incurred by the seller of the data. They also confirmed in writing that the data would not be used again, and the undertakings were drafted by us, meaning any breaches would be considered as a Contempt of Court. This meant our client was safe from future proceedings and was not liable to pay any further costs.

how to start working with sentient

Looking to improve your businesses HR services?

Check out more information on our services, and get in contact with us. Get the conversation started on improving your business’s HR processes by enquiring with Sentient’s HR outsourcing team.