21st October 2014



 Issue No.  2014/16





Every employer will have commercial and sensitive data that they would wish to remain confidential and not fall into the hands of competitors. However, problems can arise when employees leave employment to work for a competitor taking commercially sensitive information (client lists / pricing structures) with them.

Dependent upon the contract of employment and post termination restrictions (restrictive covenants), an employer may be able to obtain an injunction and / or seek damages for any loss arising from the breach of the confidentiality clause or restrictive covenants etc. But this can be a costly and timely process. 

A recent criminal case is a good reminder that an employee who takes sensitive information may also face criminal sanctions under the data protection legislation.

A paralegal employed in a firm of solicitors, was prosecuted for illegally taking sensitive information of over 100 people before leaving to work for a rival firm.  The contact information was contained in 6 emails sent in the weeks prior to him leaving, which he hoped to use in his new employment.  The information contained template documents, workload lists, file notes. They contained sensitive personal data relating to individuals involved in ongoing legal proceedings, which he took without the permission of his former employer.

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of ‘fine only’ - up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court.

In the Magistrates court, the paralegal was fined £300, ordered to pay a £30 victim surcharge and £438.63 prosecution costs.

The Information Commissioner’s Office continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use (or misuse) of personal information.

Employers will inevitably process personal data and they and their employees, with this in their job role, need to know that anyone who processes personal information must comply with the eight principles of the Data Protection Act. These make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with employee's rights
  • Secure
  • Not transferred to other countries without adequate protection

If you need any help with this or any other matter, do not hesitate to contact us on 08456 446 006. 





Employment Law
Health & Safety
Personnel / HR
Food Safety
Food Hygiene
Management Training







Making sense of it all


Sentient - Training


Sentient adj ...

"capable of perception"

"capable of independent thought"


Can we help you?
If you think so, please contact us at advice@sentientuk.co.uk or call UK 08456 446006

To subscribe for these E-mails click here or to access our archive of previous E-mail Updates please click here.  

Click here for details of the services available on our website. 

Our current Open Course Training Programme is available to view here

Follow us on Twitter @SentientUk

The advice and comment in this update is not meant to be an authoritative statement of law. The articles and summaries should not be applied to any specific set of facts and circumstances without seeking further advice. Whilst every care is taken to ensure that the content is correct Sentient cannot accept responsibility for the accuracy of statements made nor the result of any actions taken by individuals after reading such.

To unsubscribe to this information newsletter please click here and complete the unsubscribe form on our site.
Warning do not click this link unless you wish to be removed from this update newsletter.