By Kate Potts - 26 October 2017
Prior to the release of the iPhone X in September this year, a US based vlogger uploaded a video showing an organised visit to the Apple site in California with her father, who was working as an Apple engineer. On their visit to “Caffè Macs”, the onsite employee cafeteria, the vlogger shared some of the new functions of the phone including its all screen-no button design, its photo capability, and the new Animojis based on face recognition technology. The vlog went viral and Apple asked the vlogger to take the video down.
The vlogger has since taken the video off YouTube (although many copy-cat videos are still online) and she has released a follow-up vlog stating that Apple have “let him [her father] go”.
The story presents a useful opportunity to think about how to avoid confidential information being leaked, and how to deal with leaks if they do happen.
The first step in protecting your business’ confidential information is to assess:
Once you’ve thought about these key points, you should review your existing policies and employment contracts and consider whether they provide the guidance and protection you need, in accordance with the business’ risk profile.
After updating your policies and employment contracts (if necessary) you should think about rolling out refresher training or notices focusing on the confidentiality obligations and why they are important to the business. Posters at tea points, staff meetings, firm-wide emails, and department-led training are all good opportunities to remind employees about their obligations, and avoid any later suggestion that employees “didn’t know the rules”. Perhaps if the vlogger’s father had properly understood the rules, he wouldn’t have allowed his daughter to film and share the new iPhone.
Dealing with leaks
If an employee leaks confidential information in the UK, employers should consider what action is proportionate. Employers who can show they have carried out the kind of training mentioned above will have an easier job justifying disciplinary action for confidentiality leaks.
If the information has already made it into the public domain through others’ leaks (as was alleged in this case), employers will have to consider whether that information is still confidential. If not, it will be more difficult to justify dismissing an employee. A written or final written warning may be considered as appropriate action.
If an employer decides to dismiss an employee because of a confidentiality breach, and that employee has more than two years’ service, employers will have to consider the fairness of the dismissal (including carrying out a fair process) in order to avoid a potential claim for unfair dismissal. The seriousness of the breach, the position held by the employee, and what the contract and the handbook say about confidentiality and gross misconduct, will all form relevant parts of the consideration. The standard of conduct required to constitute gross misconduct is high, and should generally be treated with caution by employers if they want to avoid claims for unfair dismissal.
Employers should also consider whether the confidentiality breach could amount to a protected disclosure for the purpose of whistle blowing legislation. If so, employers will have to tread carefully to avoid claims for automatic unfair dismissal and detriment.
If the employee has passed on information to a competitor (perhaps after accepting a job offer) and/or the employer believes there is a risk of further disclosures, legal action in the High Court against the employee and/or competitor might be appropriate. Employers might seek an injunction to prevent further disclosure, damages and/or the return of any confidential information still in the employee’s possession (as well as the recovery of legal fees).
The story presents a good opportunity for employers to review their confidentiality guidelines in employees’ contracts and handbooks, and make sure that employees and managers are clear about their obligations. Being pro-active in carrying out this kind of review should help prevent leaks happening, and will make dealing with any leaks that do happen easier to manage.