26 October 2018

Can you keep a Secret? Non-Disclosure Agreements, Trade Secrets, Use, Abuse and the New Law, Barnsley 22 Nov at 16:00

Author Willh26
Licence Creative Commons Attribution share alike 4.0 international
Source  Wikipedia

At whom is this talk aimed?
Primarily people with bright ideas that are  not yet ready to be launched such as inventors, designers, entrepreneurs and other creatives but it should also be useful to angel and private equity investors, lenders and their professional advisers.

What will it cover?
Everything.  What is meant by "confidential information", "obligations of confidence", "non-disclosure agreements ("NDA") and "trade secrets".   How the law of confidence operates.   How the new Trade Secrets Directive alters the law.  Uses of NDA   What can be protected and what can't.  Drafting a confidentiality agreement in the light of the new law.  How a confidentiality agreement can be enforced.  Interim injunctions. How to resist and discharge them.  Likely risks and costs.

What about handouts?
Everybody who attends the course will receive by email a full set of slides and other teaching and reference materials.

How much will the course cost?
Nothing but you must register here in advance.

What are the speaker's credentials? 
You will find my profile here.

How do I get to The Business Village?
The full postal address is:

The Business Village @BarnsleyBIC
Innovation Way
S75 1JL

It is a very short drive from the junction with the M1 at Dodworth. It is also close to the town centre.  There is usually plenty of free parking on the site.   

If you come by public transport it is served by several bus routes to the Interchange station.

Are you planning to give this talk elsewhere?
Yes.  All over the UK.  The  next stop will be London.

Where can I get more information?
Call me on 020 7404 5252 during office hours or send me a message through my contact page.

25 October 2018

Morrisons' Appeal FAQ

Morrison's head office in Bradford
Author Michael Ely
Licence Creative Commons Attribution Share Alike 2.0
Source Wikipedia

Jane Lambert

The retailer, Wm Morrison Supermarkets Plc ("Morrisons"), is one of Yorkshire's biggest companies and the fourth largest supermarket chain in the UK.   On Monday, 22 Oct 2018 it lost its appeal against the judgment of Mr Justice Langstaff that it was answerable for the misdeeds of one of its members of staff who had posted personal details about all its employees on to a file sharing site on the internet.   The staff member, who was convicted of offences under the Computer Misuse Act 1990 and the Data Protection Act 1998, acted out of spite because he had a grudge against his employer.  I blogged about the Mr Justice Langstaff's judgment in Morrisons - Primary and Vicarious Liability for Breaches of Data Protection Act 1998 in my data protection blog on 11 Dec 2017 and on the appeal in The Morrisons Appeal - Vicarious Liability for Enployees' Breaches of Confidence and Statutory Duty yesterday.

Why is the Appeal in the News?
Except in so far as it might be argued that Morrisons should have been more careful when recruiting, monitoring and supervising staff, the supermarket chain was an innocent party.  It now faces a potentially massive claim for compensation from its employees as a result of that data security breach which is exactly what the perpetrator had intended.

The thought that the court was helping him achieve that object troubled Mr Justice Langstaff which is why he gave Morrisons permission to appeal his judgment. 

On the other hand, Morrisons' employees whose personal details were exposed have rights under the Data Protection Act 1998 and at common law.  They could sue the person who breached their rights but he is serving a custodial sentence for his crimes. If they are to get any compensation they will have to claim it from their employer.

So why should Morrisons be liable?
Both Mr Justice Langstaff and the Court of Appeal held that Morrisons were liable for the misdeeds of its employee under a doctrine known as "vicarious liability". That has nothing to do with vicars.  "Vicarious" in this sense simply means "in place of".  It is a rule of law developed by the judges in a succession of cases that enables claimants who can't get damages from the person who harmed them to sue the wrongdoer's employer.

How does Vicarious Liability work?
The first thing to say is that employers are not liable for every misdeed that their employees may do.  If a member of staff robs a bank on his day off the bank cannot sue the bank robber's employer because that would be absurd.  But if the employee hurts someone while doing his job - say a delivery driver runs down a pedestrian while driving his van - then most people would say that the van owner (or rather its insurer) should pay.

In a previous case against Morrisons involving one of their petrol station attendants one of the Supreme Court justices set a simple two stage test:
  • The first step is to ask "what functions or 'field of activities' have been entrusted by the employer to the employee, or, in everyday language, what was the nature of his job?" and
  • The second is to consider whether there is a sufficient connection between the position in which the wrongdoer was employed and his wrongful conduct to make it right for the employer to be held liable for his wrongdoing.
The Court of Appeal and trial judge applied that test in this case.  The wrongdoer had been given the personal files together with instructions as to what to do with them in the course of his work as an internal auditor.  That was enough to make Morrisons vicariously liable.

That still seems a but hard on Morrisons
Maybe but the alternative was to leave the employees without a remedy.  The Supreme Court judge who set out the test said that the risk of an employee misusing his position is one of life's unavoidable facts.  The Court of Appeal said that the solution was to insure against that risk.  When you think of it, the position is no different from the position of a van owner who insures against accidents caused by his employees when carrying out their everyday tasks.

I believe that Data Protection Law changed on 25 May
That is correct.  The General Data Protection Regulation ("the GDPR") and the Data Protection Act 2018 came into force on that day.  The new Act repealed the Data Protection Act 1998.  However, the new legislation provides for claims against  data controllers. I blogged about the topic in Claims by Data Subjects against Data Controllers and Processors under the GDPR on 5 Jan 2018.  A claim on similar facts would probably be decided the same way under the new law.

Is this the Last Word on the Topic?
Not necessarily.   Radio reports said that Morrisons hopes to appeal to the Supreme Court.  Even if there is no appeal or the appeal fails it is possible that other courts will seek to distinguish or explain the decision in future cases.

Where can I find Further Information?
You can find lots of information on data protection law including the GDPR and the new Act in my data protection blog.   If you want to discuss this case or data protection generally call me on 020 7404 5252 during office hours or send me a message through my contact form.