TECHNOLOGY REPORT






      employment.                       Hiring employers beware                        that “every member of staff attends
        What should be worrying for employ-  Experience and depth of knowledge are key attributes that an   induction training at the start of their
      ers is detailed by Stevens. He says that   employer will seek in any new hire. And it’s possible that incom-  employment which covers all company-
      “confidential information can become   ing employees will have captured confidential information from   wide security procedures and policies”.
      part of an employee’s necessary skill and   their former employer. But as Pope explains, it “will usually be the   The process pays particular attention
      knowledge, and, in those circumstances,   subject of restrictions and new employers may find themselves   to confidentiality and what is expected
      employees are entitled to use that skill   subject to duties of confidentiality that prevent them from using it   from staff. But prior to employment,
      and knowledge when they leave and   in a useful way for their business – even if it is of a great commer-
      work for another company or competi-  cial benefit.”                             Ruda says that “all applicants go through
      tor”. However, an employer can try to   The problem, says Stevens, is that skills, knowledge, experience   a rigorous vetting process including
      stop them from doing so by way of a   and general know-how gained during employment can often be   Police Act Disclosures (repeated every
      post-termination restrictive covenant.  regarded as belonging to the employee – more often than not “dif-  two years), a verbal reference from a pre-
        Practical steps               ficulties arise when employee divulges more specific information   vious employer, two written references
        There are, however, practical and pre-  or uses contacts from their previous employment.”  from previous employers (covering a
      ventative steps that employers can take   And there is case law on the subject detailed by Pope: the 2021   five-year history), proof of identity and a
      to protect confidential information. For   case of Trailfinders Ltd v Travel Counsellors Ltd & others. Here 40   credit reference.”
      Pope, this means identifying what is   sales consultants at Trailfinders left to join a competitor which   Beyond that the company issues regu-
      important, protecting it, training staff   encouraged them to bring their customer contact lists; the con-  lar training questionnaires with a focus
      on the importance of protection, and   sultants weren’t warned that this might lead to a breach in confi-  on cyber security, data management and
      monitoring for any breaches.    dence.                                           GDPR. Further, there is regular training
        On the first, identification, Pope says   Pope highlights that “the Court of Appeal held that the competi-  and testing on data security “and our
      that firms should pinpoint the confiden-  tor was in breach of an obligation of confidence. Even though it   people receive annual refresher training
      tial information that it owns. This may   was not explicitly made aware that the information was confiden-  covering the stringent requirements of
      include intellectual property, such as   tial, it ought reasonably to have known that it was or, if unsure, it   ISO 27001, with the principal focus on
 Defend your data   it may be as simple as a list of client   in adverts or in interviews that confidential information is wel-  information security.”
                                      should have made enquiries as to whether it was”.
      marketing information and its brand, or
                                        So, to minimise the risk of trouble, firms should never suggest
                                                                                         Ruda recognises that statistically users
      names and contact numbers. He adds:
      “Once identified, that information
                                                                                       landscape, as a result, the company regu-
                                      Anything otherwise could result in a claim against the firm for
      should be appropriately labelled with   comed. Also, material in their possession should not be used.   are the weakest point in the security
      ‘confidential’ or ‘not to be disclosed   losses. Similarly, incoming employees should be asked to confirm   larly runs internal ‘phishing’ exercises to
      externally’, securely stored, and handled   whether they have any restrictions in their previous employment   familiarise staff with the ways scammers
      accordingly.”                   contract that will impact on their new role. Lastly, Stevens has   can dupe individuals into disclosing sen-
        Stevens is of the same view and sug-  seen previous employers seek to protect information through the   sitive information. The company is for-
      gests that firms make it clear to employ-  courts, which could include issuing an injunction in order to   tunate to, as Ruda comments, have a
      ees when information is sensitive by   restrain the use of the information: “A previous employer may   very low turnover of staff. But when staff
      marking emails or documents as ‘confi-  seek damages or an account of profits from the employee and/or   leave, he says that they are subject to exit
      dential’. He would also ensure that cer-  the new employer. There are also risks associated with the use of   interviews that “explain the ongoing
      tain key information is circulated to   confidential information which is otherwise protected.”   implications of company confidentiality.
      limited numbers of employees only.  Registered copyright or a patent is a good example which firms
        The key benefit here for Pope is that   will want to prevent a former employee – or a new employer –   We also have a comprehensive account
      “understanding which employees have   from using in the future.                  closure procedure in place to ensure that
      access to information will assist when it   In summary                           data is dealt with according to require-
      comes to justifying the employment                                               ments”.
      contract protections that need to be put   Confidential information is by its very nature valuable, and   Ruda emphasises that the company
      in place”.                      firms should take great care to protect it against loss and misuse.   “has invested heavily to ensure confi-
        Next comes the need to protect data   Similarly, employers should ensure that they are not put in a posi-  dentiality and minimise the risk of data
      through contracts and policies to ensure   tion where they might be accused of abusing another’s protected   leakage.” To illustrate this, he explains
      there is a legal disincentive against infor-  information.                       that email and data are monitored for
      mation and intellectual property being   CASE STUDY                              certain words and number sequences to
      poached.                                                                         detect any anomalies. Ultimately, Ruda
        For Stevens, an obvious way to do this   TALL Group
      is to put in place effective security meas-  Martin Ruda, group managing director of the Tall Group, says   says that for the security print industry,
      ures for information such as password   that all of the company’s employees are made “very aware that   the integrity of data is of the highest
      protection and encryption.      security and confidentiality is of paramount importance”. He adds   importance for all organisations.


      www.printweekmena.com                                                                  December 2022 PrintWeek MENA  27