Employer Liable For Employees’ Unauthorised Use Of Rival’S Customer Database

An employer has been held liable for its employees’ unauthorised breach of a rival’s Database Rights after the employees copied and used the database to target their rival’s customers.

An ex-employee of gas company Flogas had passed an unauthorised copy of a database of Flogas customers to his old sales director. The database included the customers’ names, addresses, contract dates and the prices they were paying. The sales director then went to work for a competitor – market leader Calor. He passed the database to Calor’s head of marketing who used it to mailshot Flogas’s customers, with specific offers designed to entice them to switch suppliers.

Flogas found out and complained. Calor disciplined and dismissed the sales and marketing staff involved, stopped the mailshots and destroyed the relevant marketing materials. Flogas nevertheless claimed compensation for breach of its Database Rights by Calor’s employees on the basis that Calor was vicariously liable for their actions.

A person has Database Rights if he has made a substantial investment (whether financial, human or technical) in obtaining, verifying or presenting the data in the database. Database Rights are automatic and do not need to be registered. If they apply, it means the owner of the database can stop someone else extracting or reusing all, or any substantial part, of the database except in certain limited circumstances.

The High Court found that a substantial part of Flogas’ database had been extracted from the company’s systems and its Database Rights had, therefore, been infringed – despite Calor’s attempts to put things right. It also ruled that Calor was vicariously liable for its employees’ actions as their wrongful conduct could “fairly and properly be regarded as effected by [the two employees] while acting in the ordinary course of the firm’s business or the employee’s employment”.

Calor was ordered to pay Flogas some £250k to compensate it for:

• the customers it lost because of Calor’s mailshot;
• the income it lost from those customers who were able to negotiate reduced prices because of the mailshot;
• management time spent managing the effect of the breach, including hiring computer forensics experts.

However, a claim failed in respect of compensation for loss of potential income from customers who Flogas said it would have won had there been no mailshot.

Recommendations

Employers should ensure that:

• Employees are subject to appropriate restrictions on using their employers’ confidential information, or disclosing it to unauthorised persons. They should be made aware what information is confidential and cannot be used and disclosed to third parties.
• Policies and procedures make clear any data brought into the business, particularly by new employees, are identified and checked for potential breaches of third party database rights and/or other intellectual property rights such as copyright.

Case ref: Flogas Britain Ltd v Calor Gas Ltd [2013] EWHC 306