Ex-employees sued for £15m over data slurpage ordered to pay up just £2
Firm ‘missed the jackpot’, says High Court judge
The High Court has agreed that a company’s former employees who took thousands of confidential files away on USB sticks when they quit the firm were indeed naughty – and ordered them to pay damages of just £1 each.
Marathon Asset Management sued James Seddon and Luke Bridgeman for £15m after business information was copied from company servers when the two left.
The two quit with the aim of setting up a rival firm called Seculum.
The information was not actually used after they left – and Marathon claimed that they should pay damages for the potential value of what they had taken, rather than any actual gains made.
Marathon claimed that 40,000 files were taken by Bridgeman, who shared them with Seddon. Mr Justice Leggatt, sitting in the Commercial Court, noted that 37,000 of these were the entire contents of Bridgeman’s email account. Of the rest, Bridgeman only accessed 52 files – and of those 52, just 11 contained any client information. In turn, 7 of those 11 files were Powerpoint presentations made to clients.
“There is no evidence to suggest that Mr Bridgeman (or Seculum) derived any material benefit from looking at these documents,” said the judge. “In circumstances where the misuse of confidential information by the defendants has neither caused Marathon to suffer any financial loss nor resulted in the defendants [making] any financial gain, it is hard to see how Marathon could be entitled to any remedy other than an award of nominal damages.”
Although Bridgeman admitted liability, and Seddon was found to have breached Marathon’s confidence and his contract of employment, Mr Justice Leggatt said “Marathon has missed the jackpot” as he awarded nominal damages of £1 each in favour of the company.
The judge also noted that metadata about when Bridgeman accessed the stolen files on one of his laptops had been erased after he installed Windows 10. The delay in taking a copy of its contents for forensic purposes was not explained. ®
Source: The Register – Security @ February 23, 2017 at 09:42AM