Provided by Atom Content Marketing Ltd
A monthly checklist of new and pending laws, regulations, codes of practice and rulings that could have an impact on your business
Case law: employer liable for employees' unauthorised use of rival's customer database
Employers should make sure their employees are subject to appropriate restrictions on using confidential information, or disclosing it to unauthorised persons, following a recent ruling on Database Rights.
An employer was held liable for its employees' unauthorised breach of a rival's Database Rights after the employees copied and used the database to target their rival's customers.
A person has Database Rights if he has made a 'substantial investment' (financial, human or technical) in obtaining, verifying or presenting the data in the database.
Database Rights are automatic and do not need to be registered. If they apply, it means the database owner can stop someone else extracting or reusing all, or any substantial part, of the database (except in certain limited circumstances).
An ex-employee of gas company Flogas passed an unauthorised copy of a database of Flogas customers to his old sales director which included customers' names, addresses, contract dates and the prices they were paying. The sales director went to work for a competitor and passed the database its head of marketing who used it to mailshot Flogas's customers - with offers designed to entice them to switch suppliers.
Flogas complained and the rival company took action against the staff involved, stopped the mailshots and destroyed the relevant marketing materials. Flogas claimed compensation for breach of its Database Rights by the rival's employees on the basis it was vicariously liable for their actions.
The High Court found that a substantial part of Flogas' database had been extracted from the company's systems and its Database Rights had, therefore, been infringed - despite the rival's attempts to put things right. It also ruled that the company was vicariously liable for its employees' actions as their wrongful conduct could "fairly and properly be regarded as effected by [the two employees] while acting in the ordinary course of the firm's business or the employee's employment". The rival company was ordered to pay £250k compensation.
Employers must make clear to workers what information is confidential and cannot be used and disclosed to third parties. Policies and procedures should be reviewed to make sure they make clear any data brought into the business (particularly by new employees) are identified and checked for potential breaches of third party database rights and/or other intellectual property rights to avoid the risk of litigation.
Case law: court gives guidance on whether notice to end supply agreement was 'reasonable'
Businesses will welcome useful guidance High Court on when notice to end an agreement is 'reasonable'.
Following the ruling, parties to an agreement should make sure it makes specific provision for termination of the agreement on notice. If they don't, they risk uncertainty in applying the 'reasonable' test.
In this case, an agreement for the supply of clothing did not expressly say it could be terminated by giving a specific period of notice. In those circumstances the law says an agreement can be terminated on 'reasonable' notice, whether the agreement is oral or in writing. The customer under the contract purported to terminate the supply agreement on nine months' notice, but the supplier claimed that was too short to be reasonable.
The court ruled that what is 'reasonable' depends on the circumstances, and gave useful guidance on the factors to take into account, including:
- usual practices in the relevant market;
- how formal the agreement is: the more formal, the longer the notice period must be before it is 'reasonable';
- the parties' knowledge of when the relationship was likely to end, and the timing of negotiations leading up to termination.
The court also ruled that the relevant time for assessing whether a notice period is reasonable is when the notice is given. In this case, the court ruled nine months was a reasonable notice period.
Case law: businesses relying on retention of title clauses may face unintended consequences
Businesses operating on a model under which their contracts state they retain ownership of goods sold until they have received payment are advised to understand the impact of such clauses should problems arise.
Two recent decisions highlight the potential consequences if a customer sells the goods to an innocent third party before the customer itself has paid for them. Clauses in a contract stating that the seller remains the owner of goods he has sold until it is paid for them are known as 'retention of title' or Romalpa clauses by lawyers.
The facts of the two recent cases are complicated but they involved purported sales of goods to a third party by a buyer in circumstances where:
- the buyer had bought the goods from its supplier on credit;
- according to the agreement between the buyer and the supplier, the buyer did not own the goods until the supplier had been paid;
- the buyer had not paid the supplier for those goods when it sold them to the third party.
The supplier argued that the buyer had sold goods to the third party when it did not own them. In each case the Court decided the retention of title clause was valid, and title to the goods had not passed to the customer.
In such cases, title potentially passes to the innocent third party on the sale of goods by a 'non-owner' - with further legal implications. A supplier must therefore make sure it understands the different potential outcomes that can arise from its customers' activities under retention of title clauses. Specialist legal advice on retention of title clauses is highly recommended.
Case law: businesses can be penalised in legal costs for unreasonable failure to mediate before going to court
Businesses involved in litigation must consider offers to mediate with the other side (or other forms of alternative dispute resolution) to try to resolve a dispute. If they unreasonably refuse to do so, they risk being unable to recover their legal costs.
A tenant did not pay for dilapidations despite being asked to by the landlord. The landlord carried out the repairing works and claimed £1.9m in court. However, the tenant argued that the property was worth the same before and after the repairs, therefore as the landlord had suffered no reduction in the property's value, it was not liable to pay anything.
The landlord made several formal offers to settle the dispute and, crucially, invited the tenant to take part in mediation in what the court described as 'a thorough, carefully thought through and apparently sensible mediation proposal'. The tenant did not reply to the invitation, despite several reminders.
On the day of the hearing the landlord accepted the tenant's counter-offer of £700,000. Usually, the court would order the landlord to pay the tenant's legal costs from a date 21 days after the tenant's offer was originally made, on grounds the landlord should have accepted it within that time frame and saved the tenant from having to take further advice.
However, the court ruled that the landlord did not have to pay those costs: the tenant's conduct amounted to an unreasonable refusal to mediate which should be penalised. The tenant appealed and its arguments included that the landlord's acceptance of its offer of £700,000 showed its refusal to mediate was reasonable.
The Court of Appeal found that the £700,000 did not necessarily represent the value of the claim – such offers were commonly lower than the real value of the claim. Various factors in the case also made mediation eminently suitable in this case. The tenant's appeal was dismissed.
Case law: more companies fined for corporate manslaughter
Small and owner-managed companies are reminded of the need to make sure their procedures and practices are fully compliant with health and safety laws, following the conviction of two small companies for corporate manslaughter.
In the first case, an animal feed mixing company in County Down pleaded guilty to corporate manslaughter after an employee was pulled into a mixing machine for animal feed in what the court described as a needless accident. The company pleaded guilty in exchange for dropping charges of gross negligence manslaughter against an individual director.
The Sentencing Guidelines Council indicates fines for corporate manslaughter will seldom be below £500,000 and can reach millions of pounds. In this case the court fined the company £100,000 plus costs of £10,000
In the other case, a water sports firm was fined £135,000 in all, including costs following the death of an 11-year old girl. Again, charges against an individual director were dropped.
These are the fourth and fifth successful prosecutions for corporate manslaughter and each have involved small, owner-managed companies (reflected in the size of the fines) and all but one has pleaded guilty. Pleading guilty in return for not pursuing personal cases against directors is likely to continue. A further four cases are pending.
Companies should routinely carry out thorough health and safety risk assessments to identify and guard against the risk of potential accidents at work.
Case law: court gives guidance on tenants' liabilities to repair at end of lease of new property
To what extent should tenants repair a property at the end of a lease of premises that were originally leased as new premises? Landlords and tenants will welcome judicial guidance on a tenant's repairing obligations at the end of the lease under standard repairing covenants - particularly in relation to roof lights.
A tenant was nearing the end of a 15-year lease of a warehouse and offices. The lease contained the usual full repairing obligation, to put the property back in the condition reasonably fit for occupation by the class of tenant likely to take the premises at the beginning of the lease.
However, the property had been brand new at the beginning of the tenancy and the relevant 'class of tenant' was, therefore, a tenant looking for brand new premises. Much of the disrepair to the building – discoloured roof lights, wear and tear on the concrete floor, damage to doors and cladding, dirty walls - would have been acceptable to a tenant taking a lease of the property now, as a 15-year old property, but not to a prospective tenant looking for new premises.
The High Court gave useful guidance on what this meant in relation to various items of disrepair. Notably, in relation to roof lights which are often the most common and expensive problem on expiry of a lease of a new property, the court ruled the landlord could claim for the costs of repairing/cleaning the roof lights so they let in the same amount of light as at the start of the lease, were weather-proof and were structurally sound.
The court said there had been a visible and significant worsening in the light let in by the roof lights, in that artificial lighting had to be used in circumstances where it would not have been required when the property was first let.
Landlords and tenants of premises originally let from new should make sure they are clear on the tenant's liabilities to repair the property at the end of the lease, particularly in relation to roof lights.
Case law: self-reporting data breaches does not grant immunity from fines
Businesses should not be deterred from owning up to and reporting data breaches, despite a ruling of the Upper Information Rights Tribunal that self-reporting will not give organisations immunity from being fined.
Failure to report serious data breaches is likely to attract heavier sanctions than any fine imposed following self-reporting; and the ICO looks favourably on companies that self-report.
In a recent case, an NHS trust appealed a decision of the Information Commissioner's Office (ICO) to fine it £90,000 over a breach of the Data Protection Act that it had self-reported.
The trust's appeal to the Upper Tribunal failed because it would be wrong for immunity from fines to automatically follow self-reporting a data breach. It would be an 'arbitrary' outcome that would undermine the effectiveness of and public confidence in the regulatory regime.
Businesses are advised to make sure that they are proactive when detecting data breaches by self-reporting, and dealing with the breaches by following the ICO's advice on containment and recovery.
- Download guidance on data security breach management from the ICO website
Case law: ruling changes how organisations define 'personal data' for data protection purposes
Organisational data controllers must make sure they are clear how they define 'personal data' for the purposes of their data protection policies and procedures, following a High Court decision.
Data protection laws apply if an organisation is processing 'personal data' whether held electronically, in paper form or in any other form. 'Personal data' is defined as data:
- relating to a living individual;
- from which that individual can be identified, with or without other information which is in the possession of, or is likely to come into the possession of, the data controller.
Personal data includes any expression of opinion about the individual, and any indication of the intentions of the data controller or any other person in respect of the individual. It could include names, addresses and contact details; and it could include information about, for instance, an individual's online browsing behaviour.
Any individual can ask to see (and is entitled to copies of) personal data held about them; they must be told how their data is being processed, and who is entitled to see it.
In a landmark Court of Appeal decision in 2003 ('Durant'), the court ruled that the fact that someone's name appears in a document does not, in itself, make it 'personal data' -otherwise data protection law could be used as 'an automatic key' to force disclosure to individuals of any information in which their names are mentioned.
The court said data will only be 'personal data' where its inclusion in the document affects the named individual's privacy. This hinges on whether the information is biographical; and whether the focus is on the named individual, or whether the mention of the individual's name is peripheral to the purpose of the document.
But the High Court has recently downplayed the importance of the Durant decision, saying the Durant test should be applied only in 'exceptional' circumstances. In most cases, organisations should be able to decide whether data is personal by a common-sense interpretation of the wording in data protection law. The Durant test is a fall-back to be used only where the legal definition creates uncertainty.
If the matter was still unclear, organisations could resort to the test in An Opinion on the concept of personal data ('WPO'), adopted by a Working Party established by Article 29(1) of EU Directive 95/46/EC on personal data, together with consideration of the Information Commissioner's guidance in Determining what is personal data.
Data controllers are advised to review how they define personal data for the purposes of their data protection policies and procedures. In particular, they should reassess whether records previously outside their definition of 'personal data' will now be treated as within it and therefore have to be disclosed.
© Atom Content Marketing Ltd, 2013