looking after your database rights - Society for Computers & Law

 

With databases being a hot topic of debate (and the loss of data by various organisations, it is well worth bearing in mind the principles surrounding database rights. Here are some things to remember.

1. What is protected?

Database rights are protectable under the Copyright and Rights in Databases Regulations (1997 SI3032).

 

A database is defined as a collection of independent works, data or other materials which are arranged in a systematic or methodical way and are individually accessible by electronic or other means. A property right (database right) will subsist in a database if there has been substantial investment in the obtaining, verifying or presenting of the contents of the database pursuant to regulation 13 of the Database Regulations. One important factor is to keep a record of this "financial, human or technical resources" put into a database as proof of substantial investment in the obtaining, verifying or presenting of the contents of the database.

 

2. Who do database rights belong to?

Cureton -v- Mark Insulations Ltd [2006] EWHC 2279 (QB) 06/TLQ/0190

This case held that a company using independent consultants would not automatically own any database produced by those individuals, as would be the case if they were employees of the company in question.

 

Here Mark Insulations Limited (Mark) supplied home insulation and Mr Cureton and his employees operated under a verbal agreement which allowed them to sell Mark's services to customers. Mr Cureton built up a list of customers while promoting Mark and used it for his other business purposes. Following a disagreement Mark purported to terminate the verbal agreement and required Cureton to deliver up all property belonging to Mark including all customer details. Cureton brought proceedings for breach alleging Mark was not entitled to terminate and Mark counter claimed for all rights in the customer database. The Court was asked to decide the question of ownership of the customer database.

 

If Cureton had been employed by Mark, then the database would belong to Mark (subject to any agreement to the contrary) [Regulation 14(2) of the Database Regulations]. However since there was no express term as to ownership on the database, because of Regulation 14(2) [where Cureton was not an employee of Mark] and since the database in this case was made by Cureton, it belonged to Cureton, in the same way a salesmen’s notebook would have done in a pre-computer age.

 

The Court also held that the terms of Mr Cureton’s undertaking, to give up “all of Mark's documents, whether written or electronic” did not assist Mark; nor did the general law of agency.

 

3. What can be commercially exploited?

Attheraces Limited -v- The British Horseracing Board [2007] EWCA Civ 38; 2 February 2007 (appeal of Attheraces Limited -v- The British Horseracing Board [2005] EWHC 3015 (Ch), 21 December 2005)

The British Horseracing Board (BHB) submitted that it had proprietary database rights (amongst others) in pre-race data. BHB's belief, had it been correct, would have entitled BHB to prevent unauthorised persons from infringing its rights, and to enable BHB to use such database rights to require them to enter into a licence for use of the pre-race data.

 

The European Court of Justice (ECJ) gave a ruling the effect of which was that the use of pre-race data by the William Hill Organisation Ltd did not infringe BHB's database rights. It was held that BHB's investment in pre-race data was in materials which made up the content of its database and the verification of such creation. Its investment was not in seeking out existing independent materials and collecting them in a database and verifying the accuracy of the database on its creation and during its operation (which is the subject of protection), thus the pre-race data was not covered by the Database Directive.

 

Following the ruling of the ECJ, although it was no longer possible for BHB to prevent copying of pre-race data using proprietary rights under the Database Regulations and Directive, BHB could still exert contractual control of the supply of pre-race data provided directly or indirectly under contract by BHB. In other words, the ruling did not mean that if someone wished to obtain a reliable supply of pre-race data from BHB, that person could do so without charge. Valid contractual arrangements could instead be made relating to the supply of data by BHB and its authorised suppliers. BHB was entitled to charge contractually for access to its pre-race data product, even if the product itself was not protected by database rights.

 

Note also that if a party owns and uses a database then it should use copyright notices (© [Owner] [Year] All rights reserved) and some text to the effect that the set of data is protected by database rights.

 

4. Employees

Organisations often believe that procedures should be implemented to protect their databases from misuse by parties outside the organisation. However, it is sometimes the case that an organisation's database will be used in unauthorised ways by its own employees.

 

a) Pennwell Publishing (UK) Ltd -v- (1) Nicholas Patrick Ornstien; (2) Daniel Stanley Noyau; (3) Junior Isles; and (4) Energy Business Group Ltd [2007] EWHC 1570 (QB)

 

Here Mr Isles, an employee of Pennwell Publishing, listed his contacts on Penwell's Outlook system. The contacts included Mr Isles contacts from a previous job as well as contacts made by Mr Isles whilst he was employed by Penwell.

 

Mr Isles then went on to set up a competing business and argued that most of the contact list was personal to him. Here it was decided that:

 

  • because it was a single list it was not a personal list maintained by the employee and was not separate from work systems
  • where a list of addresses was contained on an employer's email program and backed up by the employer or by arrangement made with the employer, it belonged to the employer and could not be copied or removed by employees for use outside their employment or after their employment came to an end
  • the position would not change where the database was accessed not from the employer's computer but from the employee's home computer by remote access. In all those circumstances such lists were the property of the employer and could not be copied or removed in their entirety by employees for use outside their employment or after their employment came to an end
  • the employer was entitled to retain the database as delivered up and to a permanent injunction preventing use of it, but the employee was entitled to retain contacts made by him prior to his employment with the employer

 

b) TML Financial Solutions Ltd -v- More Business Ltd and others [2007] All ER (D) 341 (Jun)

The claimant company was one of the leading providers in the United Kingdom of re-mortgage, loan and debt solutions for home owners with unusual or difficult financial circumstances. Its most valuable asset was its database which contained details of individuals who were interested in or had purchased the financial products that the claimant sold.

 

In October 2006, the claimant's managing director, T, agreed to front a management buy out. Later, T came to suspect that former employees of the claimant company (the third to seventh defendants) had taken data belonging to the claimant company and were using it for the benefit of the first and second defendants (two companies set up around the time of the management buy out), in breach of their duties to the claimant company. T later obtained a USB memory stick, the contents of which provided evidence of the misappropriation of such confidential information.

 

In the light of this evidence, the claimant company successfully applied for an order: (i) requiring the defendants to disclose to the claimant what documents or part thereof belonging to the claimant they had in their possession, custody or control (the confidential information), (ii) prohibiting the defendants from using the confidential information, (iii) providing to the claimant all hard copies of such confidential information as currently existed, and (iv) preserving any confidential information as was or had been stored on any computer, hard drive or other form of electronic data storage medium in their possession, custody or control.

 

c) Crowson Fabrics Ltd -v- Rider and others [2007] All ER (D) 338 (Dec) (20 December 2007)

Here it was alleged by the employer (Crowson) that some ex-employees had copied confidential information (including customer contact details and sales figures). The ex-employees contracts did not have restrictive covenants relating to confidential information. Crowson argued that the ex-employees were subject to an implied duty of confidentiality. However, it was held that there was not a breach of confidentiality as the information was already in the public domain or easily accessible or already known to the employees.

 

However, Crowson was successful in arguing that the ex-employees had infringed its database rights by substantial extraction of information from its database of information onto their own computer system.

 

This case illustrates the point that there is scope for claiming infringement of a database right where an ex-employee has copied and retained information without authorisation, in particular where such information may not be protected by a general duty of confidentiality.

 

Security procedures – because of the risk of unauthorised use of databases by a party's own employees, an organisation could consider the following:

 

  1. ensure that it has an email policy in place allowing it to monitor email usage: many cases involve sales staff emailing data to home email accounts
  2. ensure that the email policy identifies what information belongs to the employer and what information belongs to the employee and makes it clear that information belonging to the employer should not be removed (or identifies circumstances in which it can be removed)
  3. ensure its induction programme focuses on the issue of protecting the company's proprietary information and that consent for monitoring email usage is obtained from new joiners
  4. ensure that it is not too difficult to retrieve deleted emails
  5. include the occasional 'false' lead on the database to see whether there is any leakage or unauthorised use of the database
  6. consider what access staff need to have to certain databases – can an organisation introduce a system allowing them only to access data relevant to their particular position?
  7. ensure that the intellectual property position regarding contact lists, sales figures and profit margins is made clear
  8. consider using restrictive covenants and express confidentiality obligations in employee contracts – if these are used the organisation should ensure that these are in line with current case-law

 

5. Summary

With the amount of money spent on databases, it is well worth organisations looking into whether they in fact own the rights to their databases, how they deal with their databases and how they might protect their databases from unauthorised use.

 

Jimmy Desai is a partner at Blake Lapthorn Tarlo Lyons, and can be contacted at jimmy.desai@bllaw.co.uk.