Legal updates - Devonshires...of Freedoms Act 2012, through the perils and pitfalls of social media in the workplace (with special focus on the Trafford Housing Trust case in which

Devonshires produce a wide range of briefings and legal updates for clients as well as running comprehensive seminar programmes.

If you would like to receive legal updates and seminar invitations please visit our website on the link below.

http://www.devonshires.com/join-mailing-list

Legal updates

Help is at hand Information Helpline

Information Helpline

0800 051 4212Monday to Friday 9am - 5pm

Devonshires is pleased to announce the launch of our new free Information Helpline. Gain instant access to our lawyers throughout the business day. Get direct legal advice on specific issues and a quick response to an immediate problem.

Edited by: Nick Billingham Head Office: 30 Finsbury Circus, London EC2M 7DT For further copies please contact the Marketing Department on: 020 7 628 7576, email [email protected] or visit www.devonshires.com

Devonshires has taken all reasonable precautions to ensure that information contained in this document is materially accurate however this document is not

intended to be legally comprehensive and therefore no action should be taken on matters covered in this document without taking full legal advice.

evonshiressolicitors

In format ion Br ief Spring 2013

In this issueIntroduction 2

Social Media in the Workplace 3

The Protection of Freedoms Act, Covert Surveillance, and CCTV 5

Confidential Information 7

PF2 transparency provisions mandatory for current PFI projects in Procurement 10

Information Team

Nick Billingham Partner020 7880 [email protected]

Elen StoreySolicitor020 7880 [email protected]

Ronnie TongPartner020 7880 [email protected]

Charles Tetlow Solicitor020 7880 [email protected]

Philip Barden Partner020 7880 [email protected]

Introduction

Welcome to this latest I-Brief. In this edition we look at issues ranging from the use of covert surveillance in the wake of the new Protection of Freedoms Act 2012, through the perils and pitfalls of social media in the workplace (with special focus on the Trafford Housing Trust case in which Devonshires acted for Trafford), to the transparency agenda and Private Finance 2 (so-called ‘son of PFI’). We also give you some timely guidance on confidentiality agreements as our social landlord clients get increasingly involved in transactions with the private sector (joint ventures and the like) where protecting commercially sensitive information is absolutely key. As always, the Devonshires Information Team is on hand to answer your data protection and information law questions either on our direct lines or via the Freephone Information Helpline – you can find all the details at the back of this edition.

Andrew CrawfordPartner020 7880 [email protected]

2

The Cost of Mishandling Personal Information

Social Media, whilst providing employers with networking opportunities and a chance to promote a positive image of their business in the public domain, can have undesirable implications if used incorrectly. It is advisable that policies are put in place in relation to employees’ use of social media and to protect an employer from any risks associated with this use. If employees are actively encouraged to use social media for business use such as for marketing or recruitment, employers should also have guidance in place to regulate this.

There have been a number of recent cases involving employees’ use of social media (such as Facebook) and these highlight the potential for the boundaries between employees’ private and working lives to become blurred. In many of these cases employers have argued that employees’ use of social media in their own time has been in breach of the employers’ policies or codes of conduct but the Employment Tribunal and the

courts have not readily accepted this argument.

The recent case of Smith –v- Trafford Housing Trust has highlighted some of the key issues arising in relation to social media. The High Court was required to consider whether Mr Smith, an employee of Trafford Housing Trust (“Trafford”) was in breach of his contract of employment by making comments on Facebook about gay marriage.

Mr Smith was contractually bound by Trafford’s code of conduct to show commitment to its aims and have regard to the need to maintain a positive image. In addition, Mr Smith agreed not to engage in activities which might bring Trafford into disrepute, either at or outside work, including by making derogatory comments about Trafford or engaging in unruly or unlawful conduct on social media sites such as Facebook. Mr Smith was also bound by Trafford’s equal opportunities policy which stated that colleagues and customers

should be treated in a respectful and non-judgemental way and employees should not engage in any conduct which would make another person feel uncomfortable, embarrassed or upset.

In February 2011 Mr Smith, who had 45 work colleagues as friends on Facebook, posted comments on his Facebook wall stating that gay church marriages were “an equality too far”. This was in response to a news article, a link to which he also posted on his Facebook wall. Mr Smith was disciplined as a result of these comments and, following a disciplinary procedure, Mr Smith was sanctioned with demotion. Mr Smith brought a claim against Trafford for breach of contract as a result of this demotion.

The High Court, in considering whether Mr Smith’s conduct brought Trafford into disrepute, held that they did not consider this to be the case. The Court rejected Trafford’s argument that Mr Smith identifying himself as a manager of Trafford on his Facebook page would lead people to reasonably

Social Media in the Workplace

“employers have argued that employees’ use of social media in their own time has been in breach of the employers’ policies or

codes of conduct” 3

believe the views expressed were that of Trafford. The Court held that a brief mention of the employer’s identity was not inconsistent with the impression that Mr Smith’s Facebook was used for personal and social information and was not used for work related communications.

It was rejected by the Court that having 45 work colleagues as friends imparted the necessary work related context to the postings for the purposes of Trafford’s code of conduct and equal opportunities policy and these were clearly aimed at work related situations. The Court highlighted the significance of Mr Smith’s colleagues having chosen to make him one of their friends and it was therefore up to them whether they wanted to receive Mr Smith’s religious or political views as as posted on Facebook.

The Court held that the frank but lawful expression of religious or political views may frequently cause a degree of upset but that this was a necessary price to be paid for freedom of speech.

When viewed objectively, it was considered that Mr Smith’s postings were not judgmental, disrespectful or liable to cause offence and they were widely promoted views that were aired on television and radio.

Mr Smith’s breach of contract claim was successful and he was awarded the sum of £98 which was the difference in salary between his former role and the role he was given on demotion. Whilst in this case the decision was not in favour of the employer, it provides employers with some useful advice on how to deal with social media in the workplace and mitigate against any claims that may be made by employees. Set out below are some practical tips for employers dealing with social media in the workplace:

• Employers should have in place properly drafted and communicated social media policies which explain to employees the risks

associated with social networking both during and outside working hours – these will need to be reviewed on a regular basis as social media is fast evolving.

• Social media policies should be linked to other policies where relevant such as confidentiality policies, harassment and bullying policies and internet/email usage policies to ensure a consistent approach.

• Employers should ensure that any policies that attempt to regulate their employees’ conduct outside of the workplace are proportionate. Disciplinary action for conduct outside the workplace should only be taken if the employer can demonstrate that the reputation of the employer has been damaged or if the conduct of the employee becomes incompatible with the work the employee is performing.

• Employees should be educated about the

•

•

•

consequences of disclosing or misusing the company’s confidential information or intellectual property in the social media context.

• As a general rule, views expressed on social media should be treated in the same way as those expressed in a non-virtual setting. Those views expressed on social media can be viewed and commented on well after the event and may actually have a greater impact that those made in a non-virtual setting.

• Employers should carefully consider the nature of any comments made on social media and the likely harm these could have to employees, clients or third parties prior to commencing any disciplinary action against the employee who posted them.

• Disproportionate restrictions on employees in relation to their behaviour on social media can

“it was rejected by the Court that having 45 work colleagues as friends imparted the necessary work related context”

4

The Protection of Freedoms Act 2012 (“PFA 2012”) has recently come into force, bringing with it a number of changes relating to surveillance and when it is lawful, namely: a) amendments to the approval procedures under the Regulation of Investigatory Powers Act (“RIPA”); and b) introduction of a CCTV commissioner and code.

Both changes only affect government and security services directly, but will be relevant to parties wishing to use surveillance from time to time. The changes are outlined below together with guidance on how to make use of surveillance in light of such changes.

Covert Surveillance and the new RIPA rules

RIPA provides a safety net for government and security services undertaking certain types of covert surveillance. If they ensure that they get approval under RIPA then they are deemed to be acting within the law whether or not they would be

otherwise. PFA 2012 has tightened the approval procedure required for all government bodies,

making it harder for them to obtain protection when undertaking covert surveillance. The changes can be summarised as follows:

• The procedure for RIPA approval now obliges government bodies to get approval from the Courts as well as the previously required internal sign-off; and

• Local councils are now unable to obtain RIPA approval for ‘Directed Surveillance’ (i.e. covert surveillance for the purpose of a specific investigation where private information is likely to be obtained) unless the problem being investigated crosses the threshold of carrying a minimum custodial sentence.

Working with Local Authorities

Some organisations prefer to ask their local

The Protection of Freedoms Act, Covert Surveillance, and CCTV

undermine employee morale and invite non-compliance and employers should be aware that the right balance between protection of employees and their freedom of speech should be struck.

The case law on social media is still developing and unfortunately social media developments are progressing faster than the law. With this in mind employers must ensure that they have clear policies on the use of social media in and out of the workplace. Employers should have in place a Social Media Policy which sets boundaries for their employees on what is acceptable and unacceptable conduct when using social media.

For more information on this article, please contact:

Ronnie Tong, Partner, Devonshires on 020 7880 4335 or at [email protected]

5

authority to undertake any covert surveillance for them – e.g. when investigating anti-social behaviour or noise nuisance – so taking advantage of their RIPA protection. The new threshold for RIPA approval for ‘Directed Surveillance’ will affect local councils’ and environmental health departments’ ability to get RIPA approval for this activity. Depending on the council’s policy, this may or may not prevent them from undertaking surveillance for other organisations.

If the surveillance does not involve the gathering of private information then Local Authorities should be happy to act as before. Where it does, but the conduct does not cross the new threshold, organisations should consider whether or not they are happy to proceed without the protection of RIPA. Alternatively, in suitable cases organisations may want to approach their local police force, which will not be subject to the threshold, to see if they will be willing to assist.

Undertaking your own surveillance

Those without RIPA approval (government bodies or no) are not banned from undertaking the sort of covert surveillance covered by it, but they do need to ensure that they comply with the wider law, on which more below.

The CCTV Commissioner

PFA 2012 has introduced a new CCTV commissioner and code of practice. The draft code has recently been put out for consultation and the final version is expected later this year. The draft code is expressed to apply to government and security services alone. The intention is that the scope will be broadened later. In the meantime, the commissioner is asking that everyone adopt the code as good practice.

Like the Information Commissioner (ICO) CCTV guidance already available, the thrust of the draft code is that use should be proportionate. It also addresses associated technology such

as numberplate or facial recognition software, the use of which is proscribed save in situations where it is necessary (e.g. certain police CCTV systems and investigations).

The commissioner can offer guidance only and has no enforcement powers. That said: a) the code is aimed to ensure compliance with Article 8 and with the Data Protection Act (“DPA”); b) the ICO has its own guidance on CCTV and does have enforcement powers; and c) courts will be able to take compliance with the code into account in considering related cases. The code, when ready, is therefore recommended reading.

Guidance

These changes are in response to the feeling that surveillance is now pervasive and needs controlling. Whilst of no direct effect outside of government, they may signal a tightening of the Courts’ stance on surveillance. Compliance with

“These changes are in response to the feeling that surveillance is now pervasive and needs controlling.”6

Last year the head of MI5 was quoted as saying that one UK company had lost £800,000,000 of intellectual property in a single cyber attack. This vividly illustrates the value of information. While Sir Jonathan Evans may have been talking about intellectual property in technology, an RP’s business plans, models and statistical information all have a value. As RPs increasingly compete with the private sector this information may become more valuable and, as a result, there is a greater incentive to protect it.

It is hardly surprising that parties in many commercial transactions will require the signing of a confidentiality agreement before they are prepared to circulate information about the transaction. This is designed to protect the provider of the information by prohibiting, or regulating, the disclosure and use of information that is believed to be confidential.

One might be forgiven for thinking there would

be a common form of confidentiality agreement. In practice however each business tends to have its own “standard form”. Furthermore, each form differs a great deal! As a result, for in house lawyers (and their advisers) a considerable amount of time is spent negotiating such agreements. For those at the ‘sharp end’ of the deal a delay caused by agreeing a confidentiality agreement can be frustrating.

There are many complaints about the “standard forms” of confidentiality agreements. For example, some agreements go well beyond what is reasonable to protect the provider of the information. As a result, there is unnecessary negotiation. Others may be drafted so widely that they may be unenforceable. As a result, there is little to be gained by including certain provisions, again leading to time-consuming negotiations.

Confidential Information

Article 8 and with the DPA is therefore important. Surveillance – covert, CCTV and otherwise – is allowed in certain situations but the more intrusive the surveillance and the more information gathered, the more severe the conduct being investigated needs to be for it to be lawful. The following broad guidelines should help keep within the law:

• Covert surveillance is intrusive. If the conduct being investigated is minor then consider making sure surveillance is open: e.g. use signage or otherwise inform the subjects.

• Anything falling into the ‘Intrusive Surveillance’ or ‘Covert Human Intelligence Sources’ categories of RIPA (i.e. intrusion into private property or vehicles; or the use of parties assuming false identities) should be avoided.

• Consider implementing internal procedures for approving surveillance, with senior staff members trained in Article 8 and the DPA

approving covert surveillance.

• Read the ICO’s guidance and the new code of practice on CCTV and check any associated systems against it.

• Covert use of CCTV is rarely acceptable and should be avoided, as should use of associated numberplate or facial recognition software.

For more information on this article, please contact:

Charles Tetlow, Solicitor, on 020 7880 4211 or at [email protected]

Confidential Information7

In addition, there are agreements which are drafted in such a way that they cannot, reasonably, be complied with by the recipient. In these circumstances, such onerous clauses may be of little practical use. No wonder frustrated business colleagues may allege that confidentiality agreements are the ‘invention’ of lawyers. In fact, this is not the case!

These agreements have grown up due to the development, by the courts, of legal rules to protect the owners of confidential information and to impose duties on those who receive information to deal with it in a restricted way. Those sceptical of the value of such agreements may argue that an obligation in respect of confidential information can arise even in the absence of a confidentiality agreement given that the law of confidence can still protect a provider of information, even without such an agreement.

They will point out that it is a principle of law that a person who has received information in

confidence cannot take unfair advantage of it.

That person must not make use of it to the prejudice of the person who gave the information without obtaining their consent.

To be protected by the law of confidence, information must be:

• Confidential in nature: having the “necessary quality of confidence”.

• Disclosed in circumstances importing an obligation of confidence.

In many cases, the “necessary quality of confidence” is easily recognised, for example, in the case of a business plan. However, disputes often arise about allegedly confidential information which is not very different from information already in the public domain or which can, with some effort, be pieced together from what is in the public domain (for example, customer lists).

If a party handing over say, a financial model, states expressly that model should be treated as confidential, then the recipient should be well aware of their obligations. However, information is often not disclosed in a formal context. Information concerning business plans and key clients is frequently disclosed in the context of negotiations.

That said, if no express requirement of confidentiality is imposed, there can be doubt as to whether or not the recipient is placed under any obligation of confidence. Certainly, if the discloser treats the information as if it were common knowledge, it will be reasonable for the recipient to assume that he is under no obligation to keep it confidential. Consequently, the provider of the confidential information must be careful. For example, discussing the information in a public place, where it could be overheard, may prejudice its confidentiality.

A confidentiality agreement will focus the attention

on the parties and the way in which each of them should behave and remind them of the importance of the confidentiality of the information. In addition,the terms of the agreement can extend the law to suit the needs of the parties and of the particular transaction

All too frequently a standard form of confidentiality agreement is sent out with limited thought as to what it is designed to achieve. Let’s consider, for example, whether the information being provided is confidential and what happens when discussions end. In many agreements, confidential information is very broadly defined. One wonders whether much is achieved by having such a broad definition. If a fact is not regarded as confidential, as a matter of law, it is unlikely that a court will give the provider of that information an injunction to prevent its use or disclosure by the person receiving it. The reason that such broad definitions seem to be used is

“if no express requirement of confidentiality is imposed, there can be doubt as to whether or not the recipient is placed under

any obligation of confidence.”8

11

that a provider of information would generally wish to start from the argument that all the information that it is providing in connection with the transaction is confidential. As a result, the recipient has the burden, at least psychologically, to show that the information that has been provided is not confidential. This may be difficult to resist.

The provisions of many agreements relating to the return, or destruction, of information when discussions relating to the particular project ends, are often excessive. Typically, such agreements will require the recipient of the information to “return or destroy” all the confidential information in its possession. This is designed to avoid confidential information being disclosed, or misused, unintentionally by the receiver at a later date. However, a number of practical issues arise. For example, is it going to be realistic to locate all the copies of the documents made. If the information has been circulated

by email within the organisation it will be difficult to irreversibly erase the hard drives. What will happen wherethe receiver has prepared other documents (such as analysis set out in excel spread sheets) based on the information provided?

It may be more sensible to simply stress the continuing obligation to keep the information confidential and only ask for the information to be returned or destroyed to the extent it is reasonably practical. After all, the requirements to destroy cannot be monitored. Another approach may be to ask for the receiver to confirm that destruction has taken place on the basis that asking for such an acknowledgement will ensure that the requirement is brought to the attention of a senior manager of the person receiving the information.

Irrespective of having a confidentiality agreement in place, there are a number of practical steps

that a person circulating information should consider taking to establish and maintain confidentiality.

• Ensuring that the information provided, which is in fact confidenial, is marked “Confidential”;

• Avoiding the use of email by sending hard copies of the information which can be numbered (or has the addressee’s name) and which can be collected when no longer required;

• Keeping a record of those to whom information is sent from time to time;

• Considering staggered disclosure, when making disclosures in the context of negotiations, that is, hold the “crown jewels” back until you have reached an advanced stage of proceedings;

• Ensuring that employee contracts contain clear and appropriate confidentiality

provisions;

• Giving employees practical guidance about keeping information confidential. Examples might include to take care when using laptops on trains (and what happens when they are left on the train!);

• Keeping records that show what projects each employee or consultant has worked on.

For more information on this article, please contact:

Andrew Crawford, Partner, on 020 7880 4283 or at [email protected]

“The provisions of many agreements relating to the return, or destruction, of information when discussions relating to the

particular project ends, are often excessive” 9

The Government’s Autumn Statement, announced in December 2012, unveiled the result of the Treasury’s review of the Private Finance Initiative (“PFI”) and launched their revamped model - Private Finance 2 (“PF2”).

PF2 aims to tackle the ‘waste, inflexibility and lack of transparency’ attributed to its predecessor and the Treasury expects it to command greater confidence among both taxpayers and providers by addressing certain fundamental concerns surrounding PFI.

One particular concern with PFI was the perceived lack of transparency in relation to the financial returns being made by the private sector and, more generally, in terms of information sharing with the procuring authority and the public. The approach to transparency in PF2 is therefore significantly more detailed than that adopted on existing PFI projects.

The Treasury have recently contacted the

remaining PFI projects in procurement and confirmed that the PF2 provisions in relation to transparency and information sharing will be mandatory for all PFI projects that have not yet reached financial close.

Such projects will, to date, have incorporated the information and confidentiality provisions contained in the Standardisation of PFI Contracts version 4 (SoPC4) – the predecessor to the new PF2 guidance. The PF2 transparency provisions are more onerous than the equivalent SoPC4 provisions and market reaction to their inclusion has so far been, at best, lukewarm.

The Treasury’s Aims

The Treasury’s aims in introducing these provisions are three-fold. Firstly, it aims to increase the amount of project information which is made available to tax payers in an attempt to bolster public confidence that PFI / PF2 projects

are achieving value for money.

Secondly, by being more open with the private sector about the Government’s approval processes in relation to these projects, it aims to ensure that the private sector can plan ahead with greater certainty.

Thirdly, the Treasury has stated that it aims to increase transparency for procuring Authorities so that those Authorities have better information available to assist them in effectively managing and monitoring their projects. To this end, the Treasury has introduced significant changes to the provisions surrounding information sharing and record keeping.

PF2 Transparency Drafting

In order to address the perceived lack of transparency in relation to the financial returns being made by the private sector, PF2 requires that the Contractor regularly provides the Authority and Treasury with details of the actual and

projected equity internal rate of return and all payments to Shareholders.

The Contractor is also required to provide the Authority with a significantly more detailed Operating Manual to ‘aid the Authority’s management of the Contract’. Such Operating Manuals are expected to cover a broad range of areas and include details of the project objectives, team structures, decision making arrangements, reporting requirements, the change mechanism, the payment mechanism and a summary of the services and performance standards.

In addition, the Contractor must provide a number of recurring reports to the Authority on matters related to the project and of any information provided to Senior Lenders.

In accordance with existing Cabinet Office requirements that all Central Government contracts over £10,000 are published in full on

PF2 transparency provisions mandatory for current PFI projects in Procurement

“PF2 aims to tackle the ‘waste, inflexibility and lack of transparency’ attributed to its predecessor”

10

the Government’s Contracts Finder website, PF2 advises that as much information as possible in the Project Agreement should be published. Only information identified as “commercially sensitive” or which the Authority has identified as sensitive for public interest reasons should be kept confidential.

Perhaps the most controversial aspect of the new provisions is the introduction of a new category of Persistent Breach (defined as an ‘Information Breach’) together with the statement that any breach of the new transparency provisions shall trigger deductions in addition to any Authority rights which may arise in relation to Persistent Breach. Traditionally, the Persistent Breach regime (which can result in termination if breaches are sufficiently persistent) only applies to those breaches for which an Authority could not make deductions. The PF2 drafting indicates that, in relation to a breach of the transparency

provisions, the Authority will be able to levy deductions against the Contractor and count such breaches towards Persistent Breach.

Implications for Current PFI Projects

Those PFI projects currently in procurement have, in the majority of cases, been in procurement and subject to detailed negotiation for over a year. The mandatory inclusion of the PF2 transparency regime is therefore causing difficulties for contractors and funders who are having to familiarise themselves with the additional obligations and their associated risks.

However, the requirement for increased transparency is consistent with the Government’s wider transparency agenda and the Treasury guidance ‘A New Approach to Public Private Partnerships’ published in December 2012 which made clear that, in order to address the risk that procuring authorities “do not have sufficient clarity or confidence in the ongoing value for money of

their contractual arrangements”, transparency would be at the core of PF2 arrangements.

For more information on PFI, PF2 or on Public Private Partnerships generally, please contact:

Elen Storey, Solicitor, on 020 7880 4389 or at [email protected]

“Perhaps the most controversial aspect of the new provisions is the introduction of a new category of Persistent Breach”

11