Restrictive covenants and data theft: a guide for employers

Author: Helen Lyne, Senior Consultant Dispute Resolution Lawyer | Last updated: 9th June 2026

When key people move on, confidential information and client relationships can be at risk. That’s where well-drafted restrictions and swift action make all the difference. This guide explains the meaning of restrictive covenants, how misuse of data arises in practice, what to watch for, and the legal and operational steps to protect your business. It also explains how Setfords’ specialists, including senior disputes lawyer Helen Lyne, help clients prevent issues and act decisively when problems occur.

Article summary: Restrictive covenants are contractual clauses that protect a business’s confidential information, client relationships, and team stability when employees leave. Under UK law, they are enforceable only to the extent reasonably necessary given the employee’s role, seniority, and the geographic and temporal scope of the restriction. Data theft, including unauthorised downloads, email forwarding, or the export of contact lists, often accompanies a breach and can give rise to urgent injunctive relief, damages, or an account of profits. Acting quickly to preserve evidence and take specialist legal advice is essential to containing the damage and enforcing your rights effectively.

Understanding restrictive covenants and data theft risks

To define restrictive covenant in plain terms: these are contractual promises that protect legitimate interests such as client connections, confidential information and team stability. Common forms include non-compete, non-solicitation, non-dealing and confidentiality clauses. The restrictive covenants’ meaning in practice is to create clear boundaries around post-termination conduct while allowing former employees to continue their careers fairly.

In the UK, restrictive covenants in employment must be carefully tailored. Courts will only enforce them if they go no further than reasonably necessary, assessed by role, scope, duration and geography. For senior or client-facing roles, post-termination periods typically run from three to twelve months. Overly broad terms risk being struck out, whereas confidentiality obligations can endure for as long as information remains genuinely confidential. Robust restrictive covenants in employment contracts, aligned with policies and role responsibilities, maximise enforceability and reduce the likelihood of a breach of restrictive covenant.

Types of restrictive covenant

• Non-compete: prevents joining a competitor or launching a competing venture for a defined period and area.
• Non-solicitation: stops active approaches to clients, prospects or staff.
• Non-dealing: prevents doing business with specified clients even if they make the first approach.
• Confidentiality: safeguards trade secrets, strategies, pricing and other sensitive information.

Data theft commonly involves unauthorised downloads of CRM databases, forwarding emails to personal accounts, exporting contact lists, syncing files to personal cloud storage, or copying to external drives. Even if data is accessible internally, repurposing it for a competing role or business can amount to misuse of confidential information and breaching restrictive covenants.

Common breach scenarios and warning signs

Vigilance before and after departure reduces the risk of a breach of restrictive covenant and data loss. Indicators prior to exit include unusual spikes in data access, after-hours activity, bulk exports from the CRM, and requests for pipeline or pricing reports outside normal duties. Attempts to bypass security controls are particularly telling.

After an employee leaves, red flags include client approaches that mirror your sales scripts, marketing that replicates proprietary content, or the rapid launch of a competing venture in an overlapping territory. New employers can face claims if they knowingly encourage or benefit from breaching restrictive covenants. Evidence is often found in audit logs, device forensics, email metadata and version histories.

While experience and general know-how may be taken to a new role, copying or exploiting confidential client data is different. The intersection of restrictive covenants and data theft is most acute around trade secrets, bid strategies, margin and pricing models, and curated customer databases.

Protecting your business and responding to suspected breaches

Speed and proportionality matter. If you suspect restrictive covenants and data theft, take immediate, measured steps to contain risk and preserve evidence while assessing the position. Where appropriate, consider whether restrictive covenants in employment contracts and IT policies support urgent action.

• Preserve evidence: secure logs, retain emails, and arrange lawful imaging of devices.
• Restrict access: suspend accounts, revoke remote connections, and reset credentials.
• Issue reminders: notify the former employee and any new employer of obligations; demand return and deletion of data.
• Seek undertakings: obtain written commitments and consider garden leave during notice periods.

Legal options include urgent injunctions to restrain misuse of confidential information, orders for delivery up of materials, and springboard relief to remove any unfair head start. Depending on loss and gain, you may pursue damages or an account of profits. Clear, evidence-led pre-action correspondence often produces swift undertakings and reduces disruption.

Prevention is equally important. Use role-specific restrictive covenants in employment, implement need-to-know access controls, watermark and encrypt key files, and operate strong joiner, mover and leaver processes. Conduct exit interviews, recover devices, and document the return and deletion of data. Regular training builds a culture of confidentiality and lowers the chances of a breach of restrictive covenant.

How Setfords can help

Setfords’ employment and disputes specialists draft and review restrictive covenants in employment contracts that are aligned to your sector, roles and risk profile. We explain the restrictive covenants meaning in context, define restrictive covenant boundaries clearly, and calibrate scope, duration and geography to maximise enforceability. Policies and handbooks are aligned to support the same outcomes and reduce ambiguity.

When issues arise, our team moves quickly. We advise on evidence preservation, send letters before action, and apply for urgent injunctions to address restrictive covenants and data theft. We regularly enforce against senior hires and coordinated team moves, seeking delivery up and springboard relief where justified. Where it serves your commercial aims, we negotiate undertakings that give practical, enforceable protection and pursue damages or an account of profits if necessary.

Beyond crisis response, we help businesses stay ahead of risk through training, policy refreshes and periodic audits. Whether you need preventative measures or support with breaching restrictive covenants, you will work with experienced lawyers focused on protecting value and maintaining momentum. To discuss restrictive covenants in employment or a suspected breach of restrictive covenant, contact us to speak with an expert such as Helen Lyne.