Court rules restraint invalid as too broad in failed data theft case against ex-employees
A Federal Court ruling dismissed on November 13 exposes the risks employers face when post-employment restraints are drafted too broadly.
When Pennytel Australia spent over five million dollars to acquire telecommunications businesses including Focus Communications in July 2021, the company expected to protect its investment. Among the assets was what the telco called a "significant book of customers."
Two longtime Focus employees made the transition. Nicholas Engelke had been with Focus since 2009, eventually becoming Head of Corporate Services at Pennytel. Samantha Chitas joined Focus even earlier, working as an Account Manager since 2001. Both accepted employment with Pennytel when the acquisition closed.
The relationship soured. Engelke departed on 6 May 2022. Chitas followed on 22 January 2023, resigning after Pennytel sent her a show cause letter alleging serious misconduct. She was on long service leave at the time.
What happened next landed the parties in Federal Court. Pennytel alleged that Engelke, Chitas, and their business associate Peter Horan had entered into an agreement by no later than September or October 2022 to establish a competing telecommunications business using confidential information. The company pointed to what it considered suspicious evidence: a customer spreadsheet Engelke emailed to Chitas on 31 March 2022, database reports he generated in April 2022 containing client information including some driver licence numbers and credit histories, and the customer report Chitas forwarded to her personal email account on 22 April 2022.
When both employees left, Pennytel claimed they deleted files from their laptops. The company grew more concerned when former Pennytel customers began appearing at SPN Co Pty Ltd, the new venture where both former employees eventually worked.
Pennytel's legal team built their case around alleged breaches of employment contracts, violations of the Corporations Act, and misuse of confidential information. They sought damages, restraining orders, and delivery of company records.
Justice Needham found against Pennytel on every claim. The court determined the plaintiff failed to prove the defendants took or misused confidential information. The alleged scheme was not established. No employment contract breaches occurred. The Corporations Act violations were unfounded.
For HR professionals, the most instructive finding concerned Chitas's employment contract. Her six-month post-employment restraint covering "clients and prospective clients" failed because it was overly broad. The court ruled it "broader than necessary to protect plaintiff's business and not able to be read down," rendering the entire restraint invalid.
The defendants successfully argued their actions were legitimate preparatory steps for operating a business at a later date, not wrongdoing. Evidence showed some Pennytel customers had service issues documented in the company's own records, undercutting claims that clients left solely due to any alleged data misuse.
After nine hearing days spanning Sydney and Melbourne with ten witnesses, the court ordered the proceedings dismissed once costs are determined. The lesson for employers: restraint clauses must be precisely tailored to genuine business interests, or courts will strike them down entirely.
