Lawyer fined €5,000 for stealing ‘phenomenal’ amount of data from previous employer

A 27-year-old lawyer was fined €5,000 for misappropriating a “phenomenal” amount of data from the law firm she worked with before moving on to new job.

The young lawyer was charged with computer misuse, unauthorised use of proprietary data, and with having made unauthorised copies of documentation, as well as being in unauthorised possession of data which she had misappropriated.

The court imposed a ban on the publication of the name of the accused and the law firms involved.

The accused had been employed in 2010 as a lawyer with a leading commercial law firm, and her duties included assisting the managing partner in setting up companies.

She resigned in 2012, joining a group of companies, and incorporating an identical company, with identical memorandum and articles of association to one which she had been working on before.

Her former employers looked into her records, and noticed an extraordinary spike in emails occurring at 6am on the accused’s last day at the firm. She would normally start work at 8am.

A criminal complaint was filed and the lawyer was arrested and interrogated in September 2012. At her new workplace, a number of documents, including handwritten notes, were found that had been taken from her previous employer, together with billing documents and business plans.

She claimed to have done this to have a record and sample of her work over the preceding two years.

Magistrate Anthony Vella, in his sentence on the matter, observed that there was no definition of computer misuse under Maltese law, but based on UK law, which stipulates that access to the systems in questions must not be authorised in order to have the crime of computer misuse.

The Criminal Code states that a person who is in possession of data which he or she is not authorised to hold is assumed to have taken it into their possession on purpose and must prove the contrary.

Due to the dearth of local jurisprudence on the subject, the crime’s relative novelty, there was also no definition of “unauthorised” in the context of data transfer.

Magistrate Vella said the facts of the case were “clear, unequivocal and uncontested”.

“It is the opinion of the court that the accused knew that what she did was irregular. It is highly indicative that she sent a phenomenal amount of emails to herself at six in the morning of the last day of work, without informing any of her superiors and without seeking permission or authorisation... these factors all indicate that the accused knew full well what she was doing and her actions are a perfect fit for the offence in question.”

On misappropriation the court observed that case law stated that this crime was consummated as soon as acts of ownership are exercised over the thing misappropriated with the intention of exercising dominion. This occurs when the acts “unequivocally show the intention of appropriation as they are in of themselves incompatible with the cause and title of the detention of the thing.” 

The court was in no doubt as to guilt. “She was trusted as a lawyer with the firm and should have known that the information held in an office like that would be sensitive and covered by professional secrecy. All she had to do was to tell her superiors what she wanted the information for and permission to make copies for her personal use. That instead she took what she wanted at strange times, without telling anyone, shows her intention.”

The lawyer was found guilty as charged and fined €5,000, also being ordered to pay €3,220 in costs.

Inspector Jonathan Ferris is listed as prosecutor. Lawyer Joe Giglio was defence counsel. Lawyer Roberto Montalto was parte civile for the law firm.