What to Do If a Former Employee Takes Client Contracts After Resignation

When a former employee resigns and takes client contracts, customer lists, pricing sheets, proposal files, or CRM exports, the problem is not just “office drama.” It can affect revenue, client trust, data privacy compliance, and the enforceability of your company’s agreements. The right response in the Philippines is to move quickly but carefully: secure your systems, preserve evidence, identify what was taken, check the employee’s contract, and choose the correct remedy—civil, criminal, data privacy, cybercrime, or sometimes all of them.

What “Taking Client Contracts” Legally Means

In real business situations, “client contracts” can mean several different things:

  • Original signed contracts or scanned copies
  • Contract templates, service level agreements, statements of work, purchase orders, or renewal documents
  • Client contact details, decision-maker names, emails, phone numbers, billing details, and addresses
  • Pricing, discounts, margins, commission terms, and payment history
  • Pipeline reports, CRM exports, renewal calendars, and account notes
  • E-signature platform records, Google Drive folders, Dropbox folders, email attachments, or screenshots
  • Confidential proposals sent before the client signed

The legal issue depends on what was taken, how it was taken, and what the former employee is doing with it. A person may use their general skill, experience, and memory after resignation. But they generally cannot take company property, copy confidential business records, misuse personal data, access company systems without authority, reveal trade secrets, or induce clients to breach existing contracts.

Why the First Few Days Matter

The first 24 to 72 hours are critical because digital evidence can disappear quickly. Gmail forwarding rules can be deleted. CRM logs can be overwritten. Cloud sharing links can be changed. Clients may receive misleading messages before the company understands what happened.

Avoid reacting with public accusations. In the Philippines, careless statements to clients, suppliers, or social media can create separate legal exposure for defamation or unfair labor-related disputes. The better approach is controlled evidence preservation, system lockdown, and a properly worded written demand.

Legal Basis Under Philippine Law

Breach of Employment Contract, NDA, or Confidentiality Agreement

If the former employee signed an employment contract, non-disclosure agreement, confidentiality clause, non-solicitation clause, return-of-property undertaking, or acceptable-use policy, the starting point is contract law.

Under Article 1159 of the Civil Code, obligations arising from contracts have the force of law between the parties and must be complied with in good faith. Article 1170 also makes a party liable for damages when, in performing obligations, they commit fraud, negligence, delay, or otherwise violate the terms of the obligation. (Lawphil)

Article 1306 of the Civil Code allows parties to set their own contract terms, provided these are not contrary to law, morals, good customs, public order, or public policy. This is why confidentiality, return-of-documents, and non-use clauses are commonly enforceable when properly drafted. (Lawphil)

A strong post-employment clause usually says that the employee must:

  • Return all company documents and devices upon resignation
  • Delete company files from personal email, phone, laptop, USB drives, and cloud accounts
  • Stop using or disclosing confidential information
  • Avoid soliciting company clients for a reasonable period, if a valid non-solicitation clause exists
  • Preserve company ownership over contracts, databases, templates, proposals, and business records

Non-Compete and Non-Solicitation Clauses

Not every restriction on a former employee is valid. Philippine courts look at whether the restriction is reasonable.

In Tiu v. Platinum Plans Phil., Inc., the Supreme Court upheld a two-year non-involvement clause because it was limited as to time and trade, and the employee had access to confidential and sensitive marketing strategies. The Court explained that a restraint is not automatically void if it is not greater than necessary to protect the employer. (Supreme Court E-Library)

But in Rivera v. Solidbank Corporation, the Supreme Court treated the reasonableness of a post-retirement employment ban as a genuine factual issue requiring evidence, especially where the employee argued that the restriction was oppressive and affected his ability to earn a living. (Supreme Court E-Library)

In practical terms:

Clause Usually stronger when Usually weaker when
Confidentiality clause It protects specific confidential records, pricing, contracts, client data, or trade secrets It tries to stop the employee from using general skill or ordinary industry knowledge
Return-of-property clause It clearly covers physical and electronic records The company never defined what must be returned
Non-solicitation clause It is limited to actual clients handled by the employee and for a reasonable period It covers every possible client forever
Non-compete clause It is limited by time, trade, and sometimes geography or market It broadly prevents the person from earning a living in their field

Trade Secrets and Undisclosed Information

Client contracts and client databases may be protected as confidential business information when they are not publicly available, were developed through company effort, and are treated as confidential.

The Intellectual Property Code of the Philippines, Republic Act No. 8293 of 1997, recognizes “Protection of Undisclosed Information” as an intellectual property right. (Lawphil) This can be relevant when the former employee took pricing methods, client-specific contract terms, renewal schedules, margins, internal proposals, or strategic account notes.

The company’s position becomes stronger if it can show that it actually protected the information, such as by:

  • Limiting CRM or folder access by role
  • Using NDAs or confidentiality clauses
  • Marking files as confidential
  • Restricting downloads or exports
  • Requiring company accounts instead of personal email
  • Conducting exit clearance and return-of-property procedures
  • Keeping audit logs

A “client list” copied from a public website may be hard to protect. A client database containing negotiated rates, decision-makers, account history, renewal timing, objections, and payment behavior is much more likely to be treated as valuable confidential information.

Civil Liability for Bad Faith, Unfair Competition, or Interference

Even without a perfect NDA, the Civil Code may still help. Articles 19, 20, and 21 require people to act with justice, honesty, and good faith, and to compensate others for damage caused contrary to law, morals, good customs, or public policy. Article 28 also recognizes a right of action for unfair competition through deceit, machination, or other unjust, oppressive, or highhanded methods. (Lawphil)

Article 1314 of the Civil Code is also important: a third person who induces another to violate a contract may be liable for damages. (Lawphil) For example, if a former employee uses copied contracts to convince existing clients to terminate early and move to a competing business, the company may examine whether there is inducement to breach contract.

Revised Penal Code: Theft, Qualified Theft, and Revealing Secrets

If physical documents, original contracts, company devices, USB drives, or hard-copy files were taken without consent, theft may be considered. Article 308 of the Revised Penal Code defines theft as taking another’s personal property, with intent to gain, without violence, intimidation, or force, and without the owner’s consent. (Lawphil)

If the taking involved grave abuse of confidence, qualified theft under Article 310 may be alleged. This commonly arises where the accused was entrusted with access because of their position. (Lawphil) Republic Act No. 10951 of 2017 updated many value thresholds and fines under the Revised Penal Code, including theft penalties and fines for revealing secrets. (Supreme Court E-Library)

For disclosure of confidential business information, Articles 291 and 292 of the Revised Penal Code may also be relevant. Article 291 punishes a manager, employee, or servant who learns the secrets of a principal or master by reason of the position and reveals them. Article 292 covers revelation of industrial secrets by a person in charge, employee, or workman of a manufacturing or industrial establishment, to the owner’s prejudice. RA 10951 increased the relevant fines to amounts not exceeding ₱100,000 for these provisions. (Supreme Court E-Library)

For purely electronic copying, prosecutors often look closely at the facts because “copying data” may raise different issues from physically taking a document or device. Cybercrime and data privacy laws may be more directly applicable where the employee exported files, used passwords after resignation, accessed cloud folders without authority, or transferred customer data.

Data Privacy Act Issues

Client contracts often contain personal information: names, signatures, email addresses, phone numbers, TINs, IDs, billing details, home addresses, or authorized representative information. If the client is a corporation, the company name itself is not personal information, but the details of individual signatories and contact persons may be.

Republic Act No. 10173, the Data Privacy Act of 2012, applies to personal information processing and creates rights and obligations for personal information controllers and processors. It defines personal information as information from which an individual’s identity is apparent or can reasonably and directly be ascertained. (National Privacy Commission)

A particularly important rule for employee resignations is Section 20(e): employees, agents, or representatives involved in processing personal information must hold personal information under strict confidentiality when it is not intended for public disclosure, and this obligation continues even after termination of employment or contractual relations. (National Privacy Commission)

If sensitive personal information or information that may enable identity fraud was reasonably believed to have been acquired by an unauthorized person, and there is real risk of serious harm, the company may need to notify the National Privacy Commission and affected data subjects. The Data Privacy Act requires prompt notification describing the nature of the breach, the information possibly involved, and measures taken to address it. (National Privacy Commission)

The NPC’s complaint process generally requires a filled-out and notarized complaint or verified complaint with supporting evidence and witness affidavits, submitted personally, by registered mail, courier, or authorized electronic means. (National Privacy Commission)

Cybercrime Law

If the former employee used an old password, accessed a company email after resignation, downloaded files from a cloud drive without authority, changed CRM records, deleted files, or used another person’s login, Republic Act No. 10175, the Cybercrime Prevention Act of 2012, may apply.

RA 10175 punishes illegal access, illegal interception, data interference, system interference, misuse of devices such as passwords or access codes, computer-related forgery, computer-related fraud, and computer-related identity theft. (Supreme Court E-Library) The NBI and PNP are responsible for cybercrime enforcement, and the law requires cybercrime units or centers to handle violations. (Supreme Court E-Library)

The cybercrime route is strongest when there are logs showing unauthorized login, file export, forwarding, deletion, use of credentials after access was revoked, or access to systems outside the employee’s authority.

What to Do Immediately

1. Secure Systems Before Confronting the Former Employee

Before sending an angry message, lock down the company’s systems. Many businesses make the mistake of confronting the former employee first, giving them time to delete evidence or download more files.

Do the following immediately:

  1. Revoke access to company email, CRM, accounting systems, e-signature platforms, file drives, project management tools, chat apps, VPN, HRIS, and shared passwords.
  2. Reset passwords for shared accounts the employee may have known.
  3. Check email forwarding rules, delegated mailbox access, recovery emails, app passwords, and connected devices.
  4. Disable active sessions in Google Workspace, Microsoft 365, Slack, HubSpot, Salesforce, Zoho, Dropbox, OneDrive, or similar platforms.
  5. Preserve account logs before they expire.
  6. Suspend public sharing links for sensitive contract folders.
  7. Ask IT to image or preserve the employee’s company laptop, if available.

Do not wipe the device immediately if it may contain evidence. Preserve it first.

2. Identify Exactly What Was Taken

Create a factual inventory. Avoid vague statements like “he stole our clients.” Courts, prosecutors, and the NPC need specifics.

Document:

  • File names and folder paths
  • Contract dates and client names
  • Whether the files were originals, scans, drafts, or templates
  • Date and time of downloads, exports, printing, forwarding, or deletion
  • Account used
  • IP address, device ID, or location logs, if available
  • Clients contacted after resignation
  • Similarities between your contract terms and the competitor’s proposal
  • Any messages from clients saying the former employee contacted them using company information

3. Preserve Evidence Properly

Useful evidence often includes:

Evidence Why it matters
Employment contract, NDA, handbook acknowledgment Shows confidentiality and return obligations
Resignation letter and clearance documents Shows timing and what was or was not returned
CRM export logs Shows client data extraction
Email forwarding logs Shows transfer to personal email
Cloud activity logs Shows downloads, deletions, sharing, or external access
Client messages Shows solicitation or use of confidential information
Screenshots Helpful, but should be backed by source files or witness affidavits
Device inventory Shows missing laptop, phone, USB, or hard-copy files
Data breach assessment Helps determine NPC notification obligations

Electronic documents can be used as evidence in Philippine proceedings when properly authenticated. The Rules on Electronic Evidence apply when electronic documents or electronic data messages are offered or used in evidence. (Lawphil) Republic Act No. 8792, the Electronic Commerce Act, also recognizes that an electronic document can be the functional equivalent of a written document for evidentiary purposes. (Supreme Court E-Library)

4. Review the Employee’s Documents

Collect and review:

  • Employment contract
  • NDA or confidentiality agreement
  • Non-solicitation or non-compete clause
  • Commission plan
  • Code of conduct
  • IT acceptable-use policy
  • Data privacy policy
  • Intellectual property assignment
  • Exit clearance form
  • Turnover checklist
  • Company property accountability form
  • Any acknowledgment that files, devices, passwords, and records must be returned

This review determines whether the case is primarily a contract enforcement issue, a criminal complaint, a data privacy matter, a cybercrime issue, or a request for injunctive relief.

5. Send a Carefully Drafted Demand Letter

A demand letter should be firm, factual, and evidence-preserving. It should usually require the former employee to:

  1. Stop using, copying, sharing, or disclosing company contracts and client information.
  2. Return all physical documents, devices, IDs, USB drives, and company property.
  3. Permanently delete company files from personal devices, email accounts, and cloud storage, subject to evidence-preservation instructions.
  4. Identify all persons or entities to whom the information was disclosed.
  5. Confirm that no further access to company systems will be attempted.
  6. Preserve all relevant communications and devices.
  7. Stop contacting clients using confidential company information, if covered by contract and applicable law.

Avoid exaggeration. Do not say “you committed qualified theft” unless the facts support it. A demand letter that overstates the case can backfire.

6. Notify Clients Carefully

If clients are affected, communication should be calm and narrow. A practical notice may say that the company is updating account access, confirming authorized representatives, and asking clients to disregard unauthorized communications about their contract unless confirmed through official channels.

Do not publicly shame the former employee. Do not accuse the person of a crime in a blast email. Focus on protecting the client relationship and preventing confusion.

7. Assess Whether the NPC Must Be Notified

If personal data was taken, conduct a data breach assessment. Ask:

  • What personal information was involved?
  • Was sensitive personal information included?
  • Could the information enable identity fraud, financial harm, reputational harm, or phishing?
  • Was the data encrypted?
  • Was the person who took it authorized at the time?
  • Did the access exceed the employee’s authority?
  • Were affected data subjects identified?
  • What containment measures were done?

If breach notification is required, delays should be justified and documented. The NPC now emphasizes formal procedures and specific submission channels for breach and complaint-related filings. (National Privacy Commission)

Choosing the Right Remedy

Situation Possible remedy Where it usually goes Practical notes
Former employee refuses to return contracts or devices Demand letter, civil action, possible replevin or damages Regular courts Stronger when company ownership and possession are clear
Former employee uses client contracts to poach accounts Civil case for injunction and damages Usually RTC if injunction is the main relief Requires proof of clear right and actual threat
Former employee copied personal data NPC complaint or breach notification assessment National Privacy Commission Focus is misuse of personal information and compliance
Former employee accessed systems after resignation Cybercrime complaint NBI Cybercrime Division, PNP Anti-Cybercrime Group, prosecutor Logs are critical
Former employee physically took company property Criminal complaint for theft or qualified theft, depending on facts Prosecutor’s office after law enforcement or direct complaint Requires proof of taking, intent to gain, lack of consent
Small money claim only, no injunction Small claims First-level courts Supreme Court increased the small claims threshold to ₱1,000,000, but small claims are for money claims and do not fit cases needing injunction or recovery of property. (Supreme Court of the Philippines)

For urgent court protection, a company may seek a temporary restraining order or preliminary injunction. Philippine jurisprudence requires a clear and unmistakable right, a material and substantial invasion of that right, and urgent necessity to prevent serious or irreparable damage. (Supreme Court E-Library)

Common Mistakes Employers Make

Withholding Final Pay Indefinitely

Employers sometimes hold final pay to pressure the employee to return documents. Be careful. DOLE Labor Advisory No. 06, Series of 2020, states that final pay should generally be released within 30 days from separation, and a Certificate of Employment should be issued within three days from request. (Department of Labor and Employment)

A clearance process is common, but indefinite withholding can create a separate labor dispute. If the company has a legitimate accountability, document it clearly and avoid using final pay as punishment.

Relying Only on a Non-Compete Clause

A non-compete clause is not always the best weapon. Courts examine reasonableness. A narrow confidentiality or non-solicitation claim may be stronger than an overly broad claim that the former employee can never work in the industry.

Forgetting Data Privacy Duties

If client contracts contain personal data, the company may also be a victim and a regulated entity with obligations. The company must contain the incident, assess the risk, document its actions, and determine whether notification is required.

Deleting the Former Employee’s Email Too Soon

Deleting the mailbox may destroy evidence of forwarding, downloads, or client communications. Preserve first, then restrict access.

Accusing the New Employer Without Proof

The new employer may be liable if it knowingly induced breach of contract or used confidential information, but this requires evidence. A careless accusation may damage your own case.

Practical Documents to Prepare

Document Purpose
Incident report Summarizes what happened, when discovered, and immediate containment steps
Evidence folder Stores logs, screenshots, emails, contracts, affidavits, and device records
Contract review memo Identifies clauses breached by the former employee
Data breach assessment Determines whether NPC or client notification is required
Demand letter Requests return, deletion, non-use, preservation, and confirmation
Client communication script Prevents inconsistent statements by sales or account teams
Board or management authorization Useful if the company files a complaint or court case
Affidavits of IT, HR, sales, and affected account managers Supports complaints before prosecutor, court, or NPC

If evidence or affidavits are executed abroad, Philippine use may require notarization, consular processing, or apostille depending on the country and the document’s purpose. The DFA’s Authentication Division handles apostille-related authentication services for Philippine use. (Apostille Services)

Frequently Asked Questions

Can a former employee contact our clients after resignation?

Not automatically prohibited. A former employee may generally work and compete fairly. But they may not misuse confidential information, violate a valid non-solicitation clause, induce breach of existing contracts, misrepresent authority, or use company records taken without permission.

Is a client list a trade secret in the Philippines?

It can be, depending on the facts. A basic list of publicly available company names may not be strong. A curated database with decision-makers, pricing, contract renewal dates, buying history, discounts, complaints, and internal notes is more likely to be treated as confidential or undisclosed business information.

Can we file a criminal case immediately?

Possibly, but the facts must match the offense. Physical taking of company documents or devices may support theft or qualified theft. Unauthorized system access may support cybercrime. Disclosure of secrets may implicate Revised Penal Code provisions. Copying digital files alone requires careful legal analysis and strong technical evidence.

What if the employee only emailed contracts to their personal Gmail before resigning?

That can still be serious. It may breach confidentiality, return-of-property, IT, and data privacy policies. If the files contain personal information, conduct a Data Privacy Act assessment. If the email was sent to preserve work records innocently, the remedy may be return and deletion. If it was used to solicit clients or help a competitor, the case becomes stronger.

Can we demand that the new employer delete our files?

Yes, if there is a factual basis that the new employer received or used confidential company information. The letter should be factual and should demand preservation, non-use, deletion or return, and identification of recipients. Avoid defamatory statements unless supported by evidence.

Can we stop the former employee through a TRO?

A TRO or preliminary injunction may be possible when there is a clear legal right, an actual or threatened violation, and urgent need to prevent serious damage. This is usually considered when the former employee is actively using confidential contracts, poaching key clients, or disclosing sensitive information.

Should we notify all clients?

Not always. Notify affected clients when needed to prevent confusion, protect the contract relationship, or comply with data privacy obligations. Keep the notice narrow and professional. Avoid naming and shaming unless necessary and legally supported.

What if the employee is now abroad?

You can still preserve evidence in the Philippines, revoke access, notify affected clients, send formal demands, and pursue remedies where Philippine jurisdiction exists. RA 10175 also recognizes jurisdiction when elements occur in the Philippines, a Philippine computer system is used, or damage is caused to a person or entity in the Philippines. (Supreme Court E-Library) Documents executed abroad for Philippine proceedings may need proper authentication or apostille.

Can we deduct losses from the employee’s final pay?

Be cautious. Final pay has labor-law implications, and DOLE guidance generally expects release within 30 days from separation. If there are clear, documented accountabilities, handle them through the clearance process and written accounting rather than informal punishment. Large or disputed damages usually require proper legal proceedings.

What preventive steps should companies take before this happens?

Use clear confidentiality, return-of-property, non-solicitation, data privacy, and IT access policies. Limit access by role. Disable exports where possible. Keep CRM and cloud audit logs. Conduct exit interviews. Require written certification that company files were returned and deleted from personal devices and accounts.

Key Takeaways

  • A former employee may use general skill and experience, but not company contracts, confidential files, trade secrets, personal data, or unauthorized system access.
  • The strongest cases are built on specific evidence: logs, contracts, emails, file paths, client messages, and clear confidentiality obligations.
  • Philippine remedies may include demand letters, civil damages, injunction, criminal complaints, NPC proceedings, and cybercrime complaints.
  • Non-compete clauses are not automatically enforceable; reasonableness matters. Confidentiality and non-solicitation clauses are often more practical.
  • If client contracts contain personal data, treat the incident as a possible Data Privacy Act issue, not merely an HR problem.
  • Secure systems first, preserve evidence, communicate carefully, and avoid public accusations that can create separate liability.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.