Legal question: Dispute with client

They won't listen to him because he's been too tight to call in a solicitor.

If he had done that from the beginning when the umbrella tried to wash their hands off him he wouldn't be in this mess.

Been on the other side of this

I have a sideline of expert witnessing and have seen this issues around people retaining "stuff" as they move from one firm to another. This gets gothic as the head of security at one bank asked me "who is playing you in the movie of this ?".

It is also more expensive than you can possibly imagine, the grief is astonishing, as are the politics.

I have to say up front that I'm not a lawyer, not even slightly, if you think legal advice from a some pimp on the Interweb is kosher then good luck to you but...

Do not get egos involved in this, he is no more a solicitor than I am, the difference is that unlike Mr. Sinclair, I was not kicked out.

The forensics on your ex-PC are questionable, I'd bet good money that non-forensics people have used/touched it since. That puts a small hole in anything they say. Forensics are usually not that expensive, they can be of course, but I suspect this is all part of some attempt to intimidate you, I can't yet see why.

Damages are rarely punitive in English courts, they must prove harm (on the balance of probabilities) and the role of the courts is to get them back to about the same place they were before you did the bad thing, not to punish you.

This of course begs the question of whether you did a bad thing, this is currently unclear to me.

As NLUK says, the client behaviour is so odd as to strike me as unlikely, certainly as described it may well fall under the Computer Misuse Act, which is criminal.
Having worked with forensics people, I'd be mildly surprised if they accessed his DropBox or any other cloud service, this is at best legally questionable and could get them into a bad place. The odds are that the client did the access which can leave the individual concerned in deep piss.

He does need to speak to a solicitor, my view is that once they see he's properly advised and represented by means of stiff letter of rebuttal, there's >50/50 they will just go away.

Contrary to popular belief, very nearly every piece of data in any firm is of little value to a 3rd party, a good % isn't even valuable to them, so there has to be a strong motivation since even if they "win" it will still cost them money and time.
One of the first questions a good lawyer will ask if you are thinking of suing someone is "can they pay", which is questionable in this case.

If this is as the OP says then there is something going on that he hasn't told us and maybe doesn't even know.

Option 1 is internal politics, someone senior has got upset, then spent serious money on forensics and to admit that the OP didn't do anything wrong would make him look stupid.

Option 2 is the OP has done something he shouldn't or gave the impression he has.

Option 3 is that something bad has happened elsewhere in the client and this is a symptom.

You are an employee of your umbrella company and they have signed a business to business contract with the agency. In this instance, the liability for any costs rests with the umbrella company as they have signed the contract containing the confidentiality clauses and therefore have legal responsibility; this should be covered by the professional indemnity insurance that they have in place covering their employees. I would imagine that the umbrella company will also have a clause in the employment contract that they have with you which will cover professional misconduct and I would imagine that they will terminate your employment with them.

My advice would be to pass this back to your umbrella company and let them deal with it.

That wouldn't help remove the copy which is already on the PC.

He was off sick and then terminated - at what point would you do the uninstall?

He should have changed his password, but if the PC was taken away for analysis, it wouldn't necessarily have been connected to the web, and a password changed wouldn't have stop a PC admin getting access to the local Dropbox folder.

Sounds like he synced his entire Dropbox instead of just one folder for that clients docs.

But again, OP, you asked your manager. He said it was ok. Have you got this in writing/email?

OP needs legal advice, but IMO he should pursue the client if they really have been going through his personal Dropbox and contacting his other clients. To me, that is far more damaging to OP than his actions have been to his client (assuming that none of the data he stored on his Dropbox has been compromised).

He may (or may not) have contravened the client's security policy, but not only are the client's actions potentially criminal, they may have damaged OPs relationship with his other clients. He may have a better case for damages against the client than the client do against him.