by John Vering
A recent national survey found that 59 percent of employees who quit or were laid off or terminated in the last 12 months admitted to stealing company data, and 67 percent admitted to using their former employer’s confidential data to find a new job. Read on to learn what you can do to reduce the risk of your trade secrets and confidential information walking out the door.
HR Guide to Employment Law: A practical compliance reference manual covering 14 topics, including discrimination and issues related to reductions in force
The survey, sponsored by Symantec (a global leader in providing data security, storage, and systems management), included employees working in corporate information technology, finance and accounting, sales, marketing and communication, and HR. The study found that 53 percent of employees stole data by downloading it to a CD or DVD. Forty-two percent stole data by connecting a thumb drive to a computer, and 38 percent transferred data to a personal e-mail account. Numerous employees also took hard copies of confidential documents. The most commonly stolen types of information were e-mail lists, employee records, and customer information.
Amazingly, 24 percent of workers surveyed indicated that they still had access to the company’s computer network after leaving the company. Of that group, 20 percent still had network access more than a week after their employment ended. Employees taking confidential information offered various excuses, including “everyone else does,” “the information may be helpful in the future,” and “the company can’t trace the information back to me.” Eighty-two percent of those employees reported that their employers didn’t perform an audit or review of paper or electronic documents before the termination.
What can I do about it?
There are a number of measures you can take to reduce the risk that your valuable trade secrets and confidential information don’t walk out the door. Specifically, you should consider:
- adopting a comprehensive policy to protect key business and technical information;
- marking confidential documents “confidential”;
- making sure electronic data is appropriately protected with locks, passwords, or other restrictions that limit access only to employees with a need to access it;
- adopting policies requiring the return of all company documents and electronic data when requested and at termination;
- requiring employees and contractors to sign nondisclosure agreements (doing so may allow your company’s attorneys to seek the return of stolen data, a court injunction barring future disclosures, and recovery of your attorneys’ fees);
- conducting periodic training to remind employees of their obligations; and
- identifying and protecting key technical information with patents.
If you suspect a problem, immediately engage the services of legal counsel to inspect records, laptops, and computer systems so the information may be preserved and your legal rights won’t be jeopardized.
Audit your company’s Internet and e-mail policies with the Employment Practices Self-Audit Workbook
Exit interviews are key
Another simple step that can reduce the likelihood of losing sensitive company data and documents is to conduct exit interviews. As part of the interview process, conduct an audit to determine, as best you can, if the employee has returned all company property, including documents, electronic data, computers, and personal digital assistants (PDAs). During the exit interview, remind the employee of his nondisclosure, nonsolicitation, and noncompete obligations. You should also consider giving him a copy of the nondisclosure, nonsolicitation, and noncompete agreements he signed.
Consider obtaining from the employee a written statement certifying that he has returned all company documents, property, and data and deleted all e-mail and data files containing confidential company information located on any personal computers, PDAs, or other computing devices owned by the employee. You may also want to remind him of federal and state computer tampering laws, including the federal Computer Fraud and Abuse Act. Computer tampering laws typically impose criminal and civil penalties for exceeding authorized access to a computer or for obtaining or altering information that the employee is not authorized to obtain or alter.
Consider advising departing employees that in addition to federal laws, Some states have criminal and civil laws prohibiting tampering with computers or computer data. Generally, computer access should be terminated no later than the day and time the employee is discharged.
Every departing employee with access to confidential information or a signed noncompete or nonsolicitation agreement should be asked whom he plans to work for after leaving your company. If he is leaving voluntarily (but not retiring) and gives you vague or suspicious answers (e.g., “I want to spend more time with my family” or “I don’t know what I will do”), proceed cautiously. These are red flags, and you should take special steps to be on your guard for data or document theft. In these tough economic times, it’s rare for an employee to quit a good-paying job unless he already has something else lined up.
Consider noncompete and nonsolicitation agreements
While they’re not appropriate for all employees, you should consider nonsolicitation and noncompete agreements for sales employees who have (1) an opportunity to develop close relationships with your customers or (2) access to your trade secrets. These agreements can often prevent departing employees from soliciting your customers or competing with you in a reasonable geographic area for a reasonable period of time.
If the employee is unable to use your confidential and trade secret information because he isn’t able to work for a competitor, he may be less inclined to steal it. Consider requiring the employee to submit the name and address of all new employers during the period covered in the agreement. Also consider an agreement prohibiting former employees from recruiting your employees to work for a new employer or to quit your company.
Confidential data, trade secret audits
Consider retaining counsel that frequently handles and renders advice on trade secret and noncompete matters to conduct a comprehensive audit of your policies and practices. Doing so can prevent the theft of trade secrets and confidential information and the loss of valuable customer relationships. The audit will likely reveal numerous additional steps you can take to protect your company’s most valuable assets. Remember, if you fail to take reasonable steps to protect your trade secrets and confidential information, a court may be unwilling to help you protect the data.
In these difficult times, when every company is fighting to maintain market share and existing customer relationships, you can ill afford to have your trade secrets, customer contacts, and other confidential information walk out the door. By taking the steps outlined in this article, you can at least reduce the risks.