Sign In
  • InsideTrack
  • February 18, 2009

    Catch me if you can: Preventing and dealing with an employee's theft of electronically stored information

    Nicole J. Druckrey

    Nicole DruckreyThis article is published courtesy of the February 2009 edition of Business Law News, published by the State Bar Business Law Section.

    Feb. 18, 2009 – It is the electronic age, and our clients rely more and more upon computers and electronic-storage devices to house their company’s most valuable assets, including marketing plans, engineering designs, business strategies, customer information, and research. Increasingly, I find myself helping businesses who suspect or have discovered that a departing employee has downloaded, copied, or emailed themselves the company’s most valuable information in the hopes of embarking upon a promising new career with a competitor.

    Proving such cases can be challenging and expensive, often requiring the assistance of a computer forensic expert. However, there are a number of preventive measures our clients can take to avoid such situations altogether. This article attempts to identify for you those preventive measures and provide you with advice and guidance on what to do when a client suspects that an employee has taken their most valuable information.

    Preventive Measures

    Employee theftThere are a number of steps businesses can take to reduce their risk that an employee will steal their confidential information. Some of these steps may seem obvious to us as attorneys, but it is amazing the number of businesses that do not take these simple precautions.

    • Use Confidentiality and Non-Compete Agreements: Employees who have access to their employer’s trade secrets should be required to execute a confidentiality agreement and/or a non-compete agreement. State laws governing these agreements vary widely. However, even states like California and Colorado – which generally void all non-compete agreements – create exceptions when the purpose of the agreement is to protect a business’s trade secrets. See e.g. Winston Research Corp. v. 3M, 350 F.2d 134, 144-46 (9th Cir. 1965); Bd. of Trustees v. Roche Molecular Systems, Inc., 487 F. Supp. 2d 1099, 1115 (N.D. Cal. 2007); Colo. Rev. Stat. § 8-2-113. Employers should also be encouraged to regularly review these agreements to make sure that they conform to the most current law on the subject, since courts frequently issue opinions in this area.

    • Confidentiality Policy: Similarly, businesses should include a confidentiality policy in their employee handbooks.

    • Implement an Internet and E-Mail Usage Policy: Businesses should implement a policy making clear that they may monitor an employee's use of the internet and email when the employee is at work or using a computer or internet access provided by the business. This will allow the business to monitor an employee’s internet and email usage should it ever suspect the employee of inappropriately accessing its trade secrets.

    • Identify and Protect Trade the Business’s Secrets: All too often, businesses do not bother to identify their trade secrets or take the simplest steps to protect them. They may even assume that an employee knows what information the business considers confidential. This is not the case. A business should take steps to both identify the information it considers confidential and protect it by: (1) marking it confidential; (2) verbally advising its employees that the information is confidential whenever distributing the information; and (3) restricting access to the information with locks and passwords.

    • Advise Employees: Sometimes a departing employee taking with them their employer’s most important information truly did not intend to do anything sinister with the information. Rather, they just wanted to use the information to make themselves appear knowledgeable to their new employer. Such behavior still threatens the business and should be taken seriously. A business can decrease the likelihood of such an event by advising and emphasizing to employees that they may not take any company information or documents (electronically-stored or otherwise) with them upon departure, whether it seems harmless or not. The business should further warn its employees that the company will pursue both civil and criminal remedies in such an event so that the employee understands the severity of the situation.

    • Monitor Suspicious Activity: If an employee is suspected of wrong-doing, encourage the business to take advantage of its internet and email usage policy to monitor the employee's email and internet use.

    Risk Reduction Upon Separation

    When an employee with access to a business’s trade secrets resigns, there are a number of steps the business can take to reduce the likelihood that the employee will take any electronically-stored information.

    • Thorough Interview: When an employee resigns, the business should conduct a thorough interview. It should ask the employee about their new employer and their new position. It should inquire into the products the employee will be working with and the territories that the employee will be serving.

    • Remind the Employee About Their Obligations: The business should provide the departing employee with a copy of their confidentiality or non-compete agreement and remind them of their obligations under it.

    • Return Property and Verify in Writing: The business should ask the employee to return all company property and information including: laptops, jump drives, disks, documents, and electronically-stored information. The company should specifically ask the employee if they have any company information saved on a disk or stored electronically. The company should ask the employee to verify in writing that they have returned all company property.

    When to be Suspicious

    Your suspicion that an employee has taken or may be a stronger-than-average candidate for taking your client's confidential information should be raised in any of the following situations:

    1. the employee refused to advise your client of the identity of their new employer or the details of their new position;

    2. the employee refused or avoided signing an acknowledgment that they have returned all company property;

    3. shortly before resigning, the employee sought access to confidential information to which they had not before been privy;

    4. the employee had a high level of access to confidential information and is not leaving the business on good terms; or

    5. the employee had a high-level of access to confidential information and they are going to a competitor.

    Obviously, this list should not be considered an exhaustive list of suspicious activity, and there are a number of circumstances where your client’s suspicions may be raised.

    What to do When Suspicious

    If you or your client suspect that a departing employee has taken the client's confidential information, here are some precautionary steps your client should consider taking:

    • Let the Employee Go Immediately: The client should make the employee’s resignation effectively immediately. The client should also escort the employee back to their desk and out the door.

    • Handling of Their Computer: The client should get the employee’s company-issued laptop or hard-drive to a computer-forensic expert. The business should not hand over the laptop to its information technology department for analysis (or to your firm's information technology department for analysis). Information technology personnel can (and will) inadvertently destroy key information.

    • Chain of Custody: When handling the employee's company-issued computer, hard-drive, or other storage device, keep a log of the persons who have had contact with it and obtain affidavits from them now. This will assist you in later establishing its chain of custody should it become evidence.

    • Seek Confirmation: Encourage your client to send (or have you send) a letter asking the employee for confirmation that: (1) he or she intends to abide by the terms and conditions of any non-compete or confidentiality agreement; and (2) he or she did not take any of your client's information with them upon their departure. If the employee does not respond, send a second letter and copy their new employer.

    Legal Theories and Remedies

    In the event your client's confidential information or trade secrets have been stolen by a departing employee, you will likely want to immediately seek a temporary restraining order (TRO) or a temporary injunction prohibiting the employee from working for a competitor. When doing so, it is wise to also seek expedited discovery, including the production of any laptop, personal computer, hard-drive, or electronic-storage device in the employee’s possession or control. Requests for admission can be helpful here too. Employees often refuse to acknowledge any wrong-doing at first. If they deny a request for admission asking them to admit that they took company property early on, this can be an avenue to recover significant attorney and expert fees down the road if you later prove them wrong. See, for example, Fed. R. Civ. Pro. 37(c)(2).

    Finally, in crafting your complaint, look beyond the obvious breach of non-compete and misappropriation of trade secrets causes of action and consider claims for:

    • breach of confidentiality agreement/policy;
    • breach of duty of loyalty;
    • a cause of action under a state computer fraud statute (can be an avenue to recover attorney fees);
    • conversion;
    • private cause of action for violation of a criminal statute (computer fraud, theft, etc.);
    • tortious interference with contract or prospective business advantage;
    • unfair competition;
    • unjust enrichment; and
    • business conspiracy.

    Advising your client as to these preventive measures and steps to take upon learning of suspicious activity should put them in the best position possible come litigation.

    Nicole J. Druckrey practices in Milwaukee, Wisconsin at the firm of Quarles & Brady LLP. Ms. Druckrey devotes much of her practice to assisting employers in the prevention of unlawful competition and the misappropriation of trade secrets by former employees. She is licensed in both Minnesota and Wisconsin. Ms. Druckrey thanks Jeffrey O. Davis for his invaluable contributions to this article.

    This article is published courtesy of the February 2009 edition of Business Law News, published by the State Bar Business Law Section. The State Bar offers its members the opportunity to network with other lawyers who share a common interest through its 26 sections. Section membership includes access to newsletters, email lists to facilitate information sharing, and other resources.

    Nicole J. Druckrey is with Quarles & Brady LLP.


Join the conversation! Log in to comment.

News & Pubs Search

-
Format: MM/DD/YYYY