By Mark Fijman
In the mid-18th century, an owner of a merchant vessel on the high seas would clearly know when his ship came under pirate attack. In the modern workplace, the theft of an employer’s treasure, i.e. trade secrets and customer data, is much less obvious but just as devastating. This type of piracy is most likely to be carried out by a trusted and supposedly honest employee, usually for the benefit of a business competitor or to assist the employee in setting up his own competing business.
It is a type of employee theft that is increasingly common in Mississippi and nationwide. According to a 2013 survey conducted by computer security software company Symantec, more than half of departing employees retained confidential information belonging to their former employer. An alarming 40 percent planned to use such misappropriated trade secrets in their new jobs. Trade secret theft costs American business billions of dollars each year and companies such as Intel and General Motors are among those who have recently sustained serious losses at the hands of former employees. However, businesses of any size can fall victim to such misappropriation.
While there is no sure-fire protection from the rare dishonest employee, employers should have some basic policies in place to prevent, or at least deter any would-be workplace pirates. One of the easiest ways to prevent employees from stealing your company’s confidential information is to simply have them contractually agree in advance not to do it. If properly drafted and implemented, restrictive covenants such as noncompetition or nondisclosure agreements are enforceable in Mississippi and allow an employer to assert a breach of contract claim and other remedies against a noncompliant former employee.
In a recent survey, 92 percent of the responding companies reported that they had employees using their personal devices for work. However only 44 percent of those organizations had “bring your own device” or “BYOD” policies that regulated the use of personal devices in the workplace.
There is nothing inherently wrong with the increasingly common practice of allowing employees to use their personal devices, but without a policy in place, employers are opening the door to trade secret misappropriation.
While a BYOD policy should be individually tailored to the type of business, some common features include requiring that all devices be pre-approved, that the employee agree in writing to all security and acceptable business use provisions, including specific prohibitions against copying and forwarding of confidential information. A good BYOD policy also should include a written agreement, signed by the employee, stating that the company’s IT department will be allowed to inspect and delete all confidential information from the device when the employee leaves the company.
Unfortunately for many employers, such policies are implemented only after the employer has been victimized. The most immediate step to prevent any further losses is by “locking the digital door”, i.e. terminating any remote access privileges or user credentials the former employee might have to the company’s computer network. Employers should confer with legal counsel and retained computer forensic specialists to assess the extent of the theft and determine what legal options are available.
While it is tempting for a company to rely on its in-house IT personnel to look for evidence of computer piracy, it is always advisable to have an outside expert do the job. They typically have the specialized training and software to analyze the data without altering the contents or operating parameters of the devices and drives in question. This preserves the evidence for any litigation.
Depending on the individual circumstances, legal options can include injunctive relief, such as a temporary restraining order or bringing an action under the Mississippi Uniform Trade Secrets Act or the federal Computer Fraud and Abuse Act. If the dishonest employee is sufficiently highly placed in the company, a cause of action for breach of fiduciary duty also may exist. Other possible claims might include breach of contract, tortious interference and civil conspiracy. A cause of action also might exist against a former employee’s new employer if the stolen trade secrets are being utilized for the benefit of the other company.
» Mark Fijman is a labor and employment attorney in the Jackson office of Phelps Dunbar, LLP. He can be reached at email@example.com or 601-360-9716