Theft of Critical Information by Insiders

Protecting business critical information involves identifying which information is critical; designating it as confidential; establishing practices, procedures, and policies to maintain confidentiality; and being prepared to address breaches. Each step implicates several areas of the law, including data security, privacy, intellectual property, white collar crime, employment, employee benefits and executive compensation, corporate and securities, insurance coverage and crisis management.

A comprehensive plan to protect business critical information includes three related components: preventing theft, planning how to respond should it occur, and reducing risk of being accused of theft by others after an insider allegedly has brought information from a competitor or former employer. This article presents actions and programs to initiate under each of those headings. Regarding the problem of unwittingly coming into possession of another company’s confidential information, the author notes that new hires often do not understand what information is confidential. Upon hire, new employees could be asked to acknowledge that they have not and will not bring in any trade secrets from another company.

Still, probing may be necessary to determine whether the individual has in electronic form, possibly at home, a former employer’s information. If a former employer’s information is uploaded onto a new employer’s systems or otherwise shared, the question of how to remedy the problem, whether and how to inform the prior employer, and how to return the information, need to be carefully considered.

Read the full article.