Trade Secret Theft on the Cloud: Concerns For Both Employers and Employees

Max Taves authored an article posted by Law Technology News  entitled "Trade Secret Spats Center on Cloud."  The article highlights the increasing difficulty employers face when trying to avoid theft of confidential information when employees have access to third party storage providers such as DropBox, Googe Docs, SugarSync, and SkyDrive.  Third party data storage providers enable users to either locally sync or upload documents at work which can be accessed from another computer.  I have posted on tips for employers to reduce the risk of this kind of theft. Essentially, to mitigate risks and have evidence of theft, businesses need a robust and frequently updated fraud management plan.  

What I also found blogworthy in this article was how use of cloud based document storage posses a risk for employees as well.  One attorney in a high profile case pointed out that an employee’s use of DropBox, or similar provider, could generate the appearance that the employee may have stolen data even if they did not intend to do so.  I have seen this happen several times and it can be a big problem.

An employee may use DropBox to store personal information (family photos, resume, etc) but also mix in company documents to work from home.  The employee may leave for another job and forget that he or she still has documents from the former employer.  The employee could end up in a lawsuit because the employer may believe documents were stolen by use of DropBox.  Having already used DropBox at work, it may be even more problematic to show evidence of returning such documents or deleting them.  

The take away here is that use of cloud storage creates a risk for both employers and employees when it comes to confidential information.  While employers should develop a fraud management plan, employees would be well advised to have clear permission to use cloud storage providers. To avoid or reduce the risk of a lawsuit, employees should also seek to address cloud storage as part of an exit strategy.  Even if an employee has no desire to use confidential information after leaving, ignoring the issue is a big risk that may create the wrong impression. 

Confidential Information and the Departing Employee

I recently ran a seminar for the Human Resources Association of Central CT on "Effectively Managing Your Departing Employees."  The issues concerned  how attorneys can help to eliminate, prevent, or mitigate the risks of intellectual property theft.  In this post, I will define the basics of the problem.  In the next post, I will cover how to address the problem.  

  • Employees will Leave (Millennials average job tenure is 2.5 years)
  • Employees will be disgruntled (Wall Street Journal: 75% of departing employees are disgruntled)
  • Employees will have access to electronically stored data (UC Berkeley study shows 90% of critical business data is digital)
  • Digital is portable, easy to copy, saved in seconds, and transferred to multiple locations
  • Employees do take confidential information, even if by mistake. (Ponemon Institute says 59% of departing employees take information, and 90% of IT professionals)

Based on the these numbers, you could fairly argue that in a three year time frame an average business will likely have to deal with an unhappy, departing employee that will copy accessible confidential information.   This paints a pretty grim picture.  Nevertheless, it is a fair way to think about the problem to manage risks appropriately. 

One of the biggest risks is financial loss from theft of intellectual property and confidential information.  This might cover any of the following:

  • Trade secrets (confidential client lists, formulas, data)
  • Patents (fully or partially disclosed inventions)
  • Copyrights (original works such as software code)
  • Trademarks (counterfeit goods, brand damage) 
  • Proprietary information (anything you do not want in hands of a competitor)

How does employee or insider theft typically happen?  Here are a few examples:

  • Email (with or without attachments)
  • Portable drives (thumb or flash drives)
  • Smartphone 
  • File Transfers (FTP sites)
  • Remote access programs (GoToMyPC)
  • File Synching programs (Dropbox)
  • Old fashion printing and copying

In the next post, I will cover what you can do to help stop or reduce the risks of intellectual property theft.