Your valuable sales employee abruptly departs and begins working at your direct competitor. Soon, some of your customers follow the departed employee and other customers cancel meetings you have scheduled with them. Now you are suspicious, so you scrutinize your former employee’s computer activity and discover that just prior to his departure, he emailed to himself or downloaded valuable customer information and other data. Can you get an immediate injunction stopping your former employee’s conduct?
In one recent Massachusetts case involving this scenario, the answer — perhaps surprisingly — was no, due to the fact that the departed individuals convinced the judge that they regularly accessed and downloaded information remotely as part of their jobs. The case, Mazonson, Inc. v. Greenbaum, involved a sales employee and a independent contractor who departed for Mazonson’s direct competitor. To support its request for immediate injunctive relief, Mazonson offered evidence that the individuals collected and either emailed to themselves or downloaded from Mazonson’s computer system confidential customer and business planning information. Superior Court Judge Thomas Murtagh’s denied the requested injunction based on the issue of remote access: he found that it was not unusual for employees of Mazonson to work from home, and it was not unusual for employees to email information to their homes and to download information from the employer’s database to a USB device. In the end, Judge Murtagh found that the plaintiff could not establish that possession of the material at issue was “anything other than an acceptable practice to possess the material for work away from the office.” He concluded that at least at the preliminary injunction stage, Mazonson’s concerns amounted to mere “suspicion.”
What lessons can be drawn from this case? From the perspective of a former employer seeking to protect against theft of electronic information, the decision highlights the careful attention companies need to give to employees who work from home and who are permitted to remotely access and download information from company computer systems. Care should be taken to craft policies spelling out precisely what kinds of remote computer activities are and are not permitted so that companies can successfully argue, if and when the time comes, that their employees have engaged in improper activities involving the company’s electronic information.