Much attention has been focused in recent months on the threat to U.S. businesses posed by so-called “cyber-espionage”: attacks on IT systems and thefts of confidential information from foreign governments and criminal/terrorist organizations. Certainly, these threats are growing. However, employers should not lose sight of the disheartening fact that the most significant threat to a company’s confidential information continues to be its own employees. This point was brought home by the results of a survey issued several weeks ago by Symantec, a provider of security software. The results should strike fear in the hearts of employers nationwide. The headline is that half of employees who left or lost their jobs in the last 12 months kept confidential corporate data, and 40% of employees plan to use that data in their new jobs. The survey pointed to a fundamental disconnect between employees’ attitudes and the policies and agreements that most companies take great pains to put in place to protect their confidential information. The most troubling findings from the survey included the following:
- Only 40% of employees say that their organization takes action when employees take sensitive information contrary to company policy.
- 62% reported that it is acceptable to transfer work documents to personal computers, tablets, smartphones or online file sharing applications. The majority never delete the data because they do not see any harm in keeping it.
- 56% of survey participants do not believe it is a crime to use a competitor’s trade secret information.
- 44% believe a software developer who develops source code has some ownership in his or her work and inventions and 42% do not think it’s wrong to reuse the source code.
- 51% of employees think it is acceptable to take corporate data because their company does not strictly enforce policies.
These survey results will not be a surprise to practitioners in the areas of trade secrets and noncompete litigation. While the frequency of outside incursions is growing and these events receive much publicity, the typical trade secret misappropriation case – whether civil or criminal – still involves a former employee who has taken company information to a new employer and used or disclosed it in his new job. Such evidence often is at the heart of cases involving enforcement of noncompetition agreements as well. The continued prevalence of this phenomenon – hastened by technology and the blurring of lines between what is “work” and what is “personal” –underscores that employers need to maintain constant vigilance in protecting their information. This means having in place coherent agreements, policies and practices that not only articulate the basic rules but heighten employee awareness at all stages of the employment relationship to the importance of those rules.