Prudent employers are often looking for areas in their business where valuable company data may not be adequately protected.
Enter the growing prevalence of third party online data storage for professional and personal use in the workplace, coupled with the increasing accessibility provided by employers to access company data remotely.
While the benefits of cloud computing are well documented, the growth of third party online data storage has facilitated the ability for rogue employees to take valuable trade secrets and other proprietary company files, in the matter of minutes, if not seconds.
There are have been several high profile cases in California recently addressing the alleged theft of company data by employees through the use of third party online data storage.
To address this technology and threat to companies, employers must be vigilant to ensure that they have robust agreements and policies with their employees as well as other sound trade secret protections, including employee training and IT security, to protect their valuable trade secrets and company data before they are compromised and stolen. This is particularly important in California because California law can provide limited protection for employers—compared to other jurisdictions—because of its general prohibition of non-compete agreements and growing trade secret preemption or supersession doctrine.
As we have previously discussed, one of the notorious employment laws separating California from other states is its long-standing and draconian prohibition of employee non-compete agreements. Additionally, some recent California decisions have significantly limited an employer’s ability to pursue certain claims and remedies based upon the theft of mere confidential or proprietary information by rogue employees. Employers may have limited recourse under California law if the stolen data does not rise to the level of a trade secret at least under a tort theory of recovery.
Further, a recent article in The Recorder entitled “Trade Secrets Spat Center on Cloud,” observed that the existence of cloud computing services within the workplace makes it “harder for companies to distinguish true data breaches from false alarms.”
Given these challenges, employers should implement policies and agreements to restrict or clarify the use of cloud computing services for storing and sharing company data by employees. Some employers may prefer to simply block all access to such cloud computing services and document the same in their policies and agreements. Also employers should provide education and training regarding the company’s policy regarding employee use of cloud storage services.
Additionally, certain key steps should also be taken to protect against the theft of trade secrets and confidential information by departing employees with this new threat in mind:
- Collect and preserve all company property issued to the departing employee (e.g. desktops, laptops, cell phones, iPads, notebooks, flash memory drives/devices).
- Consider having the electronic devices forensically imaged and analyzed by a competent computer forensic investigator.
- Confirm that no unauthorized information, file, document, or e-mail transfers have occurred.
- Review computer access and print logs to determine if there has been any unusual or unauthorized use.
- Review internet history to determine whether third party storage sites were used.
- Review employee’s work email to determine whether third party storages sites were registered for and used.
- Ensure ongoing access by the departing employee (remotely or otherwise) to information, documents, computer servers, offices, etc. is cut off.
- Ensure that the company has obtained all cloud computing and/or social media passwords and user information for company owned accounts and that passwords are subsequently changed.
- Provide the departing employee with any previously signed agreements pertaining to company property and confidential and trade secret information, including agreements/policies relating to cloud storage.
- Question employee during formal exit interview regarding the return of company property and any use of online data storage.
- To the extent that employee acknowledges online data storage, make arrangements with the employee to have the information returned or otherwise disposed of.
- Request that the departing employee sign a statement acknowledging continuing obligations in signed agreements as well as an acknowledgement that employee has returned all company property, including all electronic files.
A carefully thought out plan to trade secret protection, including third party online data storage issues, while taking into account business needs and realities, can help employers protect their valuable trade secrets and company data before they are compromised and stolen and help avoid costly litigation down the road.