Somebody Else's Problem?

What happens in your company when an employee leaves, taking customer or database information, copies of programs or code, or business critical information? Does management huddle, consulting you only when told to by its lawyers? Do you ignore the situation, or do you step forward confident in the value you can add?

These questions are becoming more important, as businesses strive to adapt to the evolving nature of employee competition.

Common Myths

When staff leave and take secret or confidential data, the most common mistake that businesses make is to let themselves be guided by assumptions and common (but incorrect) myths, such as:

  • garden leave alone is good enough
  • legally, you cannot do anything until business has been lost
  • clients will have to be involved
  • problems in tracing what employees have been up to 

As we will see below, all of these assumptions are incorrect and the business can easily lose out by believing them. The importance of the critical role that an IT function can play is usually underestimated, by both Information Officers and other senior executives.

IT investigations: Dad’s Army or CSI?

Although garden leave can be useful in the short term, it does not stop staff from using information they may have taken home undetected, or from making arrangements for programs to be duplicated and used abroad. Garden leave may keep people away from office-based information, but experience shows that anyone who is planning to leave will remove most of the information that they want, well in advance of their resignation. The key to an effective strategy is a swift and focussed investigation, which is increasingly technologically driven.

It is surprising how often businesses say that they cannot do anything until they have shown that they have lost business. This couldn’t be further from the truth: the Courts can grant injunctions as long as it can be shown that it is most likely that confidential data or business sensitive secrets have been removed.

Most businesses, even IT business, can be surprisingly unaware of what to do here. It is not so much that they don’t know what is possible (although non-IT management are often guilty of this), it is that there is not enough liaison between the business side and the technical side to properly identify what is being looked for, which leads to a lack of understanding of the urgency involved and too much delay.

There is a very good reason for finding evidence quickly and therefore being able to take action quickly. The Courts have to assess whether to grant an injunction by considering the “balance of convenience”. This means that they have to consider whether damages would be better than an injunction. Too much delay will increase the chances that it is too late for an injunction and increase the chances that the information can never be fully recovered.

Rising to the Challenge

There are now many ways to detect unauthorised calls, as well as uncovering (and reconstructing) email communications, to the extent that there are a number of businesses that concentrate on nothing else. Many employers have found critical evidence through these methods, revealing activity that they would never otherwise have believed was taking place. Needless to say, once you have this evidence, there is little that the departing staff can do to defend their position and deals are often struck without the need for any further legal action.

Although it is often customers that first provide a tip-off that suggests data has been removed, management are understandably afraid of involving customers. But it is exceptionally rare for any client involvement to really be necessary. There are a variety of ways of dealing with legal evidence, forensic evidence and customer relationships which should allow you to avoid any damage to the customer relationship. It can even be improved by the experience. A pro-active IT function that gets to grips with the investigation and delivers quickly can earn significant respect and gratitude from the rest of the business in these situations.

In a world where employees are increasingly sophisticated, more able to exploit technology and less loyal to their employers, the opportunities – and need – for IT functions to step forward and play their part have never been more obvious.

This article was first published in Computer Weekly, 2006