In our e-update entitled "Subject access procedures should not be made redundant" we commented on the rise of subject access requests being made by disgruntled employees and ex-employees as a result of an increase in employee/employer disputes in the current economic climate. It comes as no surprise that an IT survey carried out by "Cyber-Ark", finds "Insider Snooping on the Rise".
Cyber-Ark carried out an initial survey in June 2008 and found that more than a third of the IT employees of those companies surveyed were "snooping around the network, looking at highly confidential information, such as salary details, M & A plans, people's personal emails, board meeting minutes and other personal information." The snooping being carried out was by using their access to administrative passwords to review materials which they ordinarily had no right to view or no need to view under their current terms and conditions of employment.
One year on, Cyber-Ark have reported an increase in such activities following its "global survey of more than 400 senior IT professionals both in the US and the UK". In particular the survey highlighted the types of information dismissed employees were most likely to take with them. Not surprisingly, 47% of the respondents indicated they would take the customer database. Databases can be, and often are, extremely valuable commercial assets having required considerable investment and the loss of such could be considerable.
The Copyright and Rights in Databases Regulations 1997 (the "Regulations") protects the owner of the database and gives the owner the ability to prevent the unauthorised extraction and/or reutilisation of all or a substantial part of the contents of that database.
A company's client database can often be the key to its success and provide it with the edge over competitors. IT policies need to be enforced and monitored actively. Reviewing who has access to what critical parts of the business - and why they have such access - should regularly be reviewed. If, however, such steps fail, protection under the Regulations may still be available.