Electronic Policies
Philadelphia PA Employment Law Attorneys
How Employers Can Protect Themselves From the Theft of Electronically Stored Confidential Information and Data by Departing Employees
Due to advances in technology, employers need to recognize the need to protect themselves from the theft of electronically stored confidential information and data from departing employees. In a recent survey of employees the Wall Street Journal reported that fifty (50%) percent of departing employees took confidential information when they left their employment. The use of thumb drives, emails and other electronic transfer and storage devices have made it easier than ever for employees to leave their employment with the confidential information of their employer without detection. A large amount of data theft by departing employees is unreported and undetected. Accordingly, there is an increasing need for employers to take precautionary measures to protect themselves against any such theft and to know what steps to take in the event of theft by a former employee.
Before an employer can take any steps to protect themselves from data theft, it is important the employer has a comprehensive understanding of how its information is electronically stored and how it can be accessed and transferred by employees.
I.Prevention and Precautionary Measures
First, it is necessary that an employer have clear policies defining confidential information and data as company property. Furthermore, the employer’s policies should expressly prohibit the removal of any confidential information or company data by an employee departing employment. These types of policies typically will define and identify what is considered confidential information and set forth any limitations to an employee’s ability to access and retain any confidential information.
These policies and procedures should be applied consistently by an employer to all employees and should expressly state that an employee has no reasonable expectation of privacy over information and communications from company computers and accounts. It is important to include this clause in employment agreements or employee handbooks so an employee cannot later argue that emails sent from his or her work computer on his or her personal computer, which could contain confidential information, should be subject a reasonable expectation of privacy from monitoring by the employer. To more easily enforce these policies if necessary, an employer should have all employees sign an acknowledgement that they have received, reviewed and understand the policies and how they will be enforced. Once the proper policies are established an employer should be sure to educate its employees on all of the policies and use periodic reminders to keep employees informed of the policy.
Additionally, it is prudent for an employer to draft agreements to be executed by its employees to protect the employer’s confidential information and trade secrets. These provisions can appear in employment agreements, severance agreement, or a stand-alone confidentiality or non-disclosure agreement. These types of agreements can limit the employee’s ability to obtain and disclose confidential information and should be reviewed by an employer’s legal counsel. Any provisions dealing with confidential information should clearly define and identify what information the employer deems confidential or a trade secret. The agreement must also prohibit the disclosure of any such information for non-company uses and the consequences and procedure for a violation of any confidentiality/non-disclosure provision.
Another way an employer can take precautionary measures to protect itself is to limit an employee’s access to confidential information and data through a secure network with passwords in place, or have an employee access data in a manner where it could not be easily misappropriated by downloading or printing. Furthermore, an employer can have programs in place to track when data is accessed so an employer can more easily determine if its confidential information has been compromised. Employer may also want to consider redistricting an employee’s access to personal email and drop box accounts that would easily allow the employee to transfer the employer’s electronic data to the employee’s personal accounts.
Lastly, once an employer is aware an employee is departing, an exit interview is a good opportunity for an employer to reinforce its policies and remind the employee of his or her obligation to return all of the employer’s confidential information and data prior to the termination of his or her employment.
II.Pennsylvania Uniform Trade Secrets Act
The Pennsylvania Legislature has adopted the Uniform Trade Secrets Act (“UTSA”), 12 Pa.C.S. §§ 5304-5308, which can provide protection to employers from former employees misappropriating confidential information for their own personal use. The UTSA defines trade secrets as follows:
Information, including a formula, drawing, pattern, compilation including a customer list, program, device, method, technique or process that:
- Derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use.
- Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. According to the UTSA a company should be taking reasonable steps to prevent disclosure of any its trade secrets if it seeks to protect those trade secrets under the UTSA. Pursuant to the UTSA, the Court can enjoin a party from committing an actual or threatened misappropriation of a company’s trade secrets. This type of injunctive relief will last until the trade secret has ceased to exist or for a reasonable time as determined by the Court to be necessary to eliminate the commercial advantage that a misappropriation of the trade secret could create. The Court may also award monetary damages, exemplary damages, and award attorney fees in considering claims made under the UTSA.
III. Civil Remedies
Once it has been established that a data theft occurred an employer may want to bring a lawsuit against the offending employee. A civil suit may help compensate the employer for any injuries it suffered as a result of the misappropriation of information from a departing employee. Typically, there are two main categories of civil suits, contracts and torts.
A. Contracts
A contractual claim exists for employers who had entered into a contract or agreement with their former employees protecting the use of the employer’s information and data. As discussed above, employers must take the necessary precautions when drafting these agreements to make sure its confidential information is protected and that these agreements are enforceable. Furthermore, these agreements can contain provisions dictating what state’s law will apply to violations of the contract, select the court with jurisdiction over the contract, and provide that if the employer is successful on its claims for breach of contract that it is awarded attorney’s fees.
B.Torts
An employer may be able to assert tort claims based on an employee’s removal of confidential information, however, if the information qualifies as a trade secret under the UTSA, then the UTSA displaces any conflicting tort claim. Tort claims that an employer may consider bringing against a former employee can include conversion, fraud, intentional interference with business relations, and, breach of a fiduciary duty, if the employee was a higher level employee that had a fiduciary relationship with the employer.
If you are an employer, seeking to draft policies, procedures or agreements to adequately protect your confidential information, trade secrets and data from departing employees or suspect that a misappropriation has occurred, please contact Pozzuolo Rodden Pozzuolo, P.C. to meet with one of our experienced Philadelphia PA Employment Law Attorneys for further assistance with electronic policies.