Recent Study Reveals Troubling Amount of Employee Misuse and Theft of Company Data

DataSecurityIII.jpgA recent study by independent data privacy research firm Ponemon Institute of 3,317 individuals in six industrialized countries found that employees are moving intellectual property, including trade secrets, outside their companies in all directions. 

Over half of those surveyed admitted they had emailed business documents to their personal email accounts; 41% said they do this at least once a week. The same percentage of respondents confessed they downloaded company IP to personally-owned tablets or smartphones. A majority of those surveyed did not believe this was “wrong.” The most common justification for data misuse was that “it’s not hurting the company.” 59% of U.S. survey respondents believed it would be fine for a software developer to re-use source code he created for a prior employer, even without permission (a higher percentage than in the U.K., France, China, or South Korea). Furthermore, 37% of the employees polled reported they use file-sharing apps (such as Google Docs™ or Dropbox™) in the cloud, without permission from their employers. The majority of survey respondents admitted they did not take any steps to delete the data after transferring it. Thus, when employees leave, they may retain confidential information, without malice or even forethought. Half of the survey respondents admit they left employment with portions of their former employer’s confidential information, and 40% say they will use it in their new jobs.

This survey exposes several possible risks for employers, including: (a) as companies lose employees, they may also be losing trade secrets to competitors; and (b) as they hire employees, they may be unwittingly receiving the benefit of unfairly retained trade secrets. 51% of the employees polled reported: “My company doesn’t strictly enforce its policies.” 

Employers can take several steps to attempt to reduce these risks. One way to minimize the risk of losing proprietary information to former employees is to implement—and enforce—formal training policies for management and employees surrounding data security and privacy. Employers should also consider establishing procedures to monitor and regulate employee access privileges. Likewise, having employees sign well-drafted non-disclosure agreements during employment should help employers combat the loss of company data (including trade secrets) after employees depart.

Photo credit: dra_schwartz

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.