Originally published in the International Law Quarterly.
Global companies must safeguard confidential, proprietary information and trade secrets—not just from cybercriminals, “hacktivists,” cyberterrorists, and competitors—but from former employees. Too often, terminated or disgruntled employees seek to extract vital information from a corporation for personal gain.
The 2017 Data Threat Report from Thales highlighted trends in data encryption and protection finding that 63% of those global respondents surveyed admit that their organizations deploy new information technologies (i.e., cloud, big data, the Internet of Things, container technology, etc.) prior to having appropriate data security measures in place.1 According to the Thales Report, the most dangerous insiders are privileged users of data, followed by executive management.2
Assuming a breach occurs, what legal action may a company take against a former employee who hacks into a corporate database, drive, or cloud information system? What prophylactic policies and procedures must be in place to ensure database protection? How will international companies continue to secure and protect confidential information of clients and constituents in a global wireless economy? A few illustrations may offer solutions.
Launch Against a Breach
Take for example, the allegations of Estes Forwarding Worldwide, LLC (Worldwide), a Virginia limited liability company, learning from Google that a former, terminated employee from its San Francisco location accessed and downloaded worldwide’s trade secrets from his home in the state of Washington.3 Worldwide expended significant resources over several years of business compiling corporate spreadsheets detailing specific vendors used by Worldwide to pick up a shipment for delivery to the airport, transport the shipment from airport to airport, and then transport the shipment from the airport to a delivery address.4
According to the complaint, these compilation spreadsheets included contacts, costs, and other data accumulated over years of decisions by numerous Worldwide employees selecting global transportation solutions containing the best routing decisions, vendor costs, vendor selection, and transit times.5 Apparently, one year after his termination and while working for a competitor, the former employee utilized the Internet to access a Google Drive account of Worldwide, downloading the trade secrets before removing Worldwide’s recovery phone number and secondary email address on file with Google Drive.6 The former employee changed the password to the account and created an archive. One month later, he accessed that archive and purportedly downloaded more than 1,900 spreadsheets from various employees of Worldwide that detailed the best transit solutions.7
Download the full article, “Protecting Corporate Trade Secrets from Former Employee ‘Haccess’“