Court: Ex-employee was allowed to steal from company
September 25, 2009 by Sam NarisiPosted in: In this week's e-newsletter, Latest News & Views, Security
Recent surveys show most laid-off or resigning employees are prepared to steal information that will help them get a new job. Companies should guard against that now, because there will probably be little they can do after it happens.
Here’s what happened in one recent court case:
An employee quit his job to run a consulting firm with his wife.
A few weeks before his resignation, he e-mailed several sensitive documents — including financial records, customer lists, marketing research and Web site data — to his personal account. Also, two months after the employee quit, an IT administrator discovered that someone was logged in to the company’s network using the ex-employee’s username, which had never been deactivated.
The employee never denied sending himself copies of confidential information to use for his consulting business. So when the company tried to take legal action, why did a court toss the suit?
Because the employee was given free access to the documents.
The Computer Fraud and Abuse Act allows penalties for people who commit fraud by accessing a computer “without authorization.”
The employee was allowed access to the information he took (he needed it for his job), and the company had no policies or signed agreements requiring him to keep the info confidential. Therefore, the judge ruled, he was not acting without authorization.
As for logging in to the network after he quit, the company couldn’t prove it was the ex-employee, rather than someone else who knew his username and password. (Both pieces of data were saved on a computer that at least two other employees could access.)
Steps to take now
Data theft by departing employees is a big issue today, when laid off employees are desperate for ways to appear more valuable to prospective employers.
Here are some steps the employer in this case could’ve taken before the theft:
- written a confidentiality agreement to keep employees from using information obtained at work to help another business, and
- removed the employee’s network access as soon as his resignation took effect.
DocuCrunch.com delivers the latest IT and Imaging news once a week to the inboxes of over 200,000 IT and Imaging professionals.
Click here to sign up and start your FREE subscription to DocuCrunch!
Tags: Computer Fraud and Abuse Act, e-mail, laid off, theft
Loading ...
