Tips for the mobile employee
First and foremost, employees need to grasp the significance of protecting IP and take responsibility for their own actions. That is particularly true when their employer has failed to implement any IP security measures. Where the employer has implemented a solid DLP solution, however, employees should understand that their behavior regarding copying or emailing IP are traceable, and they should act accordingly.
Certainly, not all information learned on the job is a protectable trade secret, and the law protects an employee's right to use all of the general knowledge, skills and experience she's learned throughout her career. When the line between trade secrets and general knowledge is blurry, employees should error on the side of caution and ask either their current or former employer for guidance.
Because taking company property is theft, even employees who were never required to sign detailed NDAs must still return company property upon their termination. While federal law is still evolving on this subject, many states interpret the Computer Fraud and Abuse Act as prohibiting an employee from accessing company computers for the purpose of copying files for use in their next endeavor.
That same law also prohibits the destruction of company information, and so departing employees should be careful to identify all devices and accounts they have ever used to conduct company business (and which are likely to contain company IP) and engage in an iterative process with the employer to ensure these devices are cleansed, and information is returned, to the employer's satisfaction. Taking matters into your own hands, whether through simply deleting company files or by using evidence destruction software, often makes matters worse once the employer discovers the use of sector over-writing software (which gives rise to all sorts of justifiable negative inferences).
An employee who affirmatively flags the importance of returning company property, and cleansing personal devices/accounts, during the exit process will likely garner goodwill from an employer whose information is being protected.
As much as we worry about hackers and industrial espionage in business today, we do not pay enough attention to the danger our own employees can pose to our IP. As the Symantec study demonstrated, changing jobs provides the perfect incentive and opportunity for employees to take liberties with company trade secrets. By implementing a combination of IP protection policies, continuing education, and contemporaneous monitoring tools businesses can better protect their trade secret information before it walks out the door.
Given the increasing costs of forensic analysis and IP litigation, along with the significant damage that can occur when trade secrets are actually stolen and used to compete unfairly, the costs of implementing such a comprehensive IP protection program are well spent in today's war for information.
Sign up for Computerworld eNewsletters.