Data theft by departing or laid-off employees

This recession keeps on producing interesting stories related to technology.
Reports suggest that laid-off employees may want to exact a certain measure of revenge on the companies they worked for, by stealing data on their way out!

A story in the Washington Post suggests that is occurs ‘often’ and is particularly dangerous when proprietary data is stolen .
Apparently, nearly 60 percent of employees who quit a job or are asked to leave are stealing company information, according to report by the Ponemon Institute,a research group. The survey was based on interviews with 945 people who were laid off, fired or changed jobs in the last year. And the majority who do it do not know it’s illegal!

What are they stealing? Well, 65 percent have taken their e-mail lists, which is somewhat expected, as contacts are one of the main learnings of any job.

The next most frequently stolen data include non-financial business information (45 percent), customer contact lists (39 percent), employee records (35 percent) and financial information (16 percent).

And the two factors that most contribute to this theft are a lack of employee loyalty and “telecommuting.”

Hiring freelancers and part-timers always has its risks, but the idea of them taking their clients with them should frighten employers enough to ensure such staff have limited access to company data.

With PC and phone connectivity, and access rights to information, the question arising is who really controls the data? Can it be controlled at all?
Employees are storing their acquired information and relationships online, on sites like LinkedIn, which is somewhat acceptable. But utilizing other online applications and even ‘online data stores’ should be studied.

Clearly, what the employee does with the data determines the extent of legal action taken by the employer. For example, selling the data or turning it over to a competitor will somehow be discovered and such actions will strengthen the legal standing of the employer. Needless to say, in the US and Europe, laws governs such practices and the are grave consequences.

In Arab countries, and in the Middle East in general, the issue of employees stealing data is not being discussed, and it is doubtful that laws can handle such incidents. Apart from a accepting ‘emails and electronic communications’ as legal tender in courts, laws to govern electronic transactions are yet to be enacted, and all sorts of issues. Sooner or later, cases will arise and we’ll be discussing this.

Maybe the lay-offs in the Middle East will accelerate this, but the generally held false notion of ‘control’ over employees needs to be thoroughly revised in the information age.

zanasser@gmail.com