Alastair Brown, chief technical officer at BrightHR shares expertise on how employers can protect themselves from their confidential data being held ransom
New figures have shown High Court cases against employees stealing confidential data from their employers increased by 25% from 2015 to 2016. A number of factors have contributed towards this rise, including using technology that makes it easier to access data and increasing staff turnover. Whilst the figure is lower than it was in 2009 where a high number of redundancies led to 95 cases that year, any increase should be viewed as significant by employers and they should be seeking to proactively manage their employees to stop a data loss.
Well drafted company policies should be introduced and fully implemented. These policies should cover all the different areas that are susceptible to data loss, from a policy on handling confidential data to an email and mobile phone policy. These policies should inform staff of their obligation to keep data safe, set out the rules for handling data, outline how to avoid a data breach and the potential consequences of employee theft. If any specific company rules are in place, for example, prohibiting the sending of emails to personal email addresses, these must be outlined clearly in the policies.
Training should be provided to staff on the rules contained in these policies and how they should handle data to avoid an accidental, or intentional, data breach. Once a new piece of software or technology is introduced to the business, such as cloud software, further training should be carried out to ensure staff are aware of the rules.
To set in place an effective deterrent, employers can introduce contractual clauses around confidentiality. Although there is an implied term of fidelity in all employment contracts, this may not be sufficient to deter staff from stealing confidential data. Instead, an express term of confidentiality can be included in all contracts for staff who handle confidential data. This will, in many cases, be enough to limit or reduce data theft during employment as employees will be aware that they will breach their own contract if they do this. In addition, putting in place well drafted reasonable restrictive covenants regarding the use of confidential data post-termination will reduce the likelihood of employees stealing data when they leave. This is because they will be aware that any use after their employment ends will be subject to legal action by their previous employer.
One of the main areas for data theft will be during the employee’s notice period as they will be seeking data to take to their new employment or, in extreme cases, looking to punish their previous employer. To prevent this occurring, garden leave can be utilised by employers. During a period of garden leave, the employee remains employed by the company under their normal contractual terms, including any confidentiality terms, however they do not attend work. This limits their access to systems and data, ensuring they cannot take confidential information during this period.