Technology + Employees = Business Risk? More Than You Think…

Sure, data theft by disgruntled employees is a big deal (we’ve all read the surveys and seen the news headlines). But the “technology + employees = business risk” equation doesn’t stop there.

For your reference, here’s a roundup of recent advisories on JD Supra that remind us how the benefits of the digital age can be offset by technology risks in the workplace:

Are Your Trade Secrets at Risk? — Queue the Economic Espionage Act (Dinsmore & Shohl LLP):

“Not only does a company need to worry about protecting its own trade secrets from would-be thieves, they must also ensure that their company practices cannot be construed as the misappropriation of another’s trade secrets. One such example of this table-turning situation includes the legality of various forms of information gathering typically designed to help business decision-makers within a company gain a competitive advantage in areas such as strategy, marketing, research and development, or negotiations… However, your company must be careful that it is not accessing another’s proprietary information.” Read on>>

Labor Pains: Computer Hacking By Employees (Venable LLP):

“What if a former employee downloads confidential information (customer lists, pricing information, etc.) from your computer system and uses it to lure your customers away? Among the laws at your disposal is the Computer Fraud and Abuse Act (‘CFAA’)… Let’s change the scenario slightly. What if a current employee downloads your sensitive business information to his personal computer, resigns, goes to work for your arch-competitor, and then uses that information to pirate your business? Do not count on the CFAA to provide a remedy for that blatant misappropriation.” Read on>>

De-CFAA-nating Federal Law: Appeals Courts Weaken Electronic Data Use Protections (Foley & Lardner LLP):

“The Fourth Circuit … reasoned that employers had other ‘means to reign in rogue employees,’ including claims for misappropriation of trade secrets. But the wrongful conduct at issue in such cases might well have destroyed the trade secret status of the information. The fact that the plaintiff need not establish trade secret protection is among the reasons that CFAA and similar state computer crimes laws can provide such an effective remedy for wrongful use that involves a computer.” Read on>>

Rise in Cyber Data Kidnapping: Tips on Protecting Your Data From Being Taken Hostage (Pullman & Comley, LLC):

“As many predicted, cybercriminals continue to increase their targeting of middle-market businesses. These criminals presume – often correctly so – that a small business will have less robust defenses than a Fortune 500 company that has invested millions of dollars in cyber-perimeter and infrastructure security.” Read on>>

Why Every Employer Needs a Social Media Policy (Jaburg Wilk):

“Although social media is great for developing your business, it is not without its pitfalls. There are an increasing number of cases where an employees’ use of social media has created problems at the workplace… Ownership disputes are certainly not the only problems in the social media world. The most common problems employers often face are cases where an employee posts disparaging comments about his employer using social media.” Read on>>

Some Assignments Are More Equal Than Others (Bradley Arant Boult Cummings LLP):

“Companies often have policies requiring employees to transfer rights to inventions developed by the employee on company time using company resources. To protect their rights, many companies utilize lengthy assignments drafted by legal counsel. Understandably, managers often ignore the details of the agreements, and are primarily concerned that the agreements are properly executed by the employee. As a result, companies with seemingly comprehensive assignments can develop a false sense of security about their rights to the inventions of their workforce. However, to paraphrase George Orwell’s Animal Farm, while all assignment agreements may be created equal, some are more equal than others.” Read on>>

Mitigating Risks: How to Limit Liability from the Use of Electronic Media (Ropers, Majeski, Kohn & Bentley):
“There are also multiple cases in which someone is using their cell phone for work-related activities even if it’s on their day off or otherwise on their personal time. In this instance, the employer could be sued for an accident in which the employee is involved, because the actions involved circumstances arguably benefitting the company at the time of the accident.” Read on>>

Safeguarding Your Business’ Trade Secrets (Snell & Wilmer L.L.P.):

“Utah’s Uniform Trade Secrets Act defines a trade secret as ‘information, including a formula, pattern, compilation, program, device, method, technique, or process.’ Some, but not all, of the information protectable by trade secrets may also be protectable by patents.” Read on>>

Why Companies Should Consider Implementing a Bring Your Own Device Policy (Sheehan Phinney Bass + Green PA):

“… significant risks and potential legal pitfalls are prevalent [when employees use their own smartphones to do work]… For example, if the employee is a non-exempt worker, she may need to be paid for the time she spends working on her phone and those hours must be recorded accurately. Further, if she loses her phone (or even if it is accessed by a family member or friend without her knowledge), depending on the security measures implemented, the employer can be faced with a loss of security over its confidential information and, in some instances, protected information of customers and others being available to those not authorized to view it.” Read on>>

Mobile Problems? The Bring Your Own Device to Work Movement (Dinsmore & Shohl LLP):

“This irreversible [BYOD] trend presents some very real and immediate challenges—both practical and legal—for employers… The first set of risks relate to the fact that company data is now being stored and transmitted using devices and networks the employer may not own or control. This can lead to issues related to government regulations requiring companies to carefully protect the privacy and security of sensitive personal, financial, and health-related data. It also poses risks to the protection of a company’s trade secret, proprietary, or confidential information.” Read on>>

Ninth Circuit Scales Back CFAA Application to Data Misappropriation Cases (Fenwick & West LLP):

“Defendant Nosal, a former employee of an executive search firm, allegedly convinced several former colleagues to download and transmit lists of executives so that he could compete with his former employer. The employer had required employees to sign agreements that they would only use company information for legitimate business purposes, and further featured prominent warnings in its database against unauthorized use.” Read on>>

Social Networks and Trade Secret Misappropriation: Can your company’s “friends” list be a trade secret? (Downs Rachlin Martin PLLC):

“Trade secrets are aspects of your company that, if discovered/used by a competitor, could significantly impact your bottom line or your ability to compete in the marketplace. Recently, a federal court in Colorado held that even something that appears to be publicly known – in this case, a business’s Myspace® profiles and “friends” lists – can be trade secrets. It is, so far, the only court known to do so.” Read on>>

Employers Should be Careful to Guard Their Company’s Social Media Profiles (Cole Schotz):

“In order for a company to protect its social media accounts and to prevent competitors or former employees from gaining access to such accounts and attempting to wrongfully use that information, a company should develop a protocol to protect these valuable marketing tools. This may include protecting the secrecy of Twitter, MySpace and Facebook accounts by requiring a login and password to access the account, as well as keeping such login information and password restricted to ‘need to know personnel.’” Read on>>

#Ediscovery & Biz Data Keeps you from Sleeping? Know Data Retention Policy’s 4 Pillars. Primer (Wahab & Medenica LLC):

“When a company reasonably suspects or becomes aware of potential litigation or investigation, it is legally obligated to prevent the destruction, alteration, or mutilation of potentially relevant evidence… The data retention policy should explain how each responsible person or department will respond to a discovery request and most importantly to a litigation hold request, as the company may face serious consequences in court if relevant data is destroyed.” Read on>>

You Might Soon Have New Ammunition in Your Efforts to Combat Trade Secret Theft (Foley & Lardner LLP):

“If three Democratic senators have their way, some companies may soon be able to protect their valuable trade secret information under federal law. On July 17, 2012, senators from Wisconsin, Delaware, and Rhode Island introduced a bill, the Protecting American Trade Secrets and Innovation Act of 2012 that would allow companies that face certain kinds of trade secret theft to bring suit in federal court.” Read on>>

Courts Increasingly Require Early Trade Secret Claim Identification (Wilson Sonsini Goodrich & Rosati):

“Early identification of trade secret claims poses challenges for both sides. Trade secret plaintiffs often must plan a claim identification at the same time a complaint is drafted, and must be prepared to defend the specificity of the identification in light of recent case law. Trade secret defendants must plan how and when to challenge a plaintiff’s early identification, without asking for more than courts have been willing to require at the earliest stages of a case.” Read on>>

State Appeals Court Concludes Employer Not Protected by CDA Section 230 in Employee Stalking Case, and Seems to Shrink the Statute along the Way (Proskauer):

“An Illinois state appeals court recently held that although an employer that provided network connectivity to its employees is an ‘interactive service provider’ under Section 230 of the Communications Decency Act, the statute does not protect the employer from negligent supervision claims based upon the employee’s alleged use of the network to communicate threats to a third party.” Read on>>

What do video game, music, and free online telephone networks have in common? If your employees use them they can lead to a FTC data security investigation (Bryan Cave):

“For several years the FTC has warned businesses that P2P applications can lead to a data security breach if the application is installed on a computer that contains sensitive information, or is itself part of a network that contains sensitive information… To-date the FTC has identified almost one hundred data breaches which it suspects were caused by an employee using a P2P application.” Read on>>

Bring Your Own (Tech) Device to Work? That Could Be a Problem… 

Related Updates on the Computer Fraud and Abuse Act:

Additional updates at the intersection of Employment and Technology Law>>