In House - The FindLaw Corporate Counsel Blog

Data Theft by Employees Is Rampant

According to a survey by Biscom, a secure communications solutions business, a huge percentage of employees take employer proprietary data when they leave a job, whether they were asked to leave or not.

Surprised to see that you're not alone, right?

The Poll

The results of the poll essentially attributed modern technological conveniences such as Dropbox, Google Drive, and even ordinary email as being principal enablers for easier-than-ever-before data theft. Twenty-five percent of respondents admitted to taking data when leaving the company, either voluntarily or involuntarily. Overall, 15 percent of respondents said that they were more likely to take data if they were asked to leave the company (e.g., fired, laid-off, etc.)

Of those who admitted taking company data, 85 percent said that they felt that what they were doing was not wrong, i.e., they felt justified in their actions. This might be addressed by the suggestion that most employees only take data for which they actually contributed in creating. However, a good portion of employees -- 25 percent -- admitted that they would also take data that they themselves had nothing to do with.

Probably Worse Than It Looks

Keeping in mind, the number is most likely far higher as the poll only reflects respondents who actually admitted taking data. Polling practices suggest that due to fear of being judged by pollsters or their fellows, even irrational beliefs can cause respondents to inaccurately answer questions that would lead to misleading results. We are alluding to something similar to the Bradley Effect in polling.

Reducing Employee Data Theft

Perhaps the most intriguing number of all is also the least surprising: 95 percent of employee respondents said that taking company data was easy and that companies were poorly prepared to deal with the problem.

Email is certainly not going away. At present, one of the few measures that can be implemented is by physically restricting access to centralized computers that have the most critical data. Also, companies should implement company policies that would essentially ban all entry of outside data storage devices like flash drives, USB keys, SD cards, etc. Another (more expensive) solution would be the use of biometrics that would allow companies to at least build a record of which employee to what and when.

Even with such draconian measures, few reasonable people in the industry really believe that employee theft of data will be extinguished. In-house counsel would do best to foster a culture of trust. But in the meantime, one of the better policies would be to seek trustworthy talent and reward such persons accordingly.

Related Resources: