Skip to main content

Are you a legal professional? Visit our professional site

Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Sensitive Company Information Bleeding Out The Door

By Minara El-Rahman on September 08, 2010 12:45 PM

FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the internet.

Companies naturally want to protect their internal, sensitive company information. Indeed, intellectual property and trade secrets often constitute the crown jewels of a given operation. Companies also have practical and legal obligations to protect confidential information of their customers. Accordingly, prudent companies develop policies that are designed to ensure the security of such highly valuable, proprietary and sensitive data. But does that mean that company employees necessarily follow those polices?  Au contraire! 

Indeed, according to a recent study in Europe by Ipswitch, a file transfer security vendor, 69% of IT managers transmit highly confidential data, such as payroll, financial and customer information, over the Internet using unsecured emails. 

And practically half of surveyed employees readily concede that at least once a week they send confidential or regulated content, the type of which could potentially require data breach notifications under governing laws if the content is stolen or lost.

On top of this, 69% of those surveyed said that they send highly confidential information at least once per month simply using regular, unencrypted emails and attachments. Moreover, 34% report that they do so daily!

In addition, 70% of respondents answered that they house company information on their PDAs, USB drives, and elsewhere through remote connections. 

While 62% of companies surveyed have security policies in place that detail how sensitive information must be secured for transmission, 72% admit that they do not have enough transparency to ascertain how data is transferred internally and externally.

So, when it comes to protection of sensitive information maintained by companies, perhaps the biggest fear is not external hackers. Instead, companies may need to look in the mirror and follow through on true data security.

Companies technically must be able to track how and under what circumstances their data is transmitted. They also need to motivate their personnel to actually follow their data security policies. 

Perhaps in this regard a carrot and stick approach could work; namely, providing positive incentives for compliance and penalties for non-compliance. And companies should consider working actively with skilled data security support vendors and knowledgeable legal counsel in this area.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes.  His Web site is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com.  To receive a weekly email link to Mr. Sinrod's columns, please send an email to him with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice.  The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard

Find a Lawyer

More Options