Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks: Trade Secret and Non-Compete Posts and Articles:
  • There is a lot of good stuff analyzing the Obama Administration’s trade secrets initiative from last week.  You should check out out Peter Toren’s post, Morrison & Foerster’s Dan Westman and Jessica Childress’ analysis, Jessica Mendelson’s post for Seyfarth Shaw’s Trading Secrets Blog, Press Millen’s post in Womble Carlyle’s Trade Secrets Blog, and the article, “Private Sector’s Role In White House Trade Secrets Plan” by David Fagan of Covington Burlington for Law360.
  • For the latest in the epic DuPont v. Kolon saga, see “Judge Kills DOJ’s Summons Of Kolon In Trade Secrets Action,” as reported by Law360 and Todd Sullivan in his Trade Secrets and Employee Defections Blog.
  • “Pfizer Gets New Trial After $39M Trade Secrets Verdict,” reports Law360.
  • Interested in the latest on Massachusetts’ proposed non-compete statute?  Then check out Brian Bialas’ post at Foley& Hoag’s Massachusetts Noncompete Law Blog, where Brian has the latest language proposed under the bill.
  • Speaking of non-compete statutes, Kenneth Vanko analyzes the proposed Michigan non-compete statute, which is modelled after New Hampshire’s recent statute requiring an employer to give notice of a non-compete to a prospective employee before an offer of employment.
  • “Race to California Courthouse Fails in Recent Non-Compete Dispute,” reports Jonathan Pollard in the non-compete blog.
  • Epstein Becker’s Trade Secrets & Noncompete Blog reports on an unfortunate employee whose employer’s merger with another company triggered his non-compete. Because his newly-merged employer failed to take steps to safeguard the former employer’s protectible interests, the U.S. District Court of Connecticut enforced the covenant not to compete.
  • Can a non-signatory to a covenant not to compete move to compel arbitration of that provision? A California federal court has answered in the affirmative, ordering that the company of a former employee can also invoke arbitration as to claims arising out of that agreement. Kenneth Vanko’s Legal Developments in Non-Competition Agreements Blog and Paul Freehling for Seyfarth Shaw’s Trading Secrets Blog have posts on the case.
  • For the litigators, “Anonymous Yelp Review Counts as Evidence” advises Jacob Gershman for The Wall Street Journal Law Blog.
Cybersecurity Posts and Articles:
  • “In Cyberspace, A New Cold War,” advises The New York Times.
  • “If China wants respect abroad, it must rein in its hackers,” warns The Economist, although it also notes that “Old-fashioned theft is still the biggest problem for foreign companies in China.”
  • Are we worrying too much about China? Jon Evans thinks so, in an article for TechCrunch entitled “The Chinese Are Coming! The Chinese Are Coming!”
  • But then again, one can’t be too careful: “Data Security for Lawyers Traveling to China,” warns Alan Cohen for Corporate Counsel.
  • “Employees May Be a Company’s Greatest Cybersecurity Vulnerability,” recognizes Catherine Dunn for Corporate Counsel.
  • “Keeping your data Cloud-secure,” advises JJ Milner for the Global Micro Blog.
Computer Fraud and Abuse Act Posts and Cases:
  • “Aaron Swartz Prosecutors Weighed ‘Guerilla’ Manifesto, Justice Official Tells Congressional Committee,” reports Ryan Reilly for The Huffington Post.

On Wednesday, the Obama Administration announced its five point initiative, “Strategy on Mitigating the Theft of U.S. Trade Secrets,” for combating the increasing threat posed by international trade secret misappropriation.  I was in the midst of gearing up for a preliminary injunction hearing, so while I was able to briefly report on the press conference and resulting media reports, I didn’t have the opportunity to carefully review the report and its specific strategies.  I now have had the weekend to look at it; while there is a lot to like, there is some significant room for improvement, particularly on efforts to engage and unleash the private sector.
 
The Plan:  The Administration’s roll out of the strategy on February 20, 2013, was accompanied by statements from senior administration officials covering six agencies with economic and security responsibilities.  The report identifies five action items: (1) focused diplomatic efforts to protect trade secrets overseas; (2) promoting voluntary best practices by private industry to protect trade secrets; (3) enhanced domestic law enforcement operations; (4) improved domestic legislation; and (5) public awareness and stakeholder outreach.

The Good:  This Administration has built up some credibility based on its willingness to use the Economic Espionage Act to prosecute offenders.  It has been assertive in its criminal prosecutions to date (the Liew/Pangang Group prosecution, the Aleynikov prosecution, the Hanjuan Jin prosecution, etc.) and has been thoughtful and considered in identifying the problem.  It also deserves credit for using the bully pulpit to acknowledge the problem and commit its resources to remedying it.

The Elephant in the Room:  Curiously, the Administration’s report does not explicitly identify China, althought it repeatedly references prosecutions involving Chinese nationals.  To its credit, the Justice Department has not hesitated to push ahead against Chinese nationals and companies — most notably, its indictment of the Pangang Group, a company owned and controlled by key members of the Communist party.  However, it was a little disappointing that the Administration was reluctant to identify China as the prime culprit and catalyst for the initiative.

What Hasn’t Worked Yet and Probably Won’t Work in the Near Term:  Diplomatic engagement is important, but if a nation’s policy is to affirmatively steal trade secrets, it is going to take a fair amount of time to dissuade it from that course.  In the meantime, trade secrets and know how will be usurped and the the misappropriators will be the first to market.  Last year, the National Security Agency described trade secret theft as the greatest transfer of wealth in history, estimating the losses of theft of trade secrets and cyberbreaches to be in excess of $334 billion per year.  With numbers like that, don’t expect any offending nation to go gently.

Criminal prosecution, if you have the individuals detained here in the U.S., can be effective but we have seen that service of process and extraterritorial complications have bedevilled prosecutors and can limit the effectiveness of this approach (the Pangang Group prosecution has been effectively derailed because of this problem and this same approach is now being used in other high profile prosecutions). 

Likewise, the renewed emphasis on best practices should be commended.  But sophisticated companies like DuPont, Ford and GM certainly have these safeguards in place and have still been victims of trade secret theft, as the report notes.  Public awareness and training can only protect companies so much.  A determined and committed competitor (especially one supported by its government) will probe, and ultimately find, either cyber or employee weaknesses and exploit them.  Prevention is important but it is simply not enough.

Private Attorney Generals?  More can and should be done.  Not surprisingly, the report is fairly heavy on reliance on governmental administration.  This doesn’t come as a great surprise given the political philosophy of the Administration and the fact that this is a report that is after all being issued by the government.  But frankly my jaw dropped when I looked at the section of the report emphasizing legislative priorities, and there was no mention of the Protecting American Trade Secrets and Innovation Act (PATSIA), the civil remedy that was sponsored by three Democratic senators.  This is a pretty serious omission.

There are limits to what the government can achieve on this front.  Public enforcement by nature lacks the nimbleness and expertise that one will find when private companies commence litigation to protect their own commercial interests. 

No one would expect the federal government to prosecute a patent infringement as effectively as the patent owner and its lawyers.  Trade secret litigation is no different; a company and its lawyers will understand the technology best and will have the incentive to litigate hard and aggressively over a coveted invention.

I remember from law school that the Sherman Act’s civil remedy was enacted to create an incentivized “private army of attorney generals” to enforce the antitrust laws and challenge the monopolies of that day.  The problem of international cyberattacks and trade secret theft is no less important, and that same aggressive approach should be encouraged here through enactment of PATSIA.

Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks: Cybersecurity Posts and Articles:
  • After the Obama administration’s announcement of its initiative to combat international trade secret theft, the other big news this week was The New York Times front-page article calling out China’s army for its role in hacking U.S. companies. In “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.,” The Times cited a report by the security firm Mandiant that fingered Unit 61398 of the Peoples Liberation Army as having a role in 141 attacks in recent years.
  • Spearphishing — i.e., using targeted attacks against employees based on information gleaned from social media — was used in these cyberattacks, according to an article by Kim Zetter for Wired, “Chinese Military Group Linked to Hacks of More Than 100 Companies.”
  • “Claims of cyberstealing by China prompt administration to develop more aggressive responses,” reports The Washington Post.
  • “Cyberwar With China Is Here, Like It or Not,” laments Arik Hesseldahl for All Things Digital.
  • “U.S. ready to strike back against China cyberattacks,” reports Associated Press.
  • “Successful hacker attack could cripple U.S. infrastructure, experts say,” reports Erin McClam for NBC News.
  • “Cloud Data Security: How to Analyze your Risk,” recommends Emma Byrne for Forbes.
Trade Secret and Non-Compete Posts and Cases:
  • In the most recent social media decision in the trade secret and non-compete context, the U.S. District Court of Oklahoma has recently found that a former employee’s Twitter invitations and Facebook posts did not violate the provisions of a non-solicitation agreement.  Venkat Balasubramani of the Technology & Marketing Law Blog (Feb. 18 post) and Seyfarth Shaw’s Justin K. Beyer both have posts on this decision (if time permits, I may do a post with my thoughts on this decision this weekend).
  • Ernst & Young has been sued for allegedly stealing the trade secrets of its client, Express Scripts, after having been engaged to provide consulting services to Express Scripts in its acquisition of Medco Solutions last year, reports Todd Sullivan in his Trade Secrets & Employee Defections Blog. Ernst & Young says a former employee did violate its policies.
  • “South Carolina Court of Appeals Upholds Physician Non-Compete and Forfeiture Provisions,” reports Parker Poe’s EmployNews.
  • In another healthcare trade secret case, “Indiana Univ. Health Misused Trade Secrets, Suit Says” reports Law360.
  • “The End of Noncompete Agreements in Minnesota?” asks Mark E. Dooley for Thompson Hall as he describes a recent bill proposed in Minnesota to ban non-competes along the lines of California.
  • “Analysis of a Winning Argument for Enforcing a Non-Compete Agreement at the Preliminary Injunction Stage,” reports John Paul Nefflen for Burr & Forman’s Noncompete Trade Secrets Blog.
  • “Is Mattel raising the white flag in Bratz copyright case?” asks Alison Frankel in her On The Case Blog.
  • Considering what discovery you might need for your next trade secrets or non-compete case? Then check out Kenneth Vanko’s post, “Some Thoughts On Pursuing Expedited Discovery,” which provides some practical pointers on what you need to do.
  • “5 Trade Secret Trends That Could Shape 2013,” predict Randall Kahnke, Kerry L. Bundy and Peter C. Magnuson of Faegre Baker Daniels LLP for Law360.
Computer Fraud and Abuse Act Posts and Cases:
  • “IP: Why companies need clear policies against giving computer access to non-employees,” advise James Ware and Mindy Ware for Inside Counsel.

President Obama announced an initiative to battle international trade secret theft and cyberattacks aimed at U.S. companies yesterday afternoon. According to The Wall Street Journal, “[t]he White House threatened China and other countries with trade and diplomatic action over corporate espionage as it cataloged more than a dozen cases of cyberattacks and commercial thefts at some of the U.S.’s biggest companies.”

“There are only two categories of companies affected by trade-secret theft: those that know they’ve been compromised and those that don’t know it yet,” Attorney General Eric Holder is quoted as having stated at a White House conference Wednesday. “A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk.”  This echoes the comments of former Counter-terrorism czar Richard Clarke, who last year said the same thing.

According to The Washington Post, Holder said “the Justice Department has made prosecution of trade-secret theft a top priority. The department is seeking to bring cases of economic cyber-espionage that officials hope will deter foreign governments from hacking U.S. company networks.”

This initiative follows allegations of cyberspying this week by the Chinese military, as well as cyberattacks that were recently directed at The Wall Street Journal, The New York Times and The Washington Post. It hopefully represents a serious effort by the federal government to respond to growing complaints by American companies about the theft of corporate trade secrets by other countries and foreign companies.

According to The Journal, the Obama administration’s strategy, outlined in a 141-page report at the conference, will bring together officials from across the government. New measures are expected to include greater U.S. trade restrictions on products and services derived from stolen trade secrets, efforts to “promote voluntary best practices” by U.S. corporations, and diplomatic pressure to reinforce the administration’s commitment to curbing such thefts.

Perhaps this means that the Administration will throw its considerable weight behind the Protecting American Trade Secrets and Innovation Act (PATSIA), which has been mired in the Senate for nearly two years (a hat tip to Peter Toren, who is quoted in the article in The Post, for highlighting the need for this statute). This an important development within the trade secret community, and I will obviously follow it very closely in the coming weeks.

Kenneth Vanko, Russell Beck and I have just completed our second Fairly Competing Podcast, “The Prosecution of Aaron Swartz.”  As many of you already know, the prosecution of Internet activist Aaron Swartz has generated tremendous media attention and legal scrutiny since Swartz committed suicide last month (for my thoughts, check out this earlier post).

In this episode, we discuss the prosecution of Swartz under the Computer Fraud and Abuse Act (CFAA). We also discuss the policies behind the CFAA, and in particular, the prospect of criminalization of terms of service violations. Finally, we discuss proposed legislation and efforts to modify the CFAA in the wake of this tragic story. We kept this podcast to about 20 to 25 minutes, which will remain our goal for future podcasts (no small feat for three lawyers).

You can listen to the podcast by clicking the link below, going to the website Fairly Competing, or subscribing to the podcast on iTunes. We’d love to have your feedback (and if you like the podcast, please rate us in the iTunes Store).

Our next podcast will summarize non-compete legislative updates across the country. Hope you enjoy it!

Listen to this episode

Trade secret claims and patent law frequently intersect, most notably in the patent application context. A recent case out of the U.S. District Court for the Eastern District of Pennsylvania, Foster v. Pitney Bowes, 2013 U.S. Dist. LEXIS 17061 (Feb. 7, 2013), should provide a cautionary tale to any trade secret holder of the risks that accompany a patent application that might reveal those trade secrets. 

In Foster, U.S. District Court Judge Joel Slomsky found that the plaintiff’s patent application caused the information to be made public and extinguished any claim for trade secrecy. (A hat tip to Brian A. Hall for his post on this case in his blog, Unintellectual Property).

Background:  The plaintiff, Frederick Foster, alleged that he had invented a system that, for a fee, would allow users to present personal identification documents to a local U.S. post office that would allow their identity to be verified so that they could receive a virtual post.  Foster described his invention as the Virtual Post Office Box/Internet Passport powered by Global Registration and Verification (VPOBIP).
 
In May 2008, Foster mailed a description of VPOBIP to the U.S. post office and filed a provisional patent application for VPOBIP with the U.S. Patent and Trademark Office (USPTO) shortly afterwards. Curiously, Foster failed to secure a non-disclosure agreement from the U.S. post office for his discussions with the post office over his invention. The post office directed him to consult further with Pitney Bowes, and ultimately negotiations over VPOBIP fizzled. 

In June 2010, the USPTO issued a final rejection of Foster’s patent application for VPOBIP. In another mistake that came back to haunt him, Foster had failed to check off the box in his application to make a non-publication request, so the USPTO published the patent application on December 4, 2008.
 
In early 2011, Pitney Bowes launched a website, at volly.com, that Foster believed directly copied his invention and trade secrets. Foster then sued the U.S. post office and Pitney Bowes, alleging, among other things, that they had misappropriated his trade secrets for VPOBIP.
 
Holding:  Judge Slomsky dismissed Foster’s trade secret claims, reasoning that Foster had failed to adequately safeguard trade secrets because he did not secure a non-disclosure agreement (NDA)from the U.S. post office and because he failed to ask the USPTO not to publish his application. Although Foster claimed that the trade secrets were not disclosed in the patent application, Judge Slomsky found that these failures to safeguard his trade secrets were fatal.

Foster filed the case pro se, so there were some arguments that he could have made that might have salvaged his case, at least at the early stage of the proceeding. For example, at the time that he disclosed the information to the post office, the information had not yet been published by the USPTO. As a result, subsequent public disclosure of the patent application might not have been fatal because he could have argued that it was a trade secret at the time that it was allegedly misappropriated. However, the biggest problem he would have ultimately faced was the lack of a non-disclosure agreement with Pitney Bowes.

The Takeaway:  Foster made two fatal mistakes (1) he failed to get a non-disclosure agreement signed by the post office and Pitney Bowes before disclosing his confidential information; and (2) he failed to request non-publication of his patent application under 37 C.F.R. 1.213(a).

The most important takeaway, however, is that courts will always be suspicious of trade secret claims that arise from an invention that has been publicly disclosed in a patent application, especially now with the enactment of the America Invents Act (AIA). Indeed, in his opinion, Judge Slomsky noted that one of the goals of the AIA was greater emphasis on public disclosures to avoid “submarine” patent applications that might be kept out of view and suddenly emerge to disrupt the marketplace.

Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks: Cybersecurity Posts and Articles:
  • President Obama’s cybersecurity executive order was the big news this week.  For a fine summary of the executive order, see “White House Cyber Security Order Likely to Have Long-Term Impact on Critical Infrastructure Owners and Operators” by Boris Segalis for the Information Law Group Blog
  • “U.S. said to be target of massive cyber-espionage campaign” reports The Washington Post.
  • “CISPA’s back: Hacking, online espionage resurrect cybersecurity bill” advises RT.
  • “Tips to Improve Your Cybersecurity” advises The Wall Street Journal.
  • “Firms Using Cloud Storage, BYOD Face Security Challenges,” notes Jess Davis for Law360.
  • “How far should companies be allowed to go to hunt cyberattackers?” asks James Podgers for the ABA Journal.
  • “Survey of GCs Sees Cybersecurity Risk, Anxiety” advises Sue Reisinger for Inside Counsel.
  • “6 mobile security screw-ups you’re (probably) guilty of” warns Raj Sabhlok for Forbes Tech.
Trade Secret and Non-Compete Posts and Cases:
  • In yet another healthcare non-compete case, “Texas Court of Appeals Strikes Down Cardiologist Non-Compete Agreement on Public Interest Grounds” reports Jonathan Pollard in the non-compete blog.
  • “Validity of Trade Secrets Final Injunction May Hinge on Applicability of Erie Doctrine” advises Collin Freer for Berman Fink Van Horn’s The Georgia Non-Compete and Trade Secret News Blog.
  • “California Federal Court Dismisses California Employee’s Challenge Of His Non-Compete Agreement Based Upon Enforceable Forum Selection Provision” advises Robert Milligan for Seyfarth Shaw’s Trading Secrets Blog.
  • “New York Federal Court Denies Injunction to Enforce Restrictive Covenants Against Terminated Employee” reports Robert Freehling for Seyfarth Shaw’s Trading Secrets Blog.
  • “Kolon Industries Argues Feds Failed to Properly Serve Them with Process in Massive Trade Secret Theft Criminal Case” reports Todd Sullivan in his Trade Secrets & Employee Defections Blog.
  • Are you a government contractor but still want to protect confidentail information that might have been shared with the state or federal government? Then you should check out “Confidentiality Issues in Government Contracting: Promoting Open Government and Fair Competition” by Casey Johnson for Nossaman’s Infra Insight Blog.
  • “Enforceability of Non-Compete Agreements in Delaware” writes Molly DiBianca for The Delaware Employment Law Blog.
  • If you are looking for more on the new Theft of Trade Secrets Clarification Act, check out Mathew Levine’s “With Expansion of Economic Espionage Act, Will More Prosecutions Follow?” for The New York Law Journal (attached as a PDF below) and “What You Should Know About The New Trade Secrets Laws” by Diane Danoff of Dechert for Law360.
  • “Non-Compete Case Law Update: The Mildly Interesting, But Useful, Edition” from Kenneth Vanko’s Legal Developments in Non-Competition Agreements Blog.
  • “China Issues New Judicial Interpretation on Non-compete Covenants and Various Employment Issues” reports Helen Liao and Andy Yao of Johnson Stokes & Master Mayer Brown for JDSupra.
  • “Confessions of a Corporate Spy” admits George Chidi for Inc.
Computer Fraud and Abuse Act Posts and Cases:
  • The Aaron Swartz story continues to generate interesting commentary. I would recommend “The Life and Afterlife of Aaron Swartz” for New York Magazine and “The Idealist: Aaron Swartz wanted to save the world. Why couldn’t he save himself?” by Justin Peters for Slate.
Levine Article Trade Secret Prosecutions.pdf (255.98 kb)

I am delighted to announce that I am joining Kenneth Vanko and Russell Beck for the launch of a Podcast, “Fairly Competing,” that will cover legal and business developments in fair competition, trade secret and non-compete law. 

Our first podcast, “The Year 2012 in Review,” is now available on iTunes and can be heard by clicking the link below or by visiting here. Though this first episode is around 40 minutes or so because of the amount of ground we cover from last year’s key developments, we expect future podcasts to be in the range of 20-25 minutes, covering one topic per episode.

We expect to add a podcast every other week or so that will provide our thoughts on a recent case, legal development or practical pointer. Next week’s will cover the prosecution of Aaron Swartz and the future of the Computer Fraud and Abuse Act.
 
It’s been great fun already and hope you will join us.

Here are the noteworthy trade secret, non-compete and cybersecurity stories from the past week, as well as one or two that I missed over the past couple of weeks: Trade Secret and Non-Compete Posts and Cases:
  • In an unusual ruling, the U.S. Court of Appeals for the Sixth Circuit upheld the convictions of two engineers for stealing Goodyear’s trade secrets, but vacated the sentences, essentially holding that they were too lenient, reports Law 360. Both Todd Sullivan and Kenneth Vanko provide their takes on the decision.
  • In what may be the final installment of the trade secret case that will live in infamy, the U.S. Court of Appeals affirmed a district court’s finding that train equipment manufacturer Wabtec Corp. copied rival Faiveley Transport USA Inc.’s trade secrets involving braking technology used in New York City’s subway system, but knocked the jury’s damages award down to $15 million. This case caused great consternation in the trade secret community several years ago when the Second Circuit inexplicably reversed an injunction and held that a defendant could use a plaintiff’s trade secrets so long as it did not disclose them.
  • Recent California Supreme Court Decision Stokes Debate Over Scope of Trade Secret Preemption” advises James D. McNairy for Seyfarth Shaw’s Trading Secrets Blog.
  • “Court Finds Common Law Causes of Action Not Preempted by New Jersey Trade Secrets Act” writes Michael Kessel for Littler’s Unfair Competition & Trade Secrets Counsel Blog.
  • “Orrick wins $23 million award vs MGA, Bratz maker sues to vacate” advises Alison Frankel’s On The Case Blog.
  • “A Surge In Trade Secret Misappropriation Cases at ITC” report Jeffrey Telep and Taryn Williams of King & Spalding for Law360.
  • “Failing to Trust the Public: The Process of Submission of the Enabling Amendment to the Georgia Constitution for the Restrictive Covenant Act Was Unconstitutional” writes David Pardue for his Trade Secrets and IP Today Blog.
  • Jonathan Pollard has a post about an interesting non-compete case in the broadcast industry that was recently filed in Alabama.
  • “Florida Appellate Court Says: “’Independent Contractor’ Still an Employee for Purposes of Enforcing Non-Compete Agreement” advises Peter Vilmos for Burr & Forman’s Trade Secrets Noncompete Blog.
  • “Calif. Noncompete Clauses — Still Unenforceable” reports David Bloom of Milbank Tweed for Law360.
  • “IBM Suit Over Corporate Raiding Illustrates Use of Social Media Evidence” advises Kenneth Vanko in his Legal Developments in Non-Competition Agreements Blog.
  • “10 Steps to Take When Hiring from a Competitor” recommends Peter Steinmeyer for Epstein Becker’s Trade Secrets & Noncompete Blog.
Computer Fraud and Abuse Act Posts and Cases:
  • For those looking for the latest on Aaron’s Law, see “Congresswoman Posts Revamped ‘Aaron’s Law’ on Reddit” as reported in Mashable.
  • “Employment Agreement Restrictions Determined Whether Employees Exceeded Authorized Access Under Computer Fraud and Abuse Act” advises Shawn Tuma about a recent federal decision out of Oklahoma that elected not to follow the reasoning of U.S. v. Nosal.
  • “How ‘Aaron’s Law’ Is Good for Business” advises Doc Searls for the Harvard Business Review.
  • “We Need to Think Beyond the Aaron in ‘Aaron’s Law” writes Micah Schaeffer for Wired.
Cybersecurity Posts and Articles:
  • The big cybersecurity story this week were the reports by The Washington PostThe New York Times and The Wall Street Journal that they believed Chinese hackers had penetrated their defenses to spy on their communications with critics of the Chinese government.
  • “Here a Hack, There a Hack, Everywhere a Cyber Attack” laments Arik Hesseldahl for All Things Digital.
  • “Calling General Counsel to the Front Lines of Cybersecurity” reports Sue Reisinger for Corporate Counsel.

In yet another troubling survey released by the security firm Symantec yesterday, 50% percent of the employees who had left or lost their jobs in the last 12 months kept confidential corporate data and 40% plan to use it in their new jobs.  In a blog post accompanying the report (aptly entitled “What’s Yours is Mine:  How Employees are Putting Your Intellectual Property at Risk”), Symantec’s Robert Hamilton said it was “startling” that many employees “don’t think taking corporate data is wrong. Sixty-two percent of employees think it’s acceptable to transfer corporate data to their personal computers, tablets, smartphones and cloud file-sharing apps. And once the data is there, it stays there — most employees never delete it.”

The survey was conducted by The Ponemon Institute to examine the problem of IP theft by employees and was based on responses from 3,317 individuals in the U.S., the U.K., France, Brazil, China and Korea.  Here are some more troubling statistics that Symantec cites:
• Over half admit to emailing business documents from their workplace to their personal email accounts;
• 41% say they email these documents at least once a week;
• 41% also admit that they download IP to their personally-owned tablets or smartphones, thus compromising the confidentiality of those documents even further;
• 37% use file-sharing apps such as DropBox or GoogleDocs without permission from their employer;
• The majority of employees using these file-sharing apps then fail to delete the documents included in those files; and
• 42% do not believe it is wrong for someone who developed software for his company to re-use the source code for another company.

To combat the attitudes giving rise to this grim study, Symantec advocates greater education of employees, the enforcement of Non-Disclosure Agreements, and the implementation of monitoring technology (such as data loss prevention software that notifies managers in real-time when sensitive information is inappropriately sent, copied or exposed). 

Unfortunately, this survey echoes a survey by Harris Interactive (about which I wrote last year) that analyzed employee attitudes about the removal of confidential information from the office.  I will say it again:  it all comes down to implementing a culture of confidentiality and security and making sure that employees understand the ground rules of IP ownership with their employer.  In the absence of that education and culture, employees will default to the dominant culture, which is increasingly reflected in the title of the report:  What’s Yours is Mine.