Concerned Your Departed Employee Might Have Stolen Your Data? Here’s What to Do About It.

Last time, we discussed two case rulings from 2020 that illustrate what can happen when departed employees are alleged to have stolen IP data before they left.  But what if that happens to your company?  If you suspect that a departed employee has stolen your data, here are six potential sources of data theft where you can check to see if your data has actually been stolen.

Six Potential Sources of Data Theft

There are at least six potential sources of data that can be stolen from your company by departed employees. They include:

• Email: Not only can emails be collected by a departed employee before they leave, a common way of stealing important information is for the employee to forward emails to his or her personal email account prior to departure. So, look for emails that have been sent to personal email accounts as a possible theft of company data.
• Hard Drives: Certainly, data from the departed employee’s hard drive of their workstation can be an extremely useful source of information to identify what data might have been stolen. Forensic imaging of the employee’s hard drive can identify things such as: deleted files and fragments of deleted files, log files, registry keys, document versions and more. It can even identify USB devices that were used on the system to copy files, files that were actually copied, and software that was installed (including file deletion software)!  There’s a wealth of information available on a departed employee’s hard drive – even if that employee has taken steps to try to hide their tracks.
• Metadata from Work Product Documents: Again, skilled forensic analysis can identify when a document was last printed or edited for documents ranging from accounting spreadsheets in Excel or written documents in Word or important customer presentations in PowerPoint. This metadata can be an important sign that key data has been stolen from your company.
• Cloud Systems: As companies use more cloud-based solutions for accounting, customer resource management and other important business functions, those solutions can also reflect activities of departed employees where data has been stolen. Cloud-based solutions like Salesforce keep track of user access and reports generated to show when departed employees have accessed these systems to capture important accounting or customer information before departing. And collaboration apps may show communications with other parties who are colluding with the departed employee to steal data as was illustrated in the WeRide Corp. v. Huang case that was discussed last time.
• Mobile Device Data: Forensic collection of data from mobile devices can show other communications such as phone logs and text messages that illustrate communications with potential parties colluding to steal data from your company.
• Source Code: Finally, if you use a source code tracking system, that system may show the last time the departed employee accessed the source code and whether they did anything with it, such as download it, which we illustrated in the QueTel Corp. v. Abbas case discussed last time. That source code may be the “life blood” of your company in terms of what is unique to make your company successful.

These are just six potential data sources that can show that data was potentially stolen by departed employees, but they demonstrate how many opportunities there are to identify that departed employees may have stolen data on their way out the door. Intellectual property cases are often “you bet your company” cases, so you want to be thorough in identifying potential instances of stolen data. A forensic collection specialist can help you identify those areas and determine the full extent of your exposure when rogue employees depart and take critical company data with them.  Acting quickly and working with an experienced forensic specialist can enable your company to identify what data has been stolen and obtain a judgment similar to the cases above. Don’t delay when employees depart and you suspect that important company data may have been stolen!

For more information regarding Cimplifi Forensics & Investigations Expertise, click here.