A man in a grey business shirt looks sideways. Someone has placed a hand over his mouth.

Protecting Confidential Information: Termination Day

This article is the final piece in a three part series of blogs focussed on how organisations can most effectively protect themselves against employees stealing confidential information.  Following on from our second blog in the series, which focussed on how to effectively protect your company’s confidential information from an employee during their notice period up until their termination, this blog looks at common mistakes employers make when exiting an employee, and what to do in the event that a former employee has been found to have stolen company data, or is working in breach of a restraint of trade.

Making a clean break and preserving data

Firstly, it is important to always conduct an exit interview with the departing employee, and in turn, to have the employee sign a declaration stating that they have returned all company property that was in their possession.  Be sure to make an official internal note of the interview in case there is ever a discrepancy in the future.  Either during, or immediately prior to this exit interview taking place, make sure to cut off the employee’s access to any company IT services and/or accounts, and be equally careful to change all passwords used by the employee to access company services.

Save and preserve a complete copy of the employee’s mailbox, making sure to include their calendar and any calendar notes.

If the employee has used a company issued computer and/or phone for work, consider sending the device to a forensic IT specialist to conduct a basic review of the device to check for abnormal activity.  Whilst this is not necessarily a crucial step in every case, no harm can come from taking a cautious approach to an employee’s departure.

What should you do if you suspect that an employee has stolen company data, or is working in breach of a contractual restraint of trade term?

Try to secure any electronic devices that were previously used by the employee prior to them leaving by locking them in a secure place.  It is important not to attempt any sort of examination of the employee’s devices without professional assistance.

Collate relevant documents:

  • Employment contract(s);
  • Termination or resignation letters; 
  • Exit interview documents;
  • Related company policies, such as workplace surveillance, use of electronic devices, and confidentiality; and
  • Any documented evidence of a breach, such as evidence of copying data and suspicious emails, or other communications with customers and suppliers.

It is also important for companies to review all current and future business opportunities which the employee in question may seek to exploit, and to prepare a detailed rundown of any relevant information.

Seek urgent legal advice!  Any delay by a company may be viewed by a court as evidence that there is no genuine business risk to protect, and the court may in turn dismiss a case on that basis alone.

Common pitfalls for employers

From experience, the most common obstacles faced by employers when seeking to enforce post-employment obligations are self-inflicted.  These are:

  • Having poorly worded contracts, usually as a result of employers preparing their own employment contracts without seeking legal advice;
  • Failing to keep signed copies of employment contracts;
  • Providing staff with access to sensitive information without monitoring that access or maintaining controls over how that information can be copied or sent;
  • Not maintaining a workplace surveillance policy;
  • Failing to act quickly once they become aware of a potential breach; and
  • Compromising the integrity of key evidence by attempting to examine electronic devices themselves.  

To quote Nigel Carson from KordaMentha Forensic, “every computer contact leaves a digital trace”.  It truly is important to take heed of the fact that in an environment where the best evidence usually wins, conducting inexpert investigations can be a self-defeating exercise.

Of course, all of these pitfalls are easily avoidable with a little bit of advance planning, disciplined business management and legal advice.

Finally, we all recognise that in 2018 filing cabinets and ledgers are pretty much a thing of the past.  Similarly, I suggest that it is also time to acknowledge the fact that the “IT guy” and the “mate of the boss who’s a bit of a tech-head” have likewise become redundant.  Virtually all business activity is conducted electronically through computer systems, so regardless of how small a company may be, the IT system is often the most important piece of commercial infrastructure that they have.

A professionally managed IT system using up to date hardware is not just good for business, it will also save you certain grief in the future if you need to rely on it to recover data or gather evidence for use in legal proceedings.

How can Coleman Greig help your business to protect its confidential information?

Coleman Greig’s employment team can assist businesses at every stage of the employment life-cycle.  Our lawyers are able to provide expert advice on the preparation and implementation of internal policies and procedures, drafting contracts and agreements, risk identification and management, and enforcement of post-employment obligations including litigation to prevent misuse of confidential information, and to enforce contractual restraints of trade.

Please bear in mind that whilst Coleman Greig’s Employment Law team can provide legal advice on risk management and the protection of confidential information, we don’t manage IT systems.  I would urge any business with an IT system currently serviced by the “IT guy” to seek professional advice from a reputable company!

If you have a query regarding any of the information found in this, or any of the other blogs in this three part series on protecting confidential information, please don’t hesitate to get in touch with:

Share:

Send an enquiry

Any personal information you provide is collected pursuant to our Privacy Policy.

Categories
Archives
Author

More posts

A guide to intrafamily adoption

Adoption is the process where a parent’s legal rights for their child are transferred to another person. The formal adoption of a stepchild or close relative is known as intrafamily adoption.

Passenger movement and visa data-matching by the ATO

Heading overseas for work or a holiday? Taxation issues, including tax residency, should be on front of mind when departing from or arriving to Australia. Why? Because the Australian Taxation Office (ATO) can follow your footprints and, if you’re not careful, spring unexpected taxes on you.

Is it really necessary for my executor to have so many powers?

People often question why the executor of their estate needs to have so many powers. Simply put – if your executor isn’t given any additional powers by your Will, then they are limited to what is set out in the Trustee Act. One area that this can lead to issues in, is the family home – particularly if beneficiaries aren’t in agreement.

Essential terms of a commercial lease

A commercial lease is a contract that details the rights and obligations of a tenant and landlord. So, what are the necessary terms of a commercial lease?

Responding to data breaches

In the final part of our four-part series on your business’ responsibilities related to cyber attacks and data breaches, Special Counsel John Bennett how businesses should respond to data breaches, including application and requirements of the Notifiable Data Breaches Scheme.

Security of personal information

Part 3 of a four-part series on your business’ responsibilities related to cyber attacks and data breaches where Special Counsel, John Bennett provides an overview of some court decisions and proceedings where ‘security’ of personal information has come into issue.

Parental alienation in Family Law

The concept, Parental Alienation Syndrome, was initially brought about by American psychiatrist Richard Gardner in 1985. The term parental alienation is used to describe a situation where one parent is involved in psychologically manipulating their child to turn against the other parent.

Are you liable for labour hire workers if they are injured?

Many employers (host employers) engage employees of labour hire companies, particularly in the building and construction, hospitality and manufacturing industries. However, what happens when one of these employees gets injured at the host employer’s work site? Who is liable for the injuries?

The risks with cyber attacks and data breaches

Part 1 of a four-part series on your business’ responsibilities related to cyber attacks and data breaches. Cyber attacks and data breaches are the top business risk in Australia according to Aon’s 2023 Global Risk Management Survey.

© 2024 Coleman Greig Lawyers  |  Sitemap  |  Liability limited by a scheme approved under Professional Standards Legislation. ABN 73 125 176 230