Alright. So, you’ve battened down the hatches of your company’s premises, to protect your employees and your information. Employees are required to create secret computer passwords they’re not to share with anyone, even colleagues. Your policy requires changing passwords every 45 days. You’ve installed security guards at the front desk, distributed security badges to limit access to your premises, conducted background checks on your new hires. You require signed Confidentiality, Non-solicitation, and Non-competition Agreements with employees to whom you’ve provided access to your secrets. You’ve erected firewalls to protect your servers.
By now, we are all too familiar with the issues and pitfalls associated with cybersecurity breaches in a multitude of industries. Consider Equifax, Home Depot, Yahoo or Target, to name a few. Those well-publicized incidents overwhelmingly concerned customer and/or consumer privacy invasions, but touched barely, if at all, on whether those breaches compromised employees’ private information, or whether those companies should have done more to protect not only their customers’ information, but their employees’ as well. Should this be of concern and if so, what should employers be doing about it?
Our client, we’ll call them Company X, provides installation, connection, upgrades and repairs for one of the country’s largest providers of residential and commercial television, telephone and Internet service. We’ll call their customer Company Y. Pursuant to their contractual agreement, our client (Company X) retained a third party vendor to conduct civil and criminal background checks on job applicants. However, in the last year Company Y was purchased by Company Z, an even larger provider of television, telephone and Internet services. Company Z requires our client to utilize a different third-party vendor for conducting background checks.
Our firm is now helping a client with damage control and data recovery upon discovering – a week after their former Chief Technology Officer (CTO) had resigned but six months after he’d been demoted to a lesser role -- that the CTO had created a back door for himself to the client’s servers and had spent those last six months of his employment accessing, downloading and storing emails of the client’s top executives, and its most important vendors.
A decade ago, I litigated a trade secret/unfair competition dispute between two large plastics manufacturers. The Plaintiff was based in southwest Florida, the Defendant in southern Alabama. The factual dispute is interesting, though not necessarily particularly pertinent to the subject I want to address in this post.
Virtually every thoughtful employer wants to hire the very best employees they can find. And why not? Good workers produce better products, provide better service, give maximum effort, learn and adopt the company’s best practices and culture. Bad employees are indifferent, if not outright negative about the company, its customers, its products, its values.