Employees Copying Company Files Before Resigning-Court Says Ok!
In another irritating, anti-employer decision, the Ninth Court Circuit of Appeals (covering California) ruled that an employee who copied company files before resigning did nothing wrong! The practice of such behavior is not surprising. It happens more than you may think and with technological advances comes more creative ways for employees to take confidential information away from their place of business. Personal data storage devices and email permits information to be easily transmitted without the employer’s knowledge. Sad but true.
The facts in this case were actually very simple. A former employee had emailed numerous files from his work computer to his personal email account, as well as to his wife’s email account before he left the company. The files that he copied included financial statements, marketing data, and personal information about the employer’s clients. In addition, he used an administrator’s password to access the company’s network after he left the company.
The employer sued arguing that the former employee violated the federal Computer Fraud and Abuse Act, which prohibits unauthorized computer access, or access to computer systems that exceeds authorization. The court ruled that since the employer had given the employee (former) authorization to access company files the employee had done nothing wrong.
Where did the employer go wrong? They failed to have an established policy prohibiting employees from copying company files for personal use or emailing them to a personal email account. Furthermore, how in the world did the employer fail to change the access codes after the employee left?
Now let’s discuss what an employer should do to try and safeguard their confidential information.
1. Have a policy in place prohibiting employees from copying company files for personal use (or emailing);
2. Limit access to highly confidential information to a select few;
3. Change the codes upon the departure of individuals who had access to the sensitive information;
4. Have a selected “IT” person monitor who is accessing the information and note any downloading of files;
5. Have a policy in place limiting the use of personal data storage devices (or even bringing them to work).
We have clients who prohibit employees from bringing cellphones or other such devices to work. Such policies are not an infringement on their individual rights. Good luck!