Employee Data Theft and the Precautions Your Business Can Take


As a business owner you most likely have a process which you follow when an employee is terminated. You hope that the exit process goes smoothly and professionally, but we know that isn’t always the case. In the digital age that we live in, the new concern that employers face is the theft of personal and professional data from the business after an employee is terminated. Unfortunately, this form of theft can easily go unnoticed if the right precautions are not put in place.

In a study conducted by Biscom, a software security company, research found that 85% of employees surveyed admitted to taking company documents and information after termination. Shockingly, another 85% admitted to taking company strategy documents and presentations as well [1]. With these figures, unfortunately, it is more than likely that a terminated employee has or will partake in some form of employee data theft after their dismissal.

What is Employee Data Theft?

Employee data theft generally occurs just before, or right after an employee is terminated. Their motive could be to advance their new career or help a new business that they are starting. They may also feel that they have ownership to the information that is stolen, or the act could be a form of revenge against you, the employer. Whatever the case may be, the wrongdoing lies in taking information or data with malicious intent or without proper authorization.

So what are you to do if you believe your current or former employee has taken, copied or deleted important business information, programs or contacts from the device(s) they had access to? Under the Computer Fraud and Abuse Act (“CFAA”), a business has the right to seek compensation for revenue lost and damages incurred after having to investigate, assess, or restore data, programs and other information due to unauthorized access. An offending employee may also be subject to criminal prosecution in Wisconsin (Wis. Stats. Sec. 943.70) [2].

About CFAA

The CFAA was enacted in 1986 as an amendment to the first federal computer fraud law, created to address hacking. The law’s purpose was to protect government computers and financial institutions with highly confidential information. The CFAA has since been amended several times to recognize new computer terminology and to keep up with ever-changing technology [2].

The Act currently applies to any computers used in interstate or foreign communication, which would therefore include cellphones, and to people who intentionally or unintentionally accessed information for which they were not authorized to view, copy or destroy [2].

When filing a complaint, the plaintiff must be able to show that due to the unauthorized access, their business suffered a loss or damage. “Loss” is now defined in the Act as: “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service” [2].

How to Protect Your Business

You do not have to be a large company or have a large budget to prevent these actions. There are several measures that a business can take to prevent employee data theft, including:

  • Create a thorough employee policy [1]
    • An employee handbook should identify all data that an employee is permitted to access, and that data created by the employee in the scope of their employment is property of the company
  • Enact a non-disclosure agreement to protect confidential information and trade secrets[1]
  • Track all employee access of data [1]
    • Keep a spreadsheet or checklist of employee permissions to tools, apps, etc., so accounts can easily and swiftly be cancelled or permissions changed
  • Upon termination of an employee, secure all electronic devices the employee had access to: computers, phones and tablets
  • If you suspect data theft do not turn off or restore the computer as you or your IT supervisor may be able to view recently opened files, sent emails, or USB drives that may have been plugged in to copy information
  • Immediately change passwords, access, authorization and/or delete usernames

You do not have to be a large corporation to enact these measures. By thoroughly stating the repercussions of employee data theft in a handbook you and your employees will be on the same page regarding what is considered theft. Too often these simple acts are disregarded and former employees are left with the ability to access your valuable business information. By taking the extra precaution you are protecting your business, your reputation and the headache of having to investigate theft or restoring your valuable data [1].

If you have any questions regarding employee data theft, are in need of creating or updating your employee handbook or believe you may have been a victim of employee data theft, please contact one of our Green Bay Business Attorneys at Gerbers Law, 920-499-5700.

1. https://www.entrepreneur.com/article/272319
2. https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_(CFAA)


<< Next Post: Importance of Lease Length Agreement

>> Previous Post: Office Christmas Party and Unwanted Liability

Contact Us

7 + 1 =