In the heat of the moment, it’s easy to fail to document the course of the investigation from the beginning. Immediately preserve the most recent backup records.ĭocument the investigation. HR professionals should promptly determine when and how data a departed employee might have accessed was backed up. Once an official suspects data theft, the guiding principle must be "Do no harm." Until advised otherwise by someone trained in computer forensics, employees investigating data theft should leave hardware believed to contain potential evidence in its current state computers that are on should be left on, and computers powered down should be left off.Įvery company has electronic data that is updated daily or weekly, such as customer databases, research documentation or other records. So, hire an expert who speaks "plain English." Qualified computer forensics technicians also must be extremely concerned about the chain of custody of evidence so their findings can be used in court.Ĭonsider the workplace a crime scene. If the matter proceeds to litigation, the computer forensics expert likely will need to testify about the investigation and its findings.
#Datathief windows professional#
Before hiring an expert, make sure that the expert’s professional credentials are current and include certificates for using the major forensic tools: EnCase and FTK. In doing so, however, IT employees risk trampling critical electronic data.Ī company official who suspects that a current or former employee has engaged in data theft should immediately bring in a qualified expert in computer forensics. Involve computer forensics personnel early. Members of a company’s IT staff often will try to help by looking for evidence of data theft on the suspect employee’s computer or in e-mail. When investigating suspected data theft, be sure to: In the letter, the company should again assert that the former employee’s confidentiality obligations apply to all records and files and also include the former employee’s memory of confidential information and trade secrets. If the employer learns that an employee who will be given a severance has not signed the company’s confidentiality agreements, those protections should be inserted into the severance agreement.įinally, each departing employee should be sent a letter attaching a copy of his or her signed confidentiality agreements. The best practice is to expressly reference all confidentiality, post-termination restrictive covenants, intellectual property assignment and nonsolicitation agreements in the severance agreement, and make it clear that those obligations carry forward after the severance agreement is executed. If departing employees are given severance, any mutual release terms included in the severance agreement should expressly exclude known and unknown claims by the employer pertaining to the use or disclosure of its confidential or proprietary information or trade secrets. Signed copies of confidentiality agreements should be presented to employees during exit interviews, and they should be reminded verbally of their obligations to maintain confidentiality of records, electronic files and information learned while working at the company.Įmployers should have each departing employee sign a document representing that he or she has returned all documents, computers and electronic storage devices, and that he or she has not made copies of such records. Protect Electronic Data in Exit InterviewsĪs employees depart, HR professionals should use the exit interview process as a tool to help protect intellectual property. So, where and how a company investigates suspected wrongdoing can be pivotal to subsequent legal action. Unless collected and preserved in a proper and timely manner, it can be altered, erased or rendered unrecoverable. Here are suggestions for what to include in your data theft response plan.Įlectronic evidence is akin to words written in sand near the edge of the water. HR professionals need to work with information technology and legal staff members to respond quickly and preserve critical evidence during the precious hours and days immediately following the discovery of suspected data theft. This problem is likely to grow in good times as well as bad. In the recession, many laid-off employees, who feel they have nothing to lose, walk off with data they no longer have any right to use. And yet, finding culprits is imperative, as stolen data often includes proprietary or private information or trade secrets. 24 article in The Economist.Ĭatching a thief can be difficult when stolen information is downloaded on tiny iPods or flash drives. workers who left their employers in 2008 took some data with them, according to a Feb. Unfortunately, theft of electronic devices is becoming as common as swiping Post-it notepads.
0 kommentar(er)
