INTERSECTION OF TRADE SECRETS AND PRIVACY: WHEN EMPLOYEE THEFT OF FILES CONSTITUTES A DATA BREACH
What happens when an employee walks off the job after copying all of your company’s client and employee files to the cloud or a USB thumb drive? You ask for it back, but the employee refuses or even denies having taken anything. What then? If you have a ‘war chest’ and the information the employee stole is valuable enough to ‘bet the farm’, you pursue appropriate legal recourse for trade secrets misappropriation and make them regret they ever plugged in that thumb drive.
This is an increasingly common scenario as entrepreneurial employees tend to jump ship more often. But one issue that may be overlooked in the heat of such a battle is whether the employee’s taking of certain information also implicates data breach laws. The former employee may not have intended to take personally identifying information (PII), as this information was simply swept up when he or she copied entire directories, folders or types of files that happen to contain PII, but that does not necessarily relieve you of your obligations. Depending on which state or federal law applies, it is possible that a data breach has occurred, triggering certain compliance steps. This could include requiring notification to all affected individuals and maybe even to the state – and perhaps even the media, among other groups.
Oct-Dec 2018 Issue