30 September Protecting confidential information from employee theft September 30, 2016 By Reef Admin General 0 As agencies have come to rely more and more on technology, there's been an increase in employees taking important and confidential business information. Matthew Robinson, partner with specialist employment law firm FCB Group, has kindly provided REEF with a number of measures to help members manage this complex and perennial problem. In many instances employees adopt very basic processes to breach their confidentiality obligation, such as using a USB key to copy files or emailing the information to themselves and trying to cover their tracks by deleting the email. The resulting damage to a business can be significant, however there are a number of ways (practically and legally) to prevent this from happening or bring the ex-employee to account for their actions. Prevention is far better than a cure and there are a number of basic protections that can be taken to create barriers to recalcitrant employees taking your data. Employee owned phones – A big no-no Do not allow your employees to have their own phones and be able to access your critical business information from those phones (for example via an app or remote connection). Consider whether the business should supply the phones with full administrative access rights and limits on data transfer, especially synchronisation with a cloud account such as iCloud, Google Drive or Drop Box. This will allow you to monitor their file transfers and remotely disable data transfers if you have particular concerns or suspicions. It also allows you to keep the mobile number after they have left, so you can ensure client calls continue to be answered by your business. Block USB file uploads Consider limiting the ability of files to be transferred from your office computers onto USB keys. There are simple ways to set this up to apply to specific computers within your office. You can designate only certain computers as having authority to transfer files to USB. Use of those computers can be limited to senior and trusted employees. Set up restrictions in email via system rules Most email systems allow you to create rules to manage how emails are sent, received, blocked and even organised. 'Out of Office' is a basic email rule. Most email systems allow an administrator to create a variety of rules that operate without the employee being able to disable them. Just be careful that you comply with workplace surveillance laws and your IT surveillance policy. If in doubt, contact REEF. You may also need to consider obtaining basic IT advice if you aren’t confident doing this yourself. Consider implementing email rules within your office email system, such as: A rule to prevent particular files from being emailed from your system. For example, you could create a rule that prevents RentRoll2016.xlsx from being attached to an email. A rule that automatically bcc's you or another senior manager into an email if it contains more than three attachments or has specific filename types as attachments. You can set these emails to go into a designated email folder, which you can check at the end of each day. Establish blocks on printing certain files Consider including a block or restriction on what files your printer will allow particular users to print. For example, you could create a block that prevents certain filename types from being printed, such as RentRoll2016.xlsx. Dummy entries Despite taking these steps, a determined thief may find a way through. So you may also want to consider including a number of dummy entries into your database that can act as a red flag to tell you someone has taken your data. For example, consider including certain relatives or friends as 'clients' and include their postal and email addresses. If any of these people receive a letter or email from a competitor, then it is probable that your database has been compromised and the letter/email will thankfully tell you who may have it. If all of your dummy 'clients' get the same or similar message, it' s extremely unlikely that it is a coincidence. This opens up your options to take action. Message for employers We often hear claims that there is little that can be done to stop someone taking your information and trading off it, but this is far from the case. If you have used the REEF template employment contracts, then you have a number of significant legal options to not only shut down the ex-employee's misuse of your confidential information and trace were it has been sent, but to also seek financial compensation for their conduct. We do not suggest that you need to take expensive legal proceedings over every breach. Commonsense should prevail. However doing nothing sends a very bad message to the rest of your staff as to what they can take from your business on their departure. Related How can I restrain an ex-employee's conduct? It’s a common misconception that a post-employment restraint in an employee’s contract of employment isn’t worth the paper it’s written on. But the absence of a restraint leaves you with very limited opportunity to restrain an ex-employee's objectionable conduct. Real Estate Industry Award: Out with the old, in with the new After a long battle, the Fair Work Commission has now finalised the four-year award review and the new Real Estate Industry Award will commence on 2 April 2018. Here's what you need to know before the changes kick in. Deductions from an employee's pay When it comes to deductions from an employee’s pay, what’s allowed and what’s not? What amounts can an employer take out before it hits an employee’s hand? Ask an expert: Deducting a PI insurance excess from an employee's wages What if an employee's conduct results in a claim against the agency's professional indemnity insurance policy? Can the amount of the excess be deducted from the employee's wages? How should I manage an underperforming employee? Most businesses will experience a difficult, uncooperative or underperforming employee at some stage. You have to deal with them, but how? Employee deductions: What's allowed, what's not To deduct or not to deduct? When it comes to deductions from an employee's pay, what's allowed and what's not? What amounts can an employer take out before it hits an employee's hand? Comments are closed.