January 20, 2014 11:05 am

Corporate security on the brink

Edward Snowden spoke about fighting government surveillance in a televised message on Britain's Channel 4 News. Two news organizations have published editorials asking for clemency for Snowden.

Screenshot/Channel 4

Just as Edward Snowden proved to the political classes that the technological malfeasance of a single bad actor can undermine global security, at this very moment hundreds of kindred scoundrels are mining corporate data unchecked, diminishing or even razing corporations’ very worth in the dark. If they are not already, today’s captains of industry should be very worried.

Story continues below

Intellectual property is the bedrock of every company’s value.  Today’s corporate leadership can neither afford to ignore the threats that lurk in the technological ether nor admit their vulnerability for fear of lost investor confidence. And as banks have known for years and Edward Snowden proved, the greatest threat to any organization comes from within.

While Snowden reportedly stole and disseminated data for no material gain, most corporate theft is committed for simpler reasons.  Whether induced by a competitor or working on their own initiative and impulse, most data thieves are in it for themselves. Even employees who simply migrate from one firm to another  often compromise – wittingly or not – the security of any organization’s intellectual property.

Canada’s corporate and legal communities are struggling to navigate these emerging perils. Wary of investor insecurity, corporations are naturally loath to admit or even discuss internal vulnerabilities and one suspects that massive data theft often goes unreported both to stakeholders and the authorities. Often dependent on the inchoate and inexpert prescriptions of generalist counsel – or worse yet overly cautious legal experts that are anything but – corporate leadership seeking solutions may feel that they have few places to turn.

Yet there are solutions. Self-evidently, organizations must depend on ever-more sophisticated security technologies – which must balance employees’ expanding rights to privacy and need for information with the legal and proprietary interests of the employer.  Yet those technologies, even if superbly designed, implemented and administered, are not enough. They must be coupled with state-of-the-art legal protections and incentives.

Non-compete clauses in employment contracts cannot do the job. Our courts consistently rule that such restrictions are contrary to public policy as they unnecessarily restrict a departing employee from working in their area of expertise and, as such, are unenforceable.  Employers and their lawyers may also beef up confidentiality clauses in employment contracts in an attempt to limit the damage – but this tactic achieves little beyond the creation of a psychic frame intended to intimidate potential defectors. That too, is helpful but insufficient. In response, the new employer is likely to indemnify its new employee from any potential damages claimed by the ex-employer as a result of a departure with key information. The better the information, the better the protections the beneficiary new employer is prepared to offer.

Employment lawyers working the cutting edge of data security create legal protections that maximize the use of both carrots and sticks. Carrots are sweetened by the promise of deferred options and profit – sometimes referred to as “golden handcuffs”. Such incentives are designed so as to make an employee’s departure to the competition an irrational choice. Sticks are no longer pointed only at departing employees that breach their contracts, but now – usually more importantly -  at the competitor that might benefit. For if an employer can prove that the competition is aware of a prospective employee’s extant contract or information – yet nonetheless encourages that employee to deliver proprietary data – they are culpable and strong legal action should be taken.   Such aggressive remedies will benefit employers and the private sector at large, creating an improved legal frame that mitigates or even eliminates the assumed benefits of the incentivized recruitment. As a result, employers at large will enjoy both greater data security and employee loyalty.

Neither the public nor the private sectors should ever accept data theft as inevitable. Nor should anyone allow such theft to go undetected or unchallenged. It is essential that we remain constantly vigilant – using those remedies already available, and designing and implementing new tactics and frameworks as necessary. In our experience, the courts are receptive to enforcing creative novel lawsuits to deal with newly developing problems. We must also work with the courts, our legislators, and our international partners to ensure not only the best practices possible, but a fair and honest global market. Only through all of those measures can we ensure our country’s, our corporations’ and our families’ ongoing financial security.

Brian A. Grosman and Howard Levitt are employment and labour lawyers. 

© Brian A. Grosman Q.C. and Howard Levitt, Levitt & Grosman LLP, 2014

Report an error

Comments