Employees conspiring to steal your business?

Every corporate counsel knows that departing employees often take some form of an employer’s confidential and proprietary information to use at their next job. It is a fact of business and to some limited extent, little can be done (cost-effectively) to wholly prevent some of a company’s know-how from leaving with an employee. It is a matter of degree and often, it is best to deal with the issue by preventative and deterrent measures through non-disclosure and noncompete agreements, company policies and procedures, various types of audits and the like. But, sometimes, despite these preventative measures, employees get together with their colleagues and decide that they can get away with not only taking some small portion of their employer’s confidential and proprietary information, but that they can steal their employer’s business and set up their own shop to compete with their former employer or go to work for an existing competitor.

This article is intended to provide practical assistance to corporate counsel to deter employees from leaving with company information, identifying when such activities are occurring and what to do when faced with the possibility that several departing employees have left with the intent to steal your company’s business.

Prevention

The role of corporate counsel in dealing with conspiracies to steal your company’s business is to implement preventative measures, to facilitate the investigation and identification of such a plan or scheme to steal your company’s business and to assist finding an appropriate solution to such a problem, whether through litigation or otherwise.

Preventative measures should be implemented through published policies and procedures for your company that clearly address such issues as your company’s definition of trade secrets and confidential and proprietary information (which at a minimum should be coextensive with the Virginia Trade Secrets Act) as well as non-disclosure requirements prohibiting employees from disclosing such information not only while working for your company but post-employment as well. Policies pertaining to noncompetition and nonsolicitation should be instituted as well. In order to avoid future problems, employees should be advised that it is the policy of the company that company computer systems and electronic equipment (e.g. PDAs, laptops, cell phones) are to be used for business purposes only and that they are subject to monitoring, including virtual workplaces. Employers should similarly adopt policies prohibiting the non-business use of email and make it clear that all emails utilizing the company’s equipment are subject to monitoring.

In this way, if suspicious activity is uncovered, invasion of privacy claims can be minimized. Upon hiring, written agreements should be entered covering each of these issues and acknowledging that the new employee has reviewed the company’s policies and procedures. Orientation and continuing training to reinforce the company’s policies are also extremely helpful tools to ensure that employees know what the company policies are, what is expected of them and what could occur if they violated these policies. These are some suggested measures that can be easily implemented with the assistance of corporate counsel, although there are many others to consider as well.

Use a checklist

One of the most helpful roles of corporate counsel in identifying the existence of a plan or scheme to steal your company’s business is to ensure that your company adopts a strict checklist of procedures to be taken when an employee departs the company, whether it is voluntary or otherwise. Such procedures act to prevent further implementation of a plan to steal your company’s business but also as an aid in discovering such plans. Among the procedures to be timely taken by a company for these purposes would include: (1) quick return of company property (including computers, PDA, cell phone, company contact list, handbooks, and company documents); (2) routine IT examination of returned electronic property for suspicious activity, such as mass deletion or copying of files or of an entire hard-drive, a transfer of a large amount of files and folders; the use of unauthorized external devices; (3) cancellation of all passwords or other access to email, voicemail, computers, software, web-based accounts and ability to log on to the company’s system; (4) cancellation of building access cards and security passes; (5) procedure for an employee to clean out his/her of office; (6) return of keys regarding building, file cabinet or file room; (7) cancellation of credit cards and calling cards; (8) exit interviews and (9) notification to other employees that individual is no longer employed by company.

However, no matter what policies, procedures and contractual agreements are put in place, there will be employees who will try to conspire together to steal your company’s business. See e.g. Advanced Marine Enterprises, Inc. v. PRC, Inc., 256 Va. 106 (1998)(where conspiracy to hire every employee in PRC Marine engineering department and obtain PRC’s business resulted in over $3 million damage award plus punitive damages and attorney fees).

Recently, on June 7, 2012 the Supreme Court of Virginia decided 21st Century Sys. Inc., v. Perot Systems Government Servs. Inc., 726 S.E. 2d 236 (Va. 2012), a case which once again illustrates that employees continue to believe that they can conspire together for the purpose of willfully and maliciously stealing their employer’s business and get away with it.

In the Perot Systems case, the former employees were caught and a jury found against them, and the company for whom they went to work, on statutory and common-law conspiracy counts, conversion, and seven other counts against individual defendants.

How they got caught is a text-book example of how corporate executives, corporate counsel, internal IT personnel, outside forensic consultants and outside counsel need to work together quickly, skillfully, and systematically to obtain the proof necessary to identify that such a conspiracy is afoot and to gather admissible evidence to immediately thwart the former employees attempt to injure the employer and later for the employer to obtain damages based on the former employees improper actions.

First, in the Perot Services case, the company had policies and procedures in place to protect their confidential and proprietary information as well as non-disclosure, non-compete and non-solicitation agreements with their employees.

The company held mandatory annual training for every employee regarding the handling of confidential information and an orientation for each employee covering the same materials. By putting these policies, procedures, agreements and training in place, when a problem later arose with employees leaving the company and taking certain proprietary information with them, the legal team had a much simpler task of proving that the information taken was confidential and proprietary and the departing employees knew it.

Second, the company’s corporate executives were both knowledgeable and sensitive to their employees’ status with the company and when it appeared that several employees had resigned from the company within days of each other, the unusual nature of the “simultaneous” departures was observed immediately. With their suspicions aroused, company leaders wanted to assure themselves that the company was not about to lose proprietary information. The IT team was called in to review whether the departing employees had exported any large files or large number of files out of the system. When it was discovered that such files were being exported off of the company’s system and copied onto other devices, it became clear that something out of the ordinary was occurring. It was then decided that the internal IT team would monitor present and historical emails of the departing employees and from the emails it became apparent that a number of people were working together to move to another company and collaborating on what to take with them.

Once the company was identified as to where the employees were moving, the IT team was able to run the company’s domain name throughout the entire system and additional employees were identified as likely being part of the plan.

Employee computers were then monitored for other suspicious activity, where it was observed that the contents of confidential and proprietary files and data were physically residing on external devices. The IT team was able to identify the folder names and file names.

At this point, James Rittinger, corporate counsel, retained outside counsel, who implemented a strategy to minimize any harm to the company from the misappropriation of this information. Among the first actions by outside counsel, with the approval of corporate counsel, was to hire a forensic computer team and provide them access to the company’s computer network and system. It was the forensic firm’s task to identify precisely what was going on based on the electronically stored information without affecting the integrity of the information reviewed. To accomplish this, the forensic team, following strict protocol, made exact images (a bit-by-bit duplicate) of the departing employees’ computer hard drives and other electronic devices (e.g. thumb drives) to ensure that the images then existing on the computers and electronic devices would be preserved for later examination and use in any legal proceeding that may result from the investigation. By having an exact duplicate of the images existing on a hard drive, a skilled forensic examiner can generally reconstruct the activities taken on the computer, often including the recovery of deleted files, while preserving a chain of custody and the integrity of the images. While the forensic team worked to identify which files, folders and data had been taken, as well as to provide evidence of who knew what, and when, the legal team went into action and filed for a temporary restraining order and preliminary injunction against the departing employees and the company to which they intended to move, seeking (1) to prohibit the use and disclosure of Perot Systems’ confidential and proprietary information, (2) to prohibit the solicitation or inducement of additional employees to resign and (3) to mandate that the defendants preserve all evidence related to the dispute.

Within one month of identifying the suspicious activities, a temporary restraining order was in place.

When trial was finally held 12 months later, based upon the initial efforts and subsequent efforts supervised by corporate counsel, which included preservation and review of back-up tapes of the operating system and video obtained from surveillance cameras which showed unusual activities by the departing employees, Perot Systems’ legal and forensic teams had been able to fully develop its case against the former employees. Perot Systems was able to obtain verdicts on all 10 of its causes of action, receive an award of compensatory damages (trebled) and punitive damages and its attorneys’ fees and costs. Among its compensatory damages, Perot Systems was compensated for the costs it paid for the outside forensic firm to conduct the forensic investigation.

As was shown in the Perot Systems case, corporate counsel play a critical role in preventing departing employees from working together to steal a company’s proprietary information and business. In addition to preventative actions, once suspicious activity is uncovered, and outside counsel and outside forensic teams are onsite and engaged in their respective activities, corporate counsel must remain active in the decision-making process and in facilitating the ongoing investigation and legal action.

In-house counsel is essential in providing outside counsel with a working knowledge of the company’s policies and procedures as well as providing insight into the relevance and importance of the information that was targeted for misappropriation.

Of all the participants in the investigation and legal process, it is corporate counsel who is best suited to provide the outside experts with access to the type of information that is needed to quickly understand the scope of any illegal activity and to assist litigation counsel in proving it in court.

Employee Departure Procedure Checklist

1.?Return of company property
2.?IT examination of returned electronic property
3.?Cancellation of all passwords or other access info
5.?Clean out office
6.?Return of all keys
7.?Cancellation of credit cards and calling cards
8.?Exit interview
9.?Notify employees that individual is no longer employed by firm

– Michael Barnsback, Bernard DiMuro and Michael Lieberman. Barnsback, DiMuro and Lieberman  practice with DiMuroGinsberg PC in Alexandria. Barnsback was co-trial counsel in Perot Systems Government Servs. Inc. v. 21st Century Sys. Inc.