Insider Threats The Overlooked Risks of Departing Employees and Sensitive Data Theft Workplace Privacy Data Management Security Report

pInsider threats continue to present a significant challenge for organizations of all sizes One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive company data These situations can severely impact a business especially when departing employees abscond with confidential business information or trade secrets Focusing on how the theft of such information could cripple a businesss operations competitive advantage etc is warranted It is critical not to overlook however other legal and regulatory implications stemming from the theft of certain data including potential data breach notification obligationsppTrade secrets generally refer to information that has commercial value because its kept secret Examples include formulas patterns programs devices methods and other valuable business data Such data are often the lifeblood of a companys competitive edge These secrets must be safeguarded to retain their value and legal protections under the Uniform Trade Secrets Act UTSA which has been adopted by most states Businesses will need to demonstrate that they took reasonable measures to protect their trade secretsppReasonable safeguards under the UTSA can includeppFailing to adopt such safeguards can jeopardize a companys ability to claim protection for trade secrets and pursue legal remedies if those secrets are stolen Companies should consult with trusted IT and legal advisors to ensure they have adequate safeguardsppWhile the theft of confidential business and trade secret information rightly garners attention focusing exclusively on this aspect may cause companies to miss another critical risk the theft of personal information As part of their efforts to remove company information departing employees may inadvertently or intentionally take personal information such as employee or customer data which could trigger significant legal obligations particularly if accessed or acquired without authorizationppContrary to common assumptions data breach notification laws do not solely apply to stolen Social Security numbers Most state data breach laws define personal information broadly to include elements such asppThe unauthorized access or acquisition of these data elements together with the individuals name can constitute a data breach requiring timely notification to affected individuals and in some cases regulatory authoritiesppIn addition to state breach notification laws that seek to protect personal information companies must consider other regulatory and contractual obligations when sensitive data is stolen For exampleppIgnoring these obligations could expose organizations to fines lawsuits and reputational harm compounding the difficulties already created by the theft of an organizations confidential business informationppThe theft of confidential business information by a departing employee can be devastating for a business However focusing solely on restrictive covenants trade secrets or business information risks overlooking the full scope of legal and regulatory obligations To effectively respond to such incidents companies shouldppWhile dealing with insider threats is undoubtedly challenging taking a comprehensive and proactive approach can help businesses protect their interests and minimize legal exposure In todays interconnected and highly regulated world understanding the full scope of risks and obligations tied to data theft is essential for any businessppJoseph J Lazzarotti is a principal in the Berkeley Heights New Jersey office of Jackson Lewis PC He founded and currently coleads the firms Privacy Data and Cybersecurity practice group edits the firms Privacy Blog and is a Certified Information Privacy Professional CIPPppJoseph J Lazzarotti is a principal in the Berkeley Heights New Jersey office of Jackson Lewis PC He founded and currently coleads the firms Privacy Data and Cybersecurity practice group edits the firms Privacy Blog and is a Certified Information Privacy Professional CIPP with the International Association of Privacy Professionals Trained as an employee benefits lawyer focused on compliance Joe also is a member of the firms Employee Benefits practice groupppIn short his practice focuses on the matrix of laws governing the privacy security and management of data as well as the impact and regulation of social media He also counsels companies on compliance fiduciary taxation and administrative matters with respect to employee benefit plansppPrivacy and cybersecurity experience  Joe counsels multinational national and regional companies in all industries on the broad array of laws regulations best practices and preventive safeguards The following are examples of areas of focus in his practiceppBenefits counseling experience  Joes work in the benefits counseling area covers many areas of employee benefits law Below are some examples of that workppJoe speaks and writes regularly on current employee benefits and data privacy and cybersecurity topics and his work has been published in leading business and legal journals and media outlets such as The Washington Post Inside Counsel Bloomberg The National Law Journal Financial Times Business Insurance HR Magazine and NPR as well as the ABA Journal The American Lawyer Law360 Benders Labor and Employment Bulletin the Australian Privacy Law Bulletin and the Privacy and Data Security Law JournalppJoe served as a judicial law clerk for the Honorable Laura Denvir Stith on the Missouri Court of AppealsppFocused on labor and employment law since 1958 Jackson Lewis PCs 950 attorneys located in major cities nationwide consistently identify and respond to new ways workplace law intersects business We help employers develop proactive strategies strong policies and businessoriented solutions to cultivate highfunctioning workforces that are engaged stable and diverse and share our clients goals to emphasize inclusivity and respect for the contribution of every employeep