Employee steals customer database and then provides it to a competitor she commences work with.
In this case, the theft was proven and the company who owned the customer list was compensated $60,000. The compensation however may not cover the actual loss in customer base and legal costs which were incurred bringing the perpetrator to court. The following security measures would assist businesses, to reduce the risk of a similar incident occurring in their business:
- IT controls restricting employee access, preventing unauthorised access, or preventing downloading of sensitive or confidential data
- IT audits to detect data theft
- Security awareness training
- Employee non-disclosure agreements; and
- An employee contract which includes the following clauses:
- All company property (including assets and information) must be returned at the conclusion of employment;
- The employee must act in the best interest of the company;
- The employee must protect the company from theft, loss, damage, or neglect;
- Any conflicts of interest must be reported immediately; and
- The employee is prohibited from working with a competitor for a specified time at the conclusion of their employment.