In November 2014, ride share service Lyft filed a complaint in San Francisco Superior Court accusing the company’s former COO of stealing confidential product plans and financial information as he exited the company to join rival Uber.
In February 2015, Chesapeake Energy filed a lawsuit contending its former CEO took confidential data, including maps of potential oil and gas drilling sites, and then used the information to start a competitive company.
As accusations like these play out in the courts, it’s a good time to take a look at C-level departures and the need to ensure that the companies they are leaving remain protected. It’s well-documented that intellectual property theft occurs at an alarming rate when employees prepare to leave a company. Recent events, such as the two examples illustrated above, have taught us that this IP theft can occur at the highest levels, where access to a company’s most confidential and sensitive information is typically unfettered.
There are simple, common sense steps that can be taken to mitigate the risks around departing employees, which include:
- Reviewing all online activity that occurred during the 30-day period preceding notice of resignation, or during the period when an employee may believe he or she is going to be terminated.
- Reviewing confidentiality and intellectual property agreements with the departing employee in advance of his or her departure, and requiring a certification that all confidential information in the employee’s possession has been returned and/ or destroyed.
Practices like these should extend to the executive suite, as no one in the company possesses more sensitive information than senior management.
When organizations contemplate a Clevel hire, they typically exercise due care to ensure that they make the right decision to entrust that person with the level of responsibility their position requires. Rigorous interview processes are augmented with extensive background checks. Many boards of directors require investigation into the candidate beyond the standard background checks, often involving private investigators.
Are these organizations and boards exercising the same level of diligence when a senior executive leaves? Do they have processes in place to ensure that the organization’s confidential information is protected?
The CEO should take the lead when any senior executive departure is imminent. This should entail working with legal teams and the most senior information security resource in the organization to review the activity of the departing executive prior to his or her actual departure.
Agreements signed at the beginning of the executive’s tenure should be reviewed with them, and they should be reminded of their obligations, and asked to certify that they are not in possession of confidential information and that they will protect confidentiality after they have left the company.
If the CEO is departing, the board must act. Organizations must designate a director to work with a senior information security resource and legal team to conduct necessary reviews of activity and agreements.
Departing employees who take work product or confidential information with them when they leave cause too much damage for organizations to ignore. And, with departing C-level executives and senior managers, the potential for damage is too great for trust to be the only precaution.