Litigating When Electronic Information is Stolen

by Eric J. Ryan

In a recent Chicago federal case, an employer claimed a former employee took digital files containing confidential marketing information with her to a competitor. The employer sued under several different legal theories and its successes and failures are a primer on what a company should, and should not, do to protect its electronically-stored confidential information.

Get the Employer’s Name Right!
Like many companies, this employer also had interrelated sister and brother companies. At hiring, the employee signed a contract prohibiting disclosure of confidential information but his contract was not with the company suing in court. Accordingly, the court dismissed one of the employer’s breach of contract claims because the contract’s protections did not extend to the entity damaged. The dismissal of the employer’s breach of contract claim was an avoidable, selfinflicted wound that happens more often than it should. 

Have Policies Pertaining Specifically to Electronic Information
The employer pursued a second contract claim under a more specific contract regarding electronic information. This additional contract provided a second “bite at the apple” for the employer. Although CC&M does not advocate drafting two contracts when one will suffice, this was an instance where a more detailed agreement enabled the employer to seek damages that it could not seek under its general contract.

In the Aftermath, Protect Yourself!
The employer’s last claim was denied because it did not do enough to protect itself after the employee’s departure. Although the employer hired a forensic investigator to analyze what was missing from the employer’s computers, the examination was incomplete and piecemeal. The court identified several areas where the examination could have been more thorough. The lesson here is that there are no half measures; if a company hires a forensic investigator it must ensure the investigator is thorough.

Companies must craft employment agreements carefully to protect all related entities that can be damaged by disclosure of confidential information. Companies also should have specific policies protecting electronic data. And after messy employee departures, companies always should investigate fully the extent of any damage and destroyed information.