Do your employees know what their obligations are when it comes to sensitive company information?
Oil worker James Watchorn has been ordered by the
Employment Relations Authority to pay more than $70,000 in fines after he downloaded thousands of sensitive company files from TAG Oil on to an external hard drive, before leaving the company in July 2012.
Watchorn told the ERA he wasn’t aware of the scale of information he had downloaded from the company’s server and claimed that he didn’t realise the business’ geotechnical information was among the data he’d taken.
TAG Oil’s chief operating officer Andrew Cadenhead told the authority that Watchorn went to work for NZEC, one of TAG’s direct competitors in the oil and gas business, and the geophysical data that Watchorn took with him would be of “incalculable value” to a competing organisation.
Watchorn admitted that he downloaded a large amount of TAG’s data to a personal hard drive on 7 June, 2012, a day before going to Canada on holiday, claiming he did so in case he needed to access it for work purposes while on holiday.
He didn’t believe he had breached his employment agreement, but ERA member Trish MacKinnon wasn’t convinced by his explanations, or by his claim that he was using the information as templates for further work
She said that of the 350,000 files downloads, only 1,000 would have been templates, which left 349,000 documents to which Watchorn had no entitlement.
MacKinnon found that Watchorn had breached his employment agreement by taking the documents, but there was no evidence that he had given the information to anyone else.
Blair Scotland, principal at Dundas Street Employment Lawyers, said the increasing number of jobs involving computers made breaches like Watchorn’s likely to become increasingly common.
“It’s hard to take your paper copies of information out the door without being seen, but it’s very easy to put things onto a thumb drive or email them home to yourself.
“We’ve seen a number of cases where employees have either deliberately or sometimes inadvertently taken a whole lot of what is in fact the employer’s property.”
He said employers needed to make sure they had good employment agreements in place which made clear what was considered confidential information and what the employee’s obligations were around copying information.
IT policies that set out what information can be copied, when it’s appropriate to send work-related files to a home address and provide guidance for people about what the employer’s expectations are can also help, said Scotland.
“One of the things that seem to commonly come up is when people claim that they don’t really understand what their obligations are. It’s, ‘This is stuff that I’ve worked on’ or ‘It was just templates’. The other common one you get is, ‘I developed this while working for the employer so therefore, it must be mine’. The legal reality is likely to be that if you developed it at work during the employer’s time, it’s the employer’s because they were paying you to do that.”
Employers should have good IT infrastructure in place to provide protections around the downloading and copying of sensitive material, said Scotland.
“Should it be somewhere password-protected so you can see who has accessed it or moved it around? You wouldn’t leave your jewels and cash lying around on the workplace floor where anyone can help themselves to it. Why would you be leaving your incredibly valuable and important electronic information lying around where anyone can help themselves?”
Do you have policies in place to prevent information being taken by employees?