How to prevent staff stealing confidential data

12 February 2018

This article was featured in the March 2018 issue of the magazine.

Danny Done, managing director at Portfolio Payroll, discusses 

How safe is my data? This is a question that business owners everywhere should be asking themselves as theft of confidential data poses a very real and ever-growing threat. Perhaps surprisingly, the culprits for the most part are not international cybercriminals, but rather the company’s own employees. Statistics from the High Court show cases against staff stealing confidential data increased by 25% from 2015 to 2016. The reason for such an increase could be placed on the rise in employee dissatisfaction and an increased access to confidential data and information in today’s digital environment. 

To prevent the theft of data it is important to first understand when these instances occur. Most commonly, employees will look to steal data when they are either dissatisfied with the current workplace environment or when they have secured another role at a different company and are looking to provide their new firm with a competitive advantage. Businesses most at threat are those in relationship-based industries, such as recruitment, sales or legal, as client lists and contact information can be easily taken and are of great value. Those operating in the tech and financial industries are also at risk as they look to protect their trade secrets. 

Businesses should make active attempts to reduce the likelihood of theft. Having clear, well-drafted company policies will discourage the dissemination of confidential information. These policies can cover the handling of confidential data and the use of personal mobile phone devices in the workplace; no longer does an individual need physical copies of documents, instead they can easily use personal devices to obtain company data. Rules on the disposal of confidential documents and the sending of emails to personal email accounts should also be properly enforced. 

Contractual terms can also be used to prevent data theft. Businesses may wish to include an additional confidentiality clause as standard into their contracts of employment. Although there is an implied term of fidelity in all contracts, a separate clause reaffirming this point is an effective tool in discouraging data theft during employment. Any post-termination restrictive covenants should contain clauses relating to confidentiality to reduce the possibility of data being used once employment is over. 

Employers may find it is during notice periods when data theft is most likely to occur. Using garden leave can prevent data theft when the departing employee has a significant level of access to information. As a result of being unable to attend the workplace, the employee’s proximity to confidential data will be greatly reduced. In addition, the employee remains bound by their contractual terms during the garden-leave period so any terms regarding confidentiality and the use of confidential data will continue to apply. 

.

..include an additional confidentiality clause as standard into their contracts of employment

 

The role of different departments within the business will help to prevent the theft of confidential data. This begins as early as the interview process, where the human resources (HR) department can check the references of any applicant and conduct necessary background checks in an initial attempt to assess the candidate’s integrity. The IT department will be responsible for maintaining security systems and password access to reduce the overall risk of theft. Whilst employers can carry out online monitoring, and review the download history of employees, staff should be informed that this may be carried out in advance of any monitoring. In order to avoid breaching their right to privacy, any monitoring should be proportionate and necessary, with alternative methods looked in to first. When employees left the company, the HR and IT teams should work together quickly and efficiently to ensure former employees no longer have access to company profiles. 

As data theft is likely to take place when employees are unhappy within their role or are looking to set up their own business or move to a competitor, employers can reduce the likelihood of data theft by keeping current employees engaged and taking positive steps to avoid having a disgruntled or dissatisfied workforce. Research from Randstad UK shows that workers value salary, job security and a positive working environment above all other workplace factors; therefore, employers should consider how they focus on these factors in their business and set in place positive changes to help boost retention and keep morale high. 

Employees who are dissatisfied should be given the platform to express their opinions openly to their line manager, usually through raising a formal grievance, and where these are upheld employers should take steps to resolve and remedy their grievance. Employee assistance programmes -are also a useful tool in providing employees with an additional platform for them to discuss any issues, whether these are work related or personal. Providing employee support will increase engagement and create a positive workforce who are less likely to steal confidential data for their own interests.