HR & Management

Published

How to fight data theft

4 Mins

I often hear from our clients in various business sectors, whether those clients are billion pound multinationals or single office businesses with a few employees, that “our client database is one of our most valuable asset.”

Mishcon de Reya and KPMG have recently analysed more than 100 data theft cases on which Mishcon have acted during the past three years revealing an increase of c100 per cent such cases during that period. The report evidences that, by its very nature, the database is frighteningly vulnerable to theft and misuse.

There are a number of ways to prevent and detect data theft. Whilst, due to confines of space, I cannot deal with each option here, a few examples are: having limited access to databases; download/upload tracking software so that movements of data over a certain size are detected; encrypting data; camera surveillance of employees; sealing USB ports; and inserting ‘dummy’ seeds into databases so that mass mail-outs can be detected.

However, if preventive measures do not work and you do find that your database has been misappropriated, it is essential to take immediate and strong action to ensure that the misuse of your database does not reach a stage where the loss to your company is significant. It is better to protect your existing business before it moves elsewhere rather than relying on a large (and often lengthy) damages claim after significant harm has occurred.

If the evidence of misappropriation and misuse of the database is adequately strong, an injunction from the High Court is generally advisable. The following Orders, among others, can be obtained:

a) Search Order – The ‘nuclear weapon’ available to a claimant(s):A Search Order allows for the physical search of the business premises and/or home of the individuals or companies and the removal of certain categories of documents by the aggrieved party. It is essential to have, as part of these Orders, an imaging order requiring a copy all of their computer systems. It is often the case that the best evidence of wrong doing is found on the computers. Our report concludes that 46 percent of data is stolen via email, illustrating that the key evidence is usually found on computers rather than hard copy documents.

The main reason for seeking a Search Order is to ensure the defendants do not destroy, conceal or alter the stolen data and other evidence so as to avoid liability. Invariably, the evidence seized during a search is overwhelmingly strong, which often leads to a quick and favourable settlement.

b) Order for Delivery Up:A Delivery Up Order is an order which requires the delivery up of the stolen confidential information and other categories of documents. Whilst this type of order does not permit entry onto the defendant’s premises it can require the defendant to immediately return stolen data. Such delivery is then confirmed by affidavit. This is still a very powerful order whereby failure to comply can result in contempt of court, leaving the defendant(s) liable to fines and / or imprisonment. A computer imaging order is also generally obtained.

Of course, other legal options are available, but none have the impact of the above Orders. *If you would like a copy of the report prepared by Mishcon de Reya and KPMG, please contact Rob Wynn Jones on Robert.WynnJones@Mishcon.com or 0207 440 7259. Related articlesChanging terms and conditions of employmentHow to choose the right law firmThe alternative to redundanciesPicture source

Share this story

“My wife gives me better advice than my non-exec”
Habitat makes a twit of itself
Send this to a friend