0370 270 6000

The true cost of your data

2 December 2010

Data is becoming a highly valuable commodity. The publication of more than 250,000 leaked classified cables from US embassies around the world has caused a worldwide diplomatic crisis. Whilst this scenario is relatively rare it is indicative of the growth in data theft cases around the world. Recent figures from the UK High Court show that the number of cases involving employees taking confidential data from the workplace has risen by 313 per cent in the last year alone.

The recession has meant employees are increasingly looking for ways to earn more money or take clients away and deal with them direct for themselves. Along with the ever-increasing power of devices to store enormous amounts of data in smaller and more concealed designs, it is not surprising that we have seen a spike in cases before the courts.

For about £20, you can buy a USB stick which is about the same size as a cigarette lighter, and which probably has the memory to store an entire client database with pricing information, order dates, policy renewal timings, email addresses, and phone numbers, all nicely ordered and in searchable format. It only takes minutes to download this information, be hidden in a pocket, and then removed from the client’s premises without anyone knowing.

However, to do so would, of course, be illegal. What constitutes confidential information is a complex topic. Whilst information which can be readily found on the internet is obviously not confidential, lists of details of clients and suppliers, pricing structures, secret processes and so on is generally protected by law. Yet often it is far too late to worry about the legal niceties once the information has fallen into the wrong hands – the damage has all been done. Preventing this happening in the first place is clearly a priority for all businesses.

SMEs should consider conducting an assessment of who has access to what information. Usually, it is the more senior people who have access to the most damaging information, but that is not to say that much more junior or secretarial staff can also have access to information which could be very damaging indeed for an employer.

Other useful strategies open to SMEs involve disabling CD Rom drives, and only allowing authorised USB devices in computers. It is possible to set computers to alert you if foreign devices are being used so that people are unable to bring their own USB devices in and use them undetected.

Furthermore, checking an employee’s laptop or PC and mobile phones can be a useful way of detecting adverse activity once they have left. For example, have there been a number of telephone calls with clients which look suspicious? Perhaps there are clients your particular employee has not dealt with for some time and they are being systematically called to alert them of an impending move. Or can these calls be justifiably explained?

Businesses can also retrieve crucial data from an employee’s PC such as looking at when information has been downloaded. Establishing patterns can be very useful when building a case of breach of confidentiality or good faith, and they can often be difficult to explain away.

If in any doubt, it is usually worthwhile instructing a forensic expert to undertake an examination of any electronic devices. Information which may have been deleted can often be forensically recovered, and can prove crucial in establishing liability in any subsequent legal action. There is nothing more powerful than retrieving incriminating emails or documents where often candid discussions have taken place which the employee has assumed has been erased forever when pressing the delete button. If in any doubt, it is usually best not to touch any equipment for fear of interfering in the data recovery process which might dilute the strength of any results.

This article was first published on www.smeweb.com

Focus on...

Press releases

Browne Jacobson strengthens London commercial retail practice with double hire

Browne Jacobson has broadened its commercial retail offering with the appointments of commercial property partner Susan Voice and commercial solicitor Fiona McGurrin into its London office.



The London Fashion Week problem - Brexit and the protection of designs in the UK

London’s prized position as one of the ‘big four’ fashion capitals could be threatened by changes to IP protection following Brexit.


Future of retail - hear from James Reid, EMEA IT Director at Deckers Brands

James Reid of Deckers Brands joins a panel of experts to give a retail perspective on the usage of data, looking particularly at how retailers should keep their data current and relevant in order to enhance the experiences of tomorrow.


Future of retail - hear from Dan Klein, Valtech’s Chief Data Officer

Dan Klein of Valtech joins a panel of experts to explore how retailers are using data to deliver a personalised customer experience that has anonymity.


The content on this page is provided for the purposes of general interest and information. It contains only brief summaries of aspects of the subject matter and does not provide comprehensive statements of the law. It does not constitute legal advice and does not provide a substitute for it.

Mailing list sign up

Select which mailings you would like to receive from us.

Sign up