Heading off trouble

Ziad Chouieri from the Rights Lawyers takes a look at how to protect data from internal threats with disgruntled staff now becoming a problem.

Tags: The Rights LawyersUnited Arab Emirates
  • E-Mail
By  Ziad Choueiri Published  December 13, 2009 Arabian Computer News Logo

Almost every contract or business venture signed by companies in today's market will include some form of provision relating to the confidentiality of sensitive information which the two contracting parties may become privy to. In general terms, these conditions include the company being held liable for exposure of such information into the market by their own employees.

The global recession has not only hit company finances and business growth but also the exposure of having sensitive information in the hands of employees that have been released due to cost cutting decisions. Combine this with any contractual terms to maintain confidential information with third parties and all of a sudden your once trusted personal assistant may now become your biggest liability to the future of your business.

Third parties will attempt to protect themselves from their exposure through your employees by ensuring that the clauses contained in the contracts clearly hold you liable for the actions of your staff and any exposure that may occur through their actions. This would include the release of information into the market through any means, including accidental. Protection against any release of this nature is often hard to quantify in monetary terms.

How does one place a figure on information leaked into the market?  For most parties that number is often calculated as lost profit. That is to say, what potential business was lost due to this information now being in the public domain. Unfortunately this figure can reach dizzying heights and many would regard them as simply ludicrous. However, the prospect of having to defend yourself in a lawsuit worth millions due to one of your technicians inserting one wrong character in a code or e-mail or a disgruntled employee seeking revenge against you and exposing that information to any third party is a becoming more of a reality in today's Middle Eastern market.

Being involved in the IT industry would mean that your company, in particular those members of staff involved in the maintaining, logging or searching of client's files and information could become your biggest liability. They would be exposed to sensitive information on a daily basis and without the proper conditions in place could very well force you to ask yourself: how far do you trust your own team?  This trust will be reflected in your employment agreements. Have you inserted a term for confidentiality and non-compete?  Do they cover the terms and conditions that you, as a company, are exposed to in third party contracts?  What damages are you entitled to if any of your employees breach these terms?  These are all conditions that must be carefully considered when looking at your exposure and liability with regards to information being handled or stored by you.

But what of ex-employees? Those that have left your company are still a liability to you in the market. How can you be sure that they did not attempt to remove information onto an external drive and take it with them or extract information through other means by e-mailing attachments to private e-mail accounts setup outside the parameters of the company's control? Considering the extent of your liability in the event of a breach in confidentiality and non-disclosure terms, investing in monitoring and tracking software on your systems would be strongly advised.

Coupled with strong contractual provisions that continue to apply after termination or expiry, you should take practical steps. Watching over any information being sent from your company PCs and/or laptops in addition to monitoring data transferred onto external drives would be a prudent precaution to take in order to avoid potential law suits and loss of business and trust with clients.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code