The Undoing of a Corporate IP Thief

January 2007

By: Brian T. Moriarty and John F. Curran Jr.

New England In-House

The following is an excerpt from the article:

Recent studies indicate over 92 percent of all business information is stored electronically. It’s no surprise then that companies invest heavily in network security to guard against outside threats.

But the greatest threat may come from the inside: An employee who walks out the door with reams of intellectual property secreted in his pocket on a device no larger than a pack of gum. Once copied, that information can be easily taken to a competitor or used by the employee to form a new competitive venture.

When a company suspects its IP has been stolen by an insider, in-house counsel’s first instinct may be to examine the data on the departed employee’s computer, find the “smoking gun,” and stop the thief cold.

Don’t touch the hard drive

Although the critical evidence is usually found on the employee’s computer, prematurely following one’s instincts may irrevocably  compromise the investigation. Do not immediately search the ex-employee’s computer, because there is a real danger of altering or overwriting data critical to your investigation by merely turning on the computer. Instead, secure the computer under lock and key for later analysis.

The second thing to consider is there may not be “smoking gun” evidence. Most successful investigations are built on many small and large pieces of evidence from multiple sources, which may collectively show wrongdoing or, just as importantly, a lack of wrongdoing.

Because an analysis of computer data may be the lynchpin of an investigation, it must be approached in a way that preserves, but does not destroy or create evidence. As has been seen time and time again, a botched “crime scene” preservation leads inevitably to a failed investigation.

To read more, please click on the PDF tab above.

PDF FileView as PDF

About

January 2007

By: Brian T. Moriarty and John F. Curran Jr.

New England In-House

The following is an excerpt from the article:

Recent studies indicate over 92 percent of all business information is stored electronically. It’s no surprise then that companies invest heavily in network security to guard against outside threats.

But the greatest threat may come from the inside: An employee who walks out the door with reams of intellectual property secreted in his pocket on a device no larger than a pack of gum. Once copied, that information can be easily taken to a competitor or used by the employee to form a new competitive venture.

When a company suspects its IP has been stolen by an insider, in-house counsel’s first instinct may be to examine the data on the departed employee’s computer, find the “smoking gun,” and stop the thief cold.

Don’t touch the hard drive

Although the critical evidence is usually found on the employee’s computer, prematurely following one’s instincts may irrevocably  compromise the investigation. Do not immediately search the ex-employee’s computer, because there is a real danger of altering or overwriting data critical to your investigation by merely turning on the computer. Instead, secure the computer under lock and key for later analysis.

The second thing to consider is there may not be “smoking gun” evidence. Most successful investigations are built on many small and large pieces of evidence from multiple sources, which may collectively show wrongdoing or, just as importantly, a lack of wrongdoing.

Because an analysis of computer data may be the lynchpin of an investigation, it must be approached in a way that preserves, but does not destroy or create evidence. As has been seen time and time again, a botched “crime scene” preservation leads inevitably to a failed investigation.

To read more, please click on the PDF tab above.

PDF FileView as PDF

Back to the Top