• E-mail this page
• |  Print this page
• | 
• | 
• | 

Keeping Secrets And Finding Clues In Data

Your company (probably) has rules about how frequently systems get backed up, e-mail gets deleted, and other data-retention issues. But would those policies hurt if your company was suddenly yanked into litigation, especially noncompete, patent infringement, or trade-secret cases?

You'd be surprised how rapidly events unfold in intellectual property, or IP, cases, says Joel Mohrman, senior intellectual property litigator in the Houston, Texas, office of national law firm McGlinchey Stafford PLLC.

If a former employee was suspected of taking business secrets to a new employer, would you be ready to "lock-down" e-mail or other systems to find evidence showing information was smuggled out? How would your company discover its smoking gun?

Intellectual property disputes "don't always involve the secrets of a new high-tech widget," Mohrman says. In fact, one of the trade-secret cases lawyers often like to cite involved a new pencil, says Mohrman. That's not exactly bleeding-edge technology, is it?

So, if you're a CIO of a bank getting ready to launch a brand-new financial service, or an insurance firm that tries to keep its client details confidential, or are the tech leader of any other business with valuable information you don't want leaking out, you might consider rethinking your company's data retention policies and procedures from time to time.

"IT people have a fetish about reformatting PCs," says Mohrman. At many companies, as soon as an employee leaves for a new job, the worker's PC is quickly cleaned up and reformatted so that another person can use the hand-me-down, he says.

"These PCs never sit around on a shelf" at some companies, he says. The problem with that resourcefulness (or frugalness) is that the computer could've been a potential "gold mine" of evidence if the company later needs to show that data was stolen, or other unethical or illegal activities occurred, he says.

CIOs need flexibility and vision when considering modifications to data-retention procedures and electronic information-storage policies, he says. CIOs should periodically reassess retention and storage policies with company management, and maybe an attorney and/or a vendor that can help sort out new concerns and issues.

Not that CIOs don't already have enough to worry about, but Mohrman also suggests that tech leaders consider ways of retaining information that's coming in from other sources such as security cameras, electronic-ID card swipes, and even copy machine page-counters. All of those can provide clues on after-hours data theft or other suspicious activities, he says.

Finally, Mohrman advises companies to "develop a culture of confidentiality" in which employees are made aware of the rules in using, sharing, or taking company information. "You don't want to create a police state, but if you ever end up in court, the judge will be looking at how you protect your information," he says.

"If it's confidential, label it confidential. If it's in a file cabinet, lock it. If it's in a computer, consider making it password-protected," he says.

What sorts of changes would you make to your company's rules about data confidentiality and retention?

« Resurrecting Speed | Main | Enterprise 2.0: Power To The People »