Companies go to great lengths to protect their intellectual property from competitors, but one of the biggest threats to their assets may be from their own employees. It can be difficult to strike a balance between allowing access to information necessary for job functions and protecting information central to a company’s success.

Proper policies and procedures are critical to preventing information theft by employees, but if that situation arises, digging into digital information and including user activity can provide a solid foundation for litigation.

Below are two case studies and their outcomes, as well as best practices for protecting your corporate information.

1. Information destruction by employee

In Devon Energy Corporation v. Donald C. Westacott, Westacott destroyed corporate information just prior to leaving his job. Westacott put in his notice of resignation and, one day after his departure, Devon noticed that data under his control was missing. When asked, Westacott suggested that the data was not present because the hard drive was likely malfunctioning.

Devon immediately preserved the remaining information and performed a forensics investigation. This examination uncovered Google searches for data destruction tools, of which  Westacott had downloaded three and created a boot disk for one. The forensics investigation also showed that the hard drive had been partially wiped using a data destruction tool—among other evidence, there was a large string of consecutive zeroes that is typical of such software. After asking Westacott about the data destruction tool, he eventually admitted that he had used one of them to wipe “personal information.”

Our experts testified to the results of the forensics examination at trial. The jury found that Westacott misappropriated Devon’s trade secrets willfully and maliciously and violated the Computer Fraud and Abuse Act. Devon was awarded $60,000 in compensatory damages and $83,000 in attorney’s fees.

2. Working on another business while at work

For the second case study, an employee at a government agency was terminated. She appealed the termination through an administrative hearing and we performed a forensics preservation and investigation of her computer to provide evidence for the hearing.

An examination of the employee’s Internet history and email showed she spent large amounts of time spent on the Internet, not performing her work duties. Indeed, an examination of her emails showed that she was operating a business on the side. Further, her business was designed to advise individuals wishing to sue her employer. Her appeal was denied and she remained terminated. Take-aways for general counsel

So, what can be done to protect corporate information in scenarios like these? Having well-defined and properly enforced policies for employee computer use and protection of intellectual property policy, as well as a well-drafted non-disclosure and non-competition agreement will help ensure that anyone who violates the rules can be properly prosecuted.

Detecting misuse before an employee quits or is terminated provides much stronger digital evidence for later possible litigation. If a company knows that a termination is imminent, we recommend forensically preserving the employee’s digital devices: desktop, laptop, tablets, smartphones and server shares. And it may be prudent to perform a cursory examination of that information to see if any egregious activity stands out, even if the employee is not suspected of any suspicious conduct. In both of the above cases, early preservation helped maintain the evidence for later use in court.

If general counsel work closely with HR departments and supervisors, many cases of IP misappropriation or theft can be detected early and nipped in the bud. Forensics investigations can provide the necessary evidence for a positive litigation outcome. Though it may be unsettling for corporations to accept that their greatest threats can come from within, they must realize they need to protect themselves and their IP from employee data destruction and fraud.