Five data leak nightmares

Nightmare five: Downsizing disasters - Data theft increases during mergers, layoffs and reorganizations

When a company announces a merger - or worse, downsizing - employee loyalty can be undermined. "The amount of data offloading during these events is huge," says Robert Yonowitz, a partner with Fisher & Phillips, a law firm that specializes in labor and employment law.

Often, organizations plan poorly for these events, worsening the problem. For example, if a company announces a 10% staff reduction but doesn't say who is safe and who isn't, then the risk of data theft goes up significantly.

If your company isn't expecting to downsize or reorganize anytime soon, don't think that you can rest easy. The same dynamics are in place, albeit on a much smaller scale, any time key employees change jobs. When an employee leaves the company, that person has usually been planning for a month or two prior, which is when most data theft occurs.

According to Yonowitz, 90% of the data loss cases he sees involve customer lists. For instance, when marketing or sales representatives move to competitors, they often promise to bring business with them.

Business relationships fall into a nebulous area. Legally, the company owns the business relationship and the key information the employee gleaned while on the job, but the employee certainly has the right to maintain and update the personal relationships that underpin those larger business relationships.

It's OK, then, for an employee to announce a job change to key contacts. That person could very well be violating a non-compete clause, though, if the announcement is more like a solicitation.

The instances that companies lose sleep over, though, usually go well beyond relationship gray areas. "These cases aren't just about people taking names and addresses, but what I call the 'customer playbook,'" Yonowitz says. "These are things like buying habits, contract terms, expiration dates on those contracts, and the status of potential deals that haven't yet closed."

Time is of the essence in these cases. Yonowitz estimates that 90% of the damage is done within two weeks after the employee's departure. If you don't catch the data loss quickly and respond right away, the damage will already be done.