These days with companies using more and more outsourced resources, there is always a concern with data security. There is always the risk of individuals being bad actors, whether they are employees or contractors working for a third party. These days most companies will not use stolen competitor data (and most of the time people can tell it was stolen).
If an employee of a company steals data and sells it/provides it to competitors, there are 2 types of remedies. First under the Federal Economic Espionage Act of 1995, it is a potential criminal violation and can be punishable by jail time. From a civil perspective, the company could sue the individual for the damages caused by the release of the data, which would include intellectual property infringement and breach of contract (assuming there is an executed confidentiality agreement or proprietary information agreement with the employee). [side note – it is critical to have a confidentiality agreement/assignment agreement/proprietary information agreement with each employee]
Unfortunately, for the company almost every individual is judgment proof. For instance, let’s say the damage caused was $10mm. There are very very few folks that could pay a $10mm judgment.
Contractor: a contractor/contractor employee has the same confidentiality and IP obligation as an employee (as long as the appropriate documents are in place). An individual that works for the company cannot take trade secrets and sell them/disclose them or they face criminal penalties. In addition, the company is on the hook for their employees and subcontractors conduct. Let’s say that there is a bad guy that takes the confidential information. The company would be on the hook for the $10mm in damages indicated above. Unlike individuals, companies many times can pay the judgments or they have insurance that may cover the damage. The company whose information was disclosed has a shot at real recovery.
All this being said, the concern many companies have is someone “disappearing” with the confidential information or data in a foreign country and then selling or posting the information anonymously on the web. They then argue it is much more difficult to track someone down in these countries (which it can be).
I personally do not see the risk as any greater or less with an outsourced resource rather than an employee (you are basically at risk of the bad actor in both cases) and I see the recourse/recovery as more favorable against a company, even if they have employees/subcontractors in foreign locations (as long as that company is in the United States and has assets).
Recent Comments