(Before we begin, we apologise for the ‘clickbaity’ title….and also, we are not legally trained and hence, this article does not constitute legal advice. Please seek a lawyer if you need more clarification.)
Many of us deal with copious amounts of data every day. Some of it is open-sourced, and others are confidential.
Sometimes, it can be very tempting to take away confidential data as it does represent some monetary value to somebody out there. This temptation could be even more pronounced when you are leaving the company to join a direct competitor as this could give you that much needed edge to get a headstart on your career there.
If you are in such a situation, our advice for you is…DON’T EVEN THINK ABOUT IT!
1. Why not?
a. It is morally wrong.
Removal of data that does not belong to you is basically theft, even though you might have spent hours and weeks collecting it, curating it and processing it. It belongs to your company and it should remain that way
b. The data removal can be traced.
Forensic computing is accurate enough to find out who took what data out on which day, at which time via which method, even if the theft occurred months ago.
There are specialists who have the knowledge and tools to uncover your activities, no matter how well you think you have hidden your tracks. It is a matter of time before you get caught.
c. Penalties are severe
Under the Privacy and Data Protection Act (PDPA), all user information is regarded as sacrosanct and should never be removed from the company premises. Breaches will not only result in fines for the company, but also severe outcomes including criminal proceedings against the perpetrator. It’s just simply not worth it.
What’s worse than PDPA, is if you are working in the banking sector where there is specific legislation in the form of the Banking Act. This expressly forbids any disclosure of information and legal prosecution is almost certainly guaranteed.
In 2005, some Relationship Managers at a bank left to join a competing private bank, bringing with them thumb-drives of client information and data. They were eventually tried in court and found guilty, putting their banking careers to an early end. More recently, a local bank employee was jailed 12 weeks for selling the personal information of 37 clients.
d. Long-term damage to reputation
Even if you weren’t caught, the long term damage to your professional reputation would be immeasurable if word were to leak out that you copied private information for private use.
In any event, this data expires quickly and after 6 months, would probably not be of any validity anymore, so why take the risk?
2. But what is confidential information?
There has been a lot of confusion surrounding this, so let’s look briefly at this.
Confidential information used to be limited to ‘trade secrets’, like the secret recipe for Coca-Cola. However, it now could encompass any private data you come across, thanks to the PDPA.
a. Are Corporate Training Manuals or Operational Manuals considered ‘Trade Secrets’?
We never know as it could contain some sensitive information or processes that are proprietary to your company. Our advice is “When in doubt, DO NOT REMOVE!!”
b. The same goes for your rather archaic ‘Namecard box’.
Technically, the contacts in there belong to the company, so leave it behind as well. (The details are probably already on your private phone anyway).
c. Is customer data confidential?
Yes and No. If information like office phone number, job titles or company information/annual reports are freely available online or in the public domain, then it is probably not regarded as confidential.
However, if it isn’t, then please regard it as the property of your company and not take it away. Information like purchasing patterns, budget data, pricing, etc is definitely confidential.
How do you tell the difference?
For instance, as a headhunter, whatever information you get from the candidate that you sourced from his public Linkedin Account is ‘public domain’, but if he were to send you his CV, that would be regarded as ‘Confidential Information’ and shouldn’t be copied out.
d. Are your corporate emails confidential?
Yes. Do not copy!
They are official correspondences. More so if they contain pricing information or private information regarding the clients. Attachments can also be confidential and so are email addresses.
As a general rule of thumb, do not even forward company emails to your private acoount. There is ususally no valid reason to do so and some security softwares are known to flag such activities to the IT Department.
3. Many think if they can’t be caught, then it would be okay to remove data anyway.
Our advice is DON’T!
Computer Forensics today makes detection of data removal as easy as 3 clicks of an off-the-shelf software.
Some ways people think they remove data by the following means:
a. Using a USB Stick.
This always leaves a footprint and there’s no way you can cover it up unless you are a hacker yourself. However, some savvy companies have disabled USB drive access, so this method probably won’t work.
b. Emailing the information to private email, google drive or dropbox.
This leaves a footprint as well, even if you deleted the ‘sent message’ from your folder. Many companies have also barred access to these ‘cloud services’, so that wouldn’t work.
c. Printing a hardcopy then keeping the information.
Aha! So you think you’ve outwitted the Techno-nerds! Think again.
Many of the large multi-function printers you see at the office have built in hard-disk drives to help manage their print spool.
What this means is that every page printed is likely to be imaged, stored and tagged to your userid, so a quick check could easily reveal that you printed 4,215 pages of client data for no valid reason and this could be easily construed as theft, or worse still, Industrial Espionage.
In conclusion, if you are thinking of bringing over any information to your new employers, DON’T!!
Unless that information is already in your head, don’t remove any data. Skills and knowledge acquired over your term of employment does not usually constitute ‘Trade Secrets’ and is more difficult to prosecute, so, these are the ‘assets’ that you can bring over without fear or reprisal or legal action.