Ask Rita: An Employee Took Our Confidential Information for Their Own Personal Use and Won’t Give it Back—What Can We Do?

An employee has taken proprietary information and used it to start a competing nonprofit. What is our recourse, if any?

Ask Rita: An Employee Took Our Confidential Information for Their Own Personal Use and Won’t Give it Back—What Can We Do?
8 mins read

Dear Rita,

We’re in a disturbing situation that we never had to deal with before.

Our agency generates a considerable amount of intellectual property and computer data that we designate as proprietary and confidential.

Recently, it became necessary to look at an employee’s work email to get some information on a case they were handling while they were on PTO. That’s when we learned for the first time that this employee has opened their own nonprofit to provide the same services that our agency provides.

In other words, we quickly concluded that this employee is going to compete, and in fact, is competing, with us for grants, funding, and clients. This puts us at a severe disadvantage.

We also learned that the employee conducted all communications and performed work on their own nonprofit while they were supposedly working for us and getting paid for what they submitted as work hours.

Prior to the employee’s return from PTO, we disabled their access to our files and email. When the employee entered the office, we asked to meet with them to discuss what we had learned. The employee then handed us their keys, computer, and a letter of resignation—effective immediately—along with an address to which we could send their final pay.

After this departure, we continued our inquiry and learned that the employee not only sent this confidential information to other personal email addresses but also recruited newer employees to get our propriety information and handle the corporate formation of this now competing agency—all under our roof during workhours.

At the time of hire, we have all new employees sign an agreement that they will not use, take, or remove proprietary, confidential, or any other property for any personal or other unauthorized use during employment or after separation.

We sent a letter to the former employee invoking this agreement and asking for return of all confidential and proprietary information and agency intellectual property which we now know was looted and forwarded to the individual’s personal email address.

The response was silence. But the former employee’s nonprofit just had its grand opening.

We have consulted with a counsel (the one who drafted our agreement) about taking action against this former employee, but just learned that a recent U.S. Supreme Court case may limit our ability to get some kind of relief against this former employee.

Any thoughts, Rita?

Thanks, Victimized


Dear Victimized,

Your situation is certainly unfortunate. However, state and federal laws do provide some degree of protection and offer ways to recover damages for this kind of—no other word for it—embezzlement.

Non-Disclosure Agreement

Fortunately, you have already taken the first step. A properly drafted agreement to all employees serves well any employer that generates, maintains, or develops any proprietary or confidential intellectual property or trade secrets. The agreement should state that confidential information and trade secrets are the property of the employer and can only be used with authorization, and that any violation during or after employment can and will result in discipline, including termination of employment and/or other legal action.

This kind of agreement should always be drafted by experienced employment counsel. The agreement imposes the obligation of the employee to refrain from using company information for their own purpose or any unauthorized purpose. It also creates a basis for liability for money damages or other relief that compensates the employer for harm that the offending employee creates.

Computer Fraud and Abuse Act and the Decision in Van Buren v. USA

One of the laws traditionally used to address these employee violations is the Computer Fraud and Abuse Act, a federal law that created both criminal and civil liability against individuals who “exceed authorized access” of their computers. The U.S. Supreme Court decision you mention is Van Buren v. USA and discusses what “exceeding authorized access” means.

In Van Buren v. USA, the Supreme Court decided that employees, contractors, and others granted access to such information, who then use that information in ways the organization expressly forbids—for the individual’s own benefit or the benefit of others—cannot be held accountable under the Computer Fraud and Abuse Act.

Prior to this Supreme Court decision, organizations used the Computer Fraud and Abuse Act as the primary tool to prevent theft of company intellectual property. The Computer Fraud and Abuse Act was a critical deterrent for theft, as it defined embezzlement of company intellectual property as theft crimes, provided for serious felony charges for these crimes, and made it possible for organizations to get an injunction to stop the employees or contractors from causing further damages.

The analysis is rather complicated but, in short, this law can no longer be used to prosecute insiders who download work files. Take heart, though, all is not lost.

Now, in light of this decision, the agreement we discussed earlier that your former employee signed is essential to protecting the employer’s rights and providing a basis for relief.

Through this agreement, you should make sure employees understand and agree they have no right to take any action that violates the rights of the employer regarding proprietary information or property. If the employee decides to use confidential information or trade secrets for personal reasons or if they plan to walk off with it (or more likely, send it off to a personal email address), the employer has and reserves the right to pursue any available legal remedies against the employees for violations of the agreement.

The Van Buren decision makes clear that misappropriation of confidential information will still be covered by the signed agreement. The employer may take action for violation of that agreement.

No one knows what truly lies in anyone’s heart, but please understand that what your former employee did was not only wrong and damaging to your nonprofit, but also potentially involved criminal and civil violations.

While the recent Supreme Court decision may place some limitation on how you get justice, your signed agreement with the employee provides you an alternative: consult with your counsel on how to pursue your rights to achieve justice.

In case you missed it…

Ask Rita: Recording Conversations in the Workplace—Do I Have to Put Up with This?

You might also like:

 

You made it to the end! Please share this article!

Let’s help other nonprofit leaders succeed! Consider sharing this article with your friends and colleagues via email or social media.

About the Author

Mike Bishop
More Posts

Mike Bishop is a member of the State Bar of California and has been admitted to practice in a number of federal district courts in both California and Ohio. During his legal career, Mike worked for 32 years with a Sacramento law firm, where he focused on employment litigation in both state and federal courts. During that time, he defended employers in litigation.

In 2016, he began his work as an Employment Risk Manager for the Nonprofits Insurance Alliance, assisting nonprofits in evaluating employment risks. Mike lives in Lakewood, Ohio, and is a graduate of the University of California, Davis, with a bachelor’s degree in political science, and a 1982 graduate of the University of the Pacific, McGeorge School of Law.

Articles on Blue Avocado do not provide legal representation or legal advice and should not be used as a substitute for advice or legal counsel. Blue Avocado provides space for the nonprofit sector to express new ideas. The opinions and views expressed in this article are solely those of the authors. They do not purport to reflect or imply the opinions or views of Blue Avocado, its publisher, or affiliated organizations. Blue Avocado, its publisher, and affiliated organizations are not liable for website visitors’ use of the content on Blue Avocado nor for visitors’ decisions about using the Blue Avocado website.

Leave a Reply

Please be respectful. Comments that violate our Comments Policy will be removed.

Your email address will not be published. Required fields are marked *