Recently, Peak was asked to assist a law firm who’s client, a large service provider (we will call them “Company A”), had had an account manager leave abruptly and go to work for a competitor.
Account managers at this service provider develop deep relationships with the customers they service, and compile account and customer data that allows “Company A” to both foster excellent client relationships as well as be highly competitive. Since the account manager had access to all of this proprietary data, along with job cost estimating templates, etc. “Company A” was rightfully concerned about their data migrating to the account manager’s new firm, which we will call “Company B”.
A computer forensics examination of the account manager’s computer at “Company A” along with an analysis of her sent emails that had attachments clearly showed that she had taken specific files that “Company A” was very concerned about. Apparently, the account manager was emailing the attachments from her “Company A” corporate email address to her personal email address. Effective? Yes. Likely to be seen during a “post-employment” forensic review? You bet.
At this point, “Company B” acknowledged that the employee, who they still planned to keep, had introduced the “Company A” data to “Company B’s” computer system.
“Company A” sat down with their counsel and Peak and came up with a list of client names and other relevant concepts that could be used to search data. Peak then searched multiple computers used by the former account manager including her own personal computer, her web based email account, her new work computer at “Company B” and a number of location on the server used by “Company B.” Once all of the data was found in its various locations (including the server backups), it was wiped to prevent further use by Company “B”.
Once the data had been wiped, both parties agreed that the information was no longer available to Company “B” and after some further settlement negotiation, everyone walked away from the situation reasonably happy.
In hindsight, Company “A” would benefit from a better secured document management system and prophylactic “end of employment” forensic reviews of computers used by all account managers when they leave (either by choice or termination). Company “B” would be wise to recognize that if the employee took confidential data from Company “A”, there is nothing to suggest she might not do the same thing when she eventually leaves Company “B.”
Category:Forensics and E-DiscoveryWin Column