You are on page 1of 39

Methods for Preventing Employee Theft & Embezzlement in the Digital Age

Presented by:

Joel J. Greenwald, Esq.

June 12, 2012

630 Third Ave. 15th Fl. New York, NY 10017 212-644-1310

30 Ramland Rd. Suite 201 Orangeburg, NY 10962 845-589-9300

Non-Compete Issues More Prevalent

Employee turnover
Voluntary and involuntary much more likely now
Especially with sales personnel

Legal trends
Restrictive covenants are more prevalent especially for salespeople (depends on state law)
Enforceability, however, often depends on customization and how narrow


Theft is as easy as push of button

Non-compete agreements

Non-Compete Agreements and Other Restrictive Covenants

Reasonable in geography, duration, scope Must be in writing and protect legitimate business interest Should only be in writing and signed by key employees

Non-solicitation agreements (employees and clients)

More enforceable prevents most harm Should only be provided to and signed by key employees

Confidentiality agreements
Should be signed by all employees Defines proprietary information (trade secrets)

* Boilerplate vs. specifically tailored agreements

What is the Remedy?


Money damages
Hard to quantify
Lost business Lost profits

Additional Causes of Action Available to Employer

Examples of other causes of action against employee


Misappropriation of Trade Secrets Common Law Duty of Loyalty Legal right to Protect Against Unfair Competition Protect Against Conversion of Property Protect Against Outright Theft

Computer Protection
Have a snapshot taken in certain circumstances as employee leaves

Monitoring Your Employees

I can read any email my employee sends or receives

True or False

Why Do Employers Implement Electronic Monitoring and Workplace Surveillance Systems?

To prevent theft To improve productivity

How Does Employees Legal Right To Privacy Interact With An Employers Right To Monitor Workplace Activity?
Courts balance the employees expectation of privacy against the employers need for control and operation in the workplace Courts often distinguish between the employees work-related activities (less privacy), and employees private and personal activities in the workplace (greater right to privacy)

How Much Privacy Does An Employee Have A Legal Right To Expect In Electronic Communications on the Computer?

Under federal and most state law, employer can monitor:

Activity on Company-owned equipment (URLs/ email addresses contacted, times spent) for all communication Content of business-related e-mail on Companyowned equipment

Email/Internet Policy
What an email/internet policy should contain:
Email procedures All email is property of employer no expectation of privacy
Employer has right to monitor (get consent) Offensive, harassing emails are prohibited Passwords shall not be made available to others

Internet procedures Not for personal use Careful about postings Offensive or harassing messages are prohibited

What Are The Legal Limitations On Employers Use Of Video Cameras For Surveillance In The Workplace?
Under many state laws, it is illegal (without a court order) to make any video recording in any restroom, locker room, or other area that has been designated by the employer for changing clothes Dont record audio! Selective surveillance e.g., positioning a hidden camera over the desk of one individual employee may be discriminatory

Can An Employer Monitor The Movement Of Mobile Employees Via Global Positioning Systems (GPS)?
Generally is OK however, should be advised through policies and get consent!! (some states require)

GPS monitoring should probably not be used to track employees during off-duty hours Use only on company equipment it at all
Consult legal counsel before attempting to use any info collected via GPS

Independent Background Checks

Consent and initial notice required (FCRA) Notice of reason for adverse decision Taking action requires care


Getting References
Another source of background information
Get them? Give them? Defamation concerns?


Preventing And Preparing For Theft

Hope for the best but plan for the worst purchase insurance Hire smart use background checks, interviews and testing to screen out dishonest applicants

Electronic monitoring, GPS and video surveillance

Avoid concentrating too much authority in one individual particularly in accounting, bookkeeping, purchasing, and receiving areas


Investigation Concerns
Investigation report: Be thorough, detailed, factual; include documents, photos, interview notes, every page marked confidential (perhaps get outside agency)
Be careful about your threats to thief! - Extortion


Taking Action
Internal discipline/termination;

Cooperate with law enforcement/press criminal charges;

File civil lawsuit; Seek restraining order to prevent use of stolen information/trade secrets Do Not withhold wages!!!

The foregoing is a summary of the laws discussed above for the purpose of providing a general overview of these laws. These materials are not meant, nor should they be construed, to provide information that is specific to any law(s). The above is not legal advice and you should consult with counsel concerning the applicability of any law to your particular situation. MMXII Greenwald Doherty LLP All rights reserved. These materials may not be reproduced without permission.


Visit us online at For more information

Presented by Gregory M. Cancilla

Digital Forensics- The application of science to the identification,

collection, examination, and analysis of data [Electronically Stored Information (ESI)] while preserving the integrity of the information and maintaining a strict chain of custody for the data. SOURCE: Special Publication (SP) 800 series (SP 800-86)

Forensic Specialist- A professional who locates, identifies, collects,

analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered. SOURCE: Special Publication (SP) 800 Series (SP 800-72)

Information created, manipulated, communicated, stored, and best utilized in digital form, requiring the use of computer hardware and software.
- Kenneth J. Withers, Managing Director, The Sedona Conference NORTHWESTERN JOURNAL OF TECHNOLOGY AND INTELLECTUAL PROPERTY Spring 2006

Computers Custodian local & home drives Printers Servers

Network shares Collaboration software & tools Cloud

Any storage device

Mobile devices
e.g., iPad, Android, Blackberry, iPhone

Back up tapes USB drives Memory cards

PDAs Smart phones Digital cameras

Email servers Microsoft Exchange GroupWise Lotus Notes Web hosted email
Gmail Hotmail

Files downloaded/uploaded Audio and video files Digital images Cloud Dropbox Internet History Websites visited Social media communication Facebook posts Twitter tweets

Email archives Symantec Enterprise Vault FrontBridge Zantaz EAS

Any other type of electronic files .doc, .xls, .pdf, .jpg, .cad

Mobile devices are ubiquitous wellsprings of ESI including:


Text messages Contacts Calendars Pictures Taken or stored Videos Call Logs Websites visited Downloads Social networking posts

Take a snapshot in certain circumstances as employee leaves Should the computer be used after incident occurs? What is a forensic copy?

Self Collection (i.e., IT personnel)

Lets let the IT staff do it

Why invest in a forensic expert over IT personnel for data collections?

Verifies complete, defensible data collection
Preserves metadata Maintains chain of custody Neutral third party Least invasive and disruptive to business operations

Self-Collection Pitfalls-Data that is not properly handled can result in:

Inadvertent evidence corruption (spoliation)

Lack of proper chain of custody

Improper judgment call by custodian as to what is responsive Going too broad or narrow with data collection

Why choose a forensic expert over IT personnel for data collections?

Ghost Image

Preservation of metadata
Maintaining chain of custody Logging

Meet and Confer Consultation Forensic Analysis Forensic Harvesting

(on-site, off-site, or remote) Preservation of metadata Maintenance of chain of custody Filters, Boolean, Keywords Date range File specific Data Reconstruction Event Recreation

Handheld Forensics Targeted Collection

Expert Witness Testimony

EnCase Certified Examiner (EnCE) AccessData Certified Examiner (ACE)

Safe Harbor Certification

Open Source vs. Closed Source

Training Experience Tips for retaining a forensic expert

Covering all the Bases

A forensic expert can properly evaluate clients current practices for storing,
archiving, and accessing digital data in light of evidentiary rules and best practices

Engaging a forensic expert ensures clients data collections are conducted in a

forensically sound manner

A forensic expert can formulate a collection plan which would consider clients
e-Discovery workflow, budget and time constraints

forensic experts use cutting-edge technology and follow strict

procedural guidelines to ensure the accuracy of the preservation of evidence

Some of the key forensic tools experts use and are certified in

Guidance Softwares EnCase AccessDatas Forensic Toolkit (FTK) Parabens Network Email Examiner Kroll Ontracks Power Controls Cellebrites Universal Forensics Extraction Device(UFED)

Forensic experts can assist clients in responding to litigation via:

Consulting clients counsel on Meet and Confer

appointments Preemptively preparing forensically sound data collection Developing models for legal hold preservation Bolstering defensibility Satisfying best practices standards and legal requirements Devising practices and implement technology for communication and enforcing legal hold compliance Assisting client counsel in preparation for depositions Serving as an expert witness

Commercial litigation Regulatory


Product Liability Corporate and transactional

Mergers & Acquisitions Second Requests

Intellectual property

Trademark infringement Theft of intellectual property Temporary Restraining Order (TRO) Permanent Injunction

Greg Cancilla, EnCE, ACE is a Certified Computer Forensic Engineer and the Director of Forensics at RVM. He is experienced in the preservation, identification, extraction, documentation and interpretation of computer data. Greg has completed computer forensics training programs from renowned industry outfits, such as New Technologies, Access Data, and Guidance Software (the developers of Encase Forensics Software) among others. As a certified forensic engineer, he has performed countless computer forensics investigations since entering the field in 2003. Additionally, Greg has offered testimony in numerous cases, including presenting a key piece of evidence in Ronald Luri vs. Republic Services, Inc., et al., which rendered the largest verdict in the State of Ohios history. Greg holds a Bachelors Degree in Business Administration and Computer Science from the University of Toledo.
Certifications: EnCase Certified Examiner (EnCE) AccessData Certified Examiner (ACE) Oregon State University Computer Forensics Training

RVM New York (Headquarters)

80 Pine Street, 10th Floor New York, NY 10005

RVM Chicago RVM Cleveland