Intellectual Property Theft: How to Stay Out of the Penalty Box

An acrimonious court case between two athletic gear companies provides strategies for discouraging intellectual property theft

One of the most notable cases involving spoliation of evidence is a gender discrimination case, Zubulake v. UBS Warburg, in which some e-mails that should have been preserved as evidence were destroyed. The jury was given an adverse inference instruction. The plaintiff, Laura Zubulake, was eventually awarded an unprecedented $24.7 million. Says Michele Lange, a staff attorney with forensics firm Kroll OnTrak, "Certainly adverse inference played a major role for the jurors in that outcome."

CSOs play a central role in preventing trade secret leaks. But given technology like anonymous e-mail boxes and USB keys, it's getting far more difficult to prevent information leakage. So CSOs must also learn to anticipate situations where trade secrets are at risk, and lead when it comes time to manage an incident. Here are 11 lessons for how to prepare for trade secret misappropriation and avoid messy situations like the one Warrior (which, it's important to remember, is innocent until proven guilty) finds itself in.

1. Create mirror images of hard drives. The security team, working with IT, should always replicate a departing employee's disk drive the day that person leaves for a competitive company. "When we give advice to clients," says Lange, "this is absolutely number one on the list." For large companies that may have hundreds of employees coming and going daily, Lange suggests that the security team identify the riskiest departures, usually those with high levels of access to trade secrets and those who are known to be leaving for a competitor, and target those individuals for priority hard disk imaging. Imaging is important for the defense in a trade secrets case too. Once Easton notified Warrior of its suspicions, the security team at Warrior should have immediately created a mirror image of Ghassemi's drive (whether or not they did is unclear). After all, the judge himself said in his ruling on the motion: "Warrior should have done more to detect and preserve the relevant data under Ghassemi's control."

2. Don't poke around. This is the first of two cardinal sins companies should not commit. The emotional impulse of someone who feels violated is to immediately start rifling through the suspect's computer looking for the smoking gun. Don't. Think of the computer as a crime scene. Just as you wouldn't go around picking up bullet shells or putting your fingerprints on weapons found at the scene, you don't want to start accessing files, plowing through e-mails or otherwise tainting the evidence. The more you do, the more the defense can argue that the evidence is highly unreliable, even tampered with. Once again, this advice applies to the CSO of the company receiving the employee too. Ghassemi's canceling his Yahoo account was, in effect, a severe form of poking around.