Severe Penalties for Violating Company Policy 10:36, December 9, 2016

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Our Resources

Severe Penalties for Violating Company Policy

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Employees are an employer’s greatest assets, but we can also be liabilities (literally) when we don’t take our employer’s interests and workplace policies seriously. We can be fired, sued, and even imprisoned for actions that violate company policy. While we should all strive to be good people, we need to be conscious of decisions that are bad for all of us. Two recent court actions provide examples.

Conflicts of Interest

Conflicts of interest are common in the workplace. While large companies will most likely enforce a conflicts of interest policy, it’s not required as employees can violate the unspoken policy that their personal interests don’t conflict with business ones. A recent Ninth Circuit Court of Appeals opinion explains a particularly ominous conflict of interest example of starting a competing business:

[David] Nosal worked at the executive search firm Korn/Ferry International when he decided to launch a competitor along with a group of co-workers. Before leaving Korn/Ferry, Nosal’s colleagues began downloading confidential information from a Korn/Ferry database to use at their new enterprise.

Sure, people start competing businesses all the time. In regards to policies, Entrepreneur states that “most companies don’t explicitly ban employees from working for others, or operating a side business.” However, the conflict of interest in Nosal’s case was working for an employer and doing things to compete with it at the same time, such as helping his colleagues download confidential information. He violated an unspoken duty of loyalty. Employers “will expect to be your first priority if there’s any conflict of priorities” when they are “paying you for your time.”

Data Security Stories of Pain: Unauthorized Access and Shadow IT

The Nosal case also provides a harrowing example of how violating a company’s data security policy can land employees in federal prison. In addition to violating Korn/Ferry’s information security use restrictions, Nosal violated its access restrictions. He convinced a former assistant to give him her credentials and access Korn/Ferry’s database after the company revoked his computer credentials. Where the “use” violation was a conflict of interest, the “access” violation constituted computer fraud under the Computer Fraud and Abuse Act (CFAA), a federal criminal statute. While one of the judges described Nosal’s activity as an ineffectual case of password sharing, an unfortunately common activity, the Court’s confirmation of Nosal’s conviction nonetheless underscores the importance of data security in the workplace.

Shadow IT

In addition to unauthorized access and password reuse, shadow IT is a common cybersecurity practice that can get employees fired if misused.

Bernice Forrester found that out the hard way when she sent confidential work information to her personal email address. As we reported in a previous post, Courts Take Opposing Approaches to Data Security, her employer, the federal government, “discovered the online security breach and suspended Forrester’s security clearance, effectively terminating her employment.” Shadow IT is not always bad; it’s a great way for companies “to maximize the benefits of using Shadow IT to improve workflows, facilitate internal and external communication, and preserve overall security” as long as it implements clear guidelines and practices.

Policy breaches hurt companies and employees. Paying attention to and respecting our employer’s conflict of interest and data security policies doesn’t just protect the company, it protects us, too.

LawRoom (powered by EverFi) delivers online compliance courses to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.

You might also be interested in...

  • Don’t “WannaCry”? Take Charge & Raise Cybersecurity AwarenessJune 1, 2017 Don’t “WannaCry”? Take Charge & Raise Cybersecurity Awareness If even the National Security Administration (N.S.A.) can have its secrets stolen and exploited, what about private companies that have profit (not data security and intelligence) as their prime directive? According to the New York Times, cybercriminals turned stolen N.S.A. hacking tools […] Posted in data security
  • ACC Annual Meeting Insights About Data SecurityOctober 24, 2016 ACC Annual Meeting Insights About Data Security LawRoom had the opportunity to attend the Association of Corporate Counsel (ACC) Annual Meeting in San Francisco. In-house counsel, compliance experts, and industry leaders from companies provided topical insights into critical legal issues facing businesses of all sizes. The most […] Posted in data security
Douglas Kelly
Douglas Kelly is EverFi's lead legal editor. He writes on corporate compliance and culture, analyzing new case law, legislation and regulations affecting US companies. Before joining EverFi, he litigated federal and state employment cases and wrote about legal trends. He earned his JD from Berkeley Law and BBA from Emory University.

Leave a Reply

Leave a Reply

White Paper
Data Security training
for employees

  |   Download White Paper


Compliance Course Catalog
  |   Download Catalog