Severe Penalties for Violating Company Policy

Employees are an employer’s greatest assets, but we can also be liabilities (literally) when we don’t take our employer’s interests and workplace policies seriously. We can be fired, sued, and even imprisoned for actions that violate company policy. While we should all strive to be good people, we need to be conscious of decisions that are bad for all of us. Two recent court actions provide examples.

Conflicts of Interest

Conflicts of interest are common in the workplace. While large companies will most likely enforce a conflicts of interest policy, it’s not required as employees can violate the unspoken policy that their personal interests don’t conflict with business ones. A recent Ninth Circuit Court of Appeals opinion explains a particularly ominous conflict of interest example of starting a competing business:

[David] Nosal worked at the executive search firm Korn/Ferry International when he decided to launch a competitor along with a group of co-workers. Before leaving Korn/Ferry, Nosal’s colleagues began downloading confidential information from a Korn/Ferry database to use at their new enterprise.

Sure, people start competing businesses all the time. In regards to policies, Entrepreneur states that “most companies don’t explicitly ban employees from working for others, or operating a side business.” However, the conflict of interest in Nosal’s case was working for an employer and doing things to compete with it at the same time, such as helping his colleagues download confidential information. He violated an unspoken duty of loyalty. Employers “will expect to be your first priority if there’s any conflict of priorities” when they are “paying you for your time.”

Data Security Stories of Pain: Unauthorized Access and Shadow IT

The Nosal case also provides a harrowing example of how violating a company’s data security policy can land employees in federal prison. In addition to violating Korn/Ferry’s information security use restrictions, Nosal violated its access restrictions. He convinced a former assistant to give him her credentials and access Korn/Ferry’s database after the company revoked his computer credentials. Where the “use” violation was a conflict of interest, the “access” violation constituted computer fraud under the Computer Fraud and Abuse Act (CFAA), a federal criminal statute. While one of the judges described Nosal’s activity as an ineffectual case of password sharing, an unfortunately common activity, the Court’s confirmation of Nosal’s conviction nonetheless underscores the importance of data security in the workplace.

Shadow IT

In addition to unauthorized access and password reuse, shadow IT is a common cybersecurity practice that can get employees fired if misused.

Bernice Forrester found that out the hard way when she sent confidential work information to her personal email address. As we reported in a previous post, Courts Take Opposing Approaches to Data Security, her employer, the federal government, “discovered the online security breach and suspended Forrester’s security clearance, effectively terminating her employment.” Shadow IT is not always bad; it’s a great way for companies “to maximize the benefits of using Shadow IT to improve workflows, facilitate internal and external communication, and preserve overall security” as long as it implements clear guidelines and practices.

Policy breaches hurt companies and employees. Paying attention to and respecting our employer’s conflict of interest and data security policies doesn’t just protect the company, it protects us, too.

LawRoom (powered by EverFi) delivers online compliance courses to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.