Here’s a good article for your files, and to point out to your legal counsel to point out the very real insider threat to information security and privacy…
A Massachusetts trial court recently ruled that the unauthorized transfer of electronic files is actionable as a conversion under Massachusetts’ common law.
Basically an employee of Network Systems Architects (NSA) Corporation, Michael Dimitruk, had a bunch of confidential information on the laptop they supplied to him to perform his work as a sales representative. When Dimitruk left NSA to work for a competitor, he took the laptop with him, even though NSA asked for the laptop back. When he finally returned it months later, he had scrubbed all the data from the laptop, and apparently also took several of NSA’s customers based upon the sales he was making at his new employer.
You could use the docket from the link provided to create a really great case study about how to establish controls to prevent against the insider threat.
The court’s decision supported the opinion that the common law tort of conversion (very generally that someone took possession of someone else’s property) can be applied to deletions and misappropriations of documents and data stored on electronic media. In other words, the court understood that an electronic computer file, similar to a paper document, is information placed in a tangible form and under certain circumstances is subject to similar legal treatment.
You lawyer should understand that this decision supports the need to protect digital data just as stringently as printed material, and should also point out to your business leaders the need for strong controls to help protect against the insider threat.
Tags: awareness and training, Information Security, insider threat, IT compliance, Michael Mimitruk, Network Systems Architects, policies and procedures, risk management, security awareness, security controls, security training