Perhaps the most well-known data heist perpetrated by an “insider” was Edward Snowden’s appropriation and disclosure of data from the National Security Agency. The Snowden case demonstrated the cost of focusing on external threats to the exclusion of internal bad actors. In the aftermath, companies are increasingly adopting sophisticated technologies that can help prevent the intentional or inadvertent export of corporate IP and other sensitive and proprietary data.
The Legal Risks of Monitoring Employees Online
Companies are increasingly adopting sophisticated technologies that can help prevent the inadvertent or intentional export of corporate IP and other sensitive and proprietary data. Enter data loss prevention, or “DLP” solutions, that help companies detect anomalous patterns or behavior through keystroke logging, network traffic monitoring, natural language processing, and other methods, all while enforcing relevant workplace policies. And while there is a legitimate business case for deploying this technology, DLP tools may implicate a panoply of federal and state privacy laws, ranging from laws around employee monitoring, computer crime, wiretapping, and potentially data breach statutes. Given all of this, companies must consider the legal risks associated with DLP tools before they are implemented and plan accordingly. Companies with personnel around the globe must also devise a compliance strategy that affords the appropriate protections under global law while avoiding unintentionally enhanced privacy protections for U.S. employees beyond those required by U.S. law.