72% of CEOs admit taking IP from employer: report

Nearly three-quarters (72%) of CEOs have taken IP from a former employer, according to research released by American software company Code42 on Tuesday.

The "2018 Data Exposure Report" also indicated that 78% of CEOs believe IP-protected ideas are the most precious assets of a business.

As noted by Nick White, partner at Charles Russell Speechlys, it can be challenging to separate personal data from other kinds of confidential information or company IP.

Jeremy Morton, partner at Harbottle & Lewis, noted that while it is not surprising that IP leaks occur when staff leave an organisation, deliberate acts of IP removal and misuse can lead to companies pursuing injunctive relief and criminal remedies.

“Of course, all employees take some IP with them in their heads when they move, and it is equally important that cogent evidence is marshalled before making accusations,” he added.

Sehaj Lamba, solicitor at Mackrell Turner Garrett, said the figures in Code42’s research are surprising but they identify how the protection of company IP is “very difficult to police where human behaviour is concerned”.

However, Peter Singfield, partner at Foot Anstey, said the figures in the report do not surprise him at all.

“The breadth of material that is protected by company intellectual property and or confidentiality makes it almost inevitable that most employees will take company proprietary materials at some level when they leave,” he explained.

Many CEOs (79%) claim that their work ideas, data, and associated IP belong to them, despite company policies indicating otherwise, according to the report.

Alastair Shaw, counsel at Hogan Lovells, said other surveys carried out for the European Commission have similarly indicated that a large proportion of businesses have knowingly suffered the theft of trade secrets by employees.

Lamba explained that employers often require employees to delete and return confidential information when they leave, but putting this into practice can be difficult and expensive to enforce.

Morton said businesses should also carefully consider IP risks when hiring staff from competitors and when concluding settlements with departing employees.

In its report, Code42 suggested that a realistic data security strategy should take human behaviour into account, as well as the cost of preventing and recovering from IP and data theft.

Lamba suggested that educating staff to understand the importance of protecting IP and data can help to foster a culture of trust and understanding, and encourages policies to be followed.

The report, which was conducted by Sapio Research, featured responses from nearly 1,700 security, IT and business leaders from the US, UK, and Germany.

Shaw concluded: “I would expect these findings to be of concern to company boards and shareholders, and may deserve a closer look.”