What can Employers do if they Suspect Theft of Intellectual Property?

By Daniel Hains and Kieren McDonald

 forensic accounting firm brisbane

Trust is the cornerstone of a successful employer-employee relationship.

Business is based upon the mutual trust that employers have in employees to deal with sensitive information such as trade secrets, customer data and access to and control over financial resources.  In return, employees trust that they will be reasonably rewarded for their efforts and loyalty in turn.

Of course, the human element to any business means that this relationship is delicate and can potentially become fractured.  An action interpreted by an employee as a misdeed may influence them to deliberately or negligently cause your business loss by stealing, destroying or leaking your valuable intellectual property.  An employee may also be motivated to do so by an external incentive or unidentified predisposition.  It is also possible that sensitive information is exposed innocently due to poor employee training, security and even charitable gestures.

Avoiding these situations is impossible. Instead, a business should look to prevent or minimise the impact of intellectual property loss should it occur.


As technology grows and improves, the methods for the transmission of data increase.  Cloud applications, webmail and portable USB drives have made transporting information from one location to another trivial.

Restricting access to cloud services and computer USB ports is possible but can pose operational issues depending on the business.

Prepare and implement a policy on responsible data use

Most importantly, make the employee aware of the business’s policy on responsible data use.  This should include clauses in the employment contract dictating the required procedures for storing and handling company data, especially on portable devices such as mobile phones, tablets and laptops used for work.

Resist employing a BYOD (Bring Your Own Device) policy

Where the employee retains ownership of any device which might contain company data, the business has little control over what happens to this data, especially when the employee departs.

Consider providing devices for employee use

If possible, a business should provide mobile devices for employees to use while retaining ownership of them.  The devices should be accompanied by a signed policy which ideally:

  • Requires employees to secure the devices at all times, including using a passcode or other security measure to prevent unauthorised access,
  • Prohibits employees from creating a backup or copy of the information stored on the devices to anywhere other than another device owned by and under the control of the business, and
  • Prohibits employees from deleting any data from the devices. Deleting information or ‘factory resetting’ a device can cause all information and usage history to be deleted, wiping any trace of possible misuse.

Consider an enterprise solution

There are enterprise solutions that facilitate complete control over any business-owned device.  Features of these solutions include allowing for remote support, location tracking, enforcing security measures, remotely deleting company data and securing communications between the device and the business servers when the device is outside the business’s network.  These solutions can be expensive for smaller businesses, so other steps should be taken to reduce the risk of losing sensitive data.

Mobile device accounts should remain under the control of the business

Mobile devices are usually associated with an ‘account’.  This account is specific to the device manufacturer, such as Apple or Samsung, and can complicate the issue of data and device retrieval.  For example, Apple assumes that the owner of the associated account is also the owner of the device which is registered to that account. Therefore, it is important to ensure these devices are associated with accounts which the business has control over.  It could be the employee’s work email address or a centrally managed account controlled by the Administration or IT department.  This will prevent any instance where an employee leaves the company and returns the device in an unusable or locked-down state.

Post-incident Actions

When a senior employee leaves the business, there has been an acrimonious departure, or as soon as there is any suspicion that IP theft might have occurred, arrange to have a secure forensic copy of the employee’s work computer, user profile and any other device made before the employee can tamper with potential evidence. Have this done by a digital forensic expert so that it may be relied on if required during legal proceedings.

Vincents can assist with the forensic acquisition and long-term storage of data from all devices and sources including:

  • Computers;
  • Mobile Phones;
  • Email;
  • Servers;
  • Portable USB drives;
  • NAS devices; and
  • Cloud storage.

All data is handled using forensically-sound and court-proven methods.

Additionally, Vincents can perform the forensic analysis of the acquired data to obtain evidence of user activity relating to IP theft or other matters.  We can provide our analysis in an Independent Expert’s Report and provide Expert Witness testimony in court proceedings where required.

Want to know more?

If you would like to know more about what employers can do if they suspect theft of intellectual property, please contact Forensic Services Director Dan Hains.

An Important Message

While every effort has been made to provide valuable, useful information in this publication, this firm and any related suppliers or associated companies accept no responsibility or any form of liability from reliance upon or use of its contents.  Any suggestions should be considered carefully within your own particular circumstances, as they are intended as general information only.



Related Posts
Benevolent Employers