02476 630 498



An employee has left your organisation, stolen your data and gone to a competitor or even set up their own business. This breach of their contract can cause you serious financial implications and may damage your reputation irreparably. Is this something you can afford?


What Does Theft of Data and IP the Workplace Look Like?

Figures have shown High Court cases against employees stealing confidential data from their employers increased by 25 per cent from 2015 to 2016.


But that isn’t the whole story.


This is only those who are caught and where sufficient evidence has been gathered to take the matter to caught. Even if you knew what your employees were doing, would you know how to go about getting evidence?

Here is a recent case study, to show in greater detail one of the many ways that theft of data and IP can happen and what your course of action should be:


The Managing Director of a design agency made contact to discuss concerns that he had a suspicion that one of his employees had stolen company designs and was working freelance, during company hours passing off his employers’ work as his own. Whilst there were employee contractual issues and breaches of contract there was also the issue of the Intellectual Property infringement.


Suspicions had come from the fact that diary entries and logs by the employee did not correlate with his movements, the employee was always making excuses for not being able to attend meetings, was often not contactable on the company mobile phone and is often the case rumour amongst the industry about the employee being self-employed had reached the Managing Director.


Clients are often faced with the dilemma of how they gather evidence to prove their suspicions especially without alerting the individual concerned. The MD had tried to make various enquiries himself but internally within the organisation and externally outside the organisation enquiries could alert the employee to the fact that his activities may be identified.


It was clear from information gathered and the activities of the employee that he was acutely aware that any of his activities or actions could raise suspicion and in his own mind he was being extremely diligent and careful in his activities and approaches.


Clearly the concerns for the MD (notwithstanding the employee in contractual issues) was loss of profit, adverse PR and brand dilution. His question was how he was to gather that evidence?


The employee had a particular interest in projects that involved the automotive industry and initial intelligence led that he was working with a friend designing websites and traditional marketing media based around the automotive industry.


The first challenge for Expert Investigations Group was to create a cover story and an identity which would be appealing to entice the employee to wish to engage with what was potentially a new contract. We spent time with the MD in order to get an understanding of what would be enticing and a cover story and identity was created which involved a new company with a product launch based around the sale of vehicle products, such as alloy wheels, in car entertainment systems, aerials and other such items as windscreen wipers and exhaust covers. This will involve the design of a website to allow customers to view the products, make purchases and have deliveries in accordance with just in time logistics


We made an approach to the employee and the bait was taken and an appointment was made to meet the employee at the work premises of an associate of his. Two officers attended the meeting and the employee and one other person were present. The meeting was actually being conducted in the MD client’s company time and the employee had booked in his diary that he was in another client meeting, belonging to the MD client company.


During the meeting the employee projected images onto a screen from his laptop of work that he claimed was his own, his own design, that he held the IP for them and that he had been in business many years and produced references that he had put into his name that were actually references for the client company.


The meeting took place over two hours, and a further meeting was arranged for the following week. During the second meeting the employee again, during our client’s time, produced IP belonging to our client and was clearly passing off.


Both of the meetings were covertly video recorded, giving clear irrefutable evidence of the marketing material, websites and other relevant IP belonging to our client. Even when sat side-by-side with the employee looking at his laptop our covert cameras were able to clearly see the laptop screen giving supporting evidence.


All of this lawful evidence was given to the client who was then able to deal with the individual not only on the contractual employee related issue, the gross misconduct issue but also on the passing off and the theft of IP.


It is a huge benefit to be able to have the capability to gather covert evidence that is irrefutable that turns your suspicions into the reality of fact.


It's Time to Act

Of course, the ideal situation is one where you don’t have to detect dishonest employees, but instead prevent and disrupt them.


In the UK, unlawfully obtaining or accessing personal data without the consent of the data controller is a criminal offence under section 55 of the Data Protection Act 1998. Sadly, this doesn’t stop employees stealing data and the consequences are so severe it can lead to dismissal and in some cases prison sentences. Whether you are a small, medium or large business, companies must be more vigilant as they don’t think about the impact of employees stealing their data for either personal or third-party use.


We have put together a six-step plan for how companies can protect themselves:



Initiate a Digital Forensic policy within the company to swiftly aid an investigation. It also acts as a deterrent as employees will be aware of it and the increased risk to any attempt to steal data.


Restrict access to data, including remote access to the system. Not all employees need access to everything.



Unless it is a requirement for work, prevent/disable write access to USB slots on all computers (including CD/DVD drives). Monitor the usage and dictate that only company issued USB devices are to be used if they are needed at all.


Use software/hardware protocols to restrict access to web based emails and cloud storage facilities (other than those required for company use).  Rigorously enforce password security.


Initiate/enable system/security event recording on all systems and initiate random testing/checking of employee systems.


Have a rigorous backup system that prevents an employee from deliberately wiping data.


All these measures should be recorded and mandated through employee handbooks and company policies to ensure that there is recourse and disciplinary action will be taken if necessary.


It’s time to act.

Dave Kearns Logo.png