Published on:

Cyber Security Alert: How to protect your proprietary information from employees

11 April 2013

Click here for the latest articles on Data Technology, Privacy & Security.

Hotel Lawyer on technology challenges to your proprietary and sensitive corporate information. The continuing advances of technology continue to present a double edged sword. On the one edge are tremendous cost savings, efficiencies and power to manage information. On the other edge are daunting issues of information security and privacy.

In the article below, two of our Global Hospitality Group® lawyers talk about a recent court decision from the respected second circuit in New York that has important implications for every employer in the hospitality industry. It serves as a reminder that good employee handbooks and company policies are important to protecting your valuable business information and electronic data.

Here is what it is all about.


Cyber Security: The long arm of the law
gets a little longer

by
Robert E. Braun and Michael A. Gold ] Hotel Lawyers

New case from the second circuit in NY

Multinational companies, like hotel companies, often face challenges in enforcing claims against their employees and agents located in foreign jurisdictions. In December 2012, a federal appeals court decision — MacDermid, Inc. v. Deiter, No. 11-5388-cv (2nd Cir. Dec. 26, 2012) — made enforcement a bit easier when a company goes after employees who commit cyber theft beyond U.S. borders.

In this case, a Connecticut-based chemical company employed an account representative in Canada, and when the employee learned that she was to be terminated, downloaded to her personal email account data files that the company alleged were confidential and proprietary. The company sued the employee “alleging unauthorized access and misuse of a computer system and misappropriation of trade secrets.” The terminated employee moved to dismiss the complaint for lack of personal jurisdiction. The trial court agreed with the Canadian employee because she had not used a computer in Connecticut. The Court of Appeals, however, held that jurisdiction over the defendant employee in Connecticut, where she had never physically visited, was established when she intentionally accessed the Connecticut servers.

Defining a path to protect sensitive information

Hotel brands and managers have employees in a wide variety of jurisdictions, often worldwide, and the vast array of foreign laws, regulations and policies can make it difficult to establish clear and comprehensive security plans, and even more difficult to enforce them. This decision creates a clearer path for multinational companies to protect their key business information.

The company in MacDermid won because (1) it had a written policy that both identified the location of its servers that stored the company’s proprietary and confidential electronic data, and (2) the company made it a condition of employment that employees acknowledge in writing that they were not authorized to transfer that information to their personal email accounts.

Two important factors

The Court observed that “[m]ost Internet users, perhaps, have no idea of the location of the servers through which they send their emails. Here, however, [the company] has alleged that [the employee] knew that the email servers she used and the confidential files she misappropriated were both located in Connecticut.”

The Court also said that “employees of [the company] and its subsidiaries are, as a condition of employment, made aware of the housing of the companies’ email system and their confidential and proprietary information in Waterbury” and that the employee “agreed in writing to safeguard and to properly use [the company’s] confidential information and that she was not authorized to transfer such information to a personal email account.”

MacDermid offers a clear lesson for companies. Employee handbooks must contain a policy dealing with proprietary and sensitive information, with clear restrictions on use and prohibiting improper downloading of information from company servers. Also, companies with offshore employees should explicitly disclose the existence and the location of the servers that store confidential information, so that an employee who improperly downloads confidential information can be sued in the company’s home jurisdiction.

Getting the “home field” advantage

This gives the company, rather than the employee, the “home field” advantage. Most companies do not explicitly identify where their data is located. And, where companies use cloud computing services, they may not even know. But whenever possible, companies should include this information in their employee policies. Employers will usually be better off suing and enforcing their rights in their home state, rather than a foreign jurisdiction.

Here are some of the ways JMBM helps clients with data security matters

The JMBM Global Hospitality Group® and the JMBM Cybersecurity & Privacy Group work with clients to establish and enforce data security policies, and assists clients when there are breaches. We have helped a variety of clients, including hospitality companies, in developing compliance programs, addressing data breach issues, and negotiating contracts with vendors and providers.

Here are some of the ways we help clients with data security matters:

  • Respond to data breaches, including selecting appropriate technology and forensics experts
  • Develop and implement data breach response plans and procedures, and related privacy, information security and data retention policies and procedures
  • Address statutory and regulatory issues
  • Develop effective solutions for protecting and managing information assets and complying with legal requirements, using an approach that will contain costs and maintain operational efficiency
  • Advise clients on international privacy laws and rules on their businesses, including the U.S.–E.U. Safe Harbor Program
  • Address legal challenges posed by social media and mobile applications
  • Negotiate agreements for technologies and services to implement information management systems
  • Conduct internal investigations, particularly those involving sensitive electronically stored information
  • Assist companies in developing appropriate governance tools to the board of directors and executive management levels to address cyber risk

Click here for more information, including specific examples of projects undertaken for representative clients.

Other information about cybersecurity issues

If this article was of interest, you may also wish to read other articles on “Data Technology, Privacy & Security,” which include the following articles:

What every hotel owner (and operator) needs to know about “data security” after the Wyndham case

What the Target data security breaches mean for hoteliers

Cyber Security Alert: How to protect your proprietary information from employees

Hotel Lawyer Privacy Alert: Do your hotel mobile apps comply with new interpretations of online privacy rules?

Hotel Liability for Guest Information — What you need to know and how to avoid liability.

Losing the expectation of privacy bit by bit, byte by byte.

Dodd-Frank Act presents Hotels with decisions on credit and debit card charges.

Bob BraunBob Braun is a Senior Member of JMBM’s Global Hospitality Group® and is Co-Chair of the Firm’s Cybersecurity & Privacy Group. Bob has more than 20 years experience in representing hotel owners and developers in their contracts, relationships and disputes with hotel managers, licensors, franchisors and brands, and has negotiated hundreds of hotel management and franchise agreements. His practice includes experience with virtually every significant hotel brand and manager.

Bob also advises clients on condo hotel securities issues and many transactional matters, including entity formation, financing, and joint ventures, and works with companies on their data technology, privacy and security matters. These include software licensing, cloud computing, e-commerce, data processing and outsourcing agreements for the hospitality industry.

In addition, Bob is a frequent lecturer as an expert in technology, privacy and data security issues, and is one of only two attorneys in the 2015 listing of SuperLawyers to be recognized for expertise in Information Technology. Bob is on the Advisory Board of the Information Systems Security Association, Los Angeles chapter, and a member of the International Association of Privacy Professionals. Contact Bob Braun at 310.785.5331 or rbraun@jmbm.com.

This is Jim Butler, author of www.HotelLawBlog.com and hotel lawyer, signing off. Why don’t you give us a call (or send an email) and let us know what you working on. We would like to see if our experience might help you create value or avoid unnecessary pitfalls. Who’s your hotel lawyer?


Our Perspective. We represent hotel owners, developers and investors. We have helped our clients find business and legal solutions for more than $125 billion of hotel transactions, involving more than 4,700 properties all over the world. We bring this experience to any hotel project — big or small. Let’s explore how it might work for you. For more information, please contact Jim Butler at jbutler@jmbm.com or +1 (310) 201-3526.

Jim Butler is a founding partner of JMBM, and Chairman of its Global Hospitality Group® and Chinese Investment Group®. Jim is one of the top hospitality attorneys in the world. GOOGLE “hotel lawyer” and you will see why. Jim and his team are more than “just” great hotel lawyers. They are also hospitality consultants and business advisors. They are deal makers. They can help find the right operator or capital provider. They know who to call and how to reach them.

 

Contact Information