Out-Law News 1 min. read
08 Feb 2013, 2:09 pm
Systems security provider Symantec said that many employees believe individuals and not companies own intellectual property (IP) created in the work environment.
"Over half do not believe that using competitive data taken from a previous employer is a crime," Symantec said in a new report. "Employees attribute ownership of IP to the person who created it."
"When given the scenario of a software developer who re-uses source code that he or she created for another company, 42% do not believe it is wrong and that a person should have ownership stake in his or her work and inventions. They believe that the developer has the right to re-use the code even when that developer does not have permission from the company. These findings portray today's knowledge workers as unaware that intellectual property belongs to the organisation," it said.
The Symantec report (registration required, 8-page / 155KB PDF) was based on information obtained through a Ponemon Institute survey of more than 3,300 people based in six countries, including the US and UK.
Symantec said that half of the survey respondents had admitted to taking confidential information from a former employer and that 40% said they would "use it in their new jobs".
"This means precious intelligence is also falling into the hands of competitors, causing damage to the losing company and adding risk to the unwitting receiving company," it said.
The report revealed that more than a third (37%) of employees transfer company IP into cloud storage without permission and that those individuals "rarely" ensure that the data is deleted after the transfer. Confidential information has also been transferred from company systems into personal email accounts and personal devices by more than half and 41% of employees respectively, it said.
Symantec said that companies must do more to educate employees about confidential information ownership rights and security, enforce non-disclosure agreements and using monitoring technology to track where IP goes and how it leaves the company.
"The attitudes that emerged from the survey suggest that employees are not aware that they are putting themselves and their employers at risk when they freely share information across multiple media," the Symantec report said. "Most employees do not believe that transferring corporate data to their personal computers, tablets, smartphones, and cloud file-sharing apps is wrong."
"A third say it is OK as long as the employee does not personally receive economic gain, and about half justified their actions by saying it does not harm the company. Others blamed the companies for not strictly enforcing policies and for not proactively securing the information. These findings suggest that employees do not recognise or acknowledge their role in securing confidential company data," the report said.
