Blog  |  March 23, 2021

Here are Two Cautionary Cases of Departed Employees and Potential Theft of IP Data

Companies have a lot of considerations when it comes to departing employees and ESI.  From an eDiscovery standpoint, those considerations include establishing an appropriate retention period for their email and work product files, transitioning custody of company critical data to someone else in the organization, preserving the employee’s workstation (and possibly other devices used by the employee).  Believe it or not, if the employee has been with the company long enough, you may also even have portable media such as DVDs or portable hard drives to address.  And the parameters change depending on whether the company is currently under a duty to preserve that departing employee’s data at the time of departure.  Those are “normal” considerations for departing employees and ESI.

But when those departed employees are allegedly involved in theft of ESI that includes key intellectual property (IP) data or trade secret data, that’s a different consideration altogether.  Here are two case rulings from 2020 that illustrate what can happen when departed employees are alleged to have stolen IP data before they left:

WeRide Corp. v. Huang et al.: In this case, the plaintiffs alleged that their former CEO solicited former employees after he was terminated, including the former Head of Hardware Technology, who allegedly downloaded significant amounts of data from the plaintiffs’ servers and his company laptop and allegedly also solicited plaintiff employees.  When the defendant began hosting potential investors for video demonstrations of its autonomous driving software (which was remarkably like the plaintiffs’ software), the plaintiffs sent the defendants cease-and-desist letters, filed their original complaint and moved for a preliminary injunction (which was eventually granted by the Court).

During discovery, the defendants destroyed email even through the Court’s preliminary injunction, failed to produce their source code at the heart of the case, wiped devices (including a MacBook that was returned to an Apple store in exchange for a gift card the day the plaintiffs sent a cease-and-desist letter) and began using the ephemeral messaging app “DingTalk” which automatically deletes messages after they have been sent and read to communicate (after the case had already been filed).

QueTel Corp. v. Abbas: In this case, the plaintiff claimed that the defendant, who was a former employee of the plaintiff, misappropriated source code from the plaintiff’s copyrighted software for the defendants’ competing software.  During discovery, defendant Abbas wiped and disposed of the computer he had been using and the defendants claimed that they had not used source code control system (used to track changes in the source code over time) to develop the software.  But during development of the defendant’s software program, Abbas sent a screenshot of his work to an employee of the plaintiff, which illustrated his use of a source code control system and displayed code that appeared essentially the same as the plaintiff’s code.

These two cases illustrate what can happen when departing employees are allegedly involved in theft of key IP data, which could also include proprietary pricing data or customer lists.  If you ever suspect that a departing employee has stolen important data from your company, the ability to conduct a forensic investigation (to determine what data was accessed and when) can be key to your ability to pursue action against those departing or former employees.  Investigations can reveal key patterns (such as forwarding a series of emails to a personal email account) or when portable devices such as flash drives have been connected to a workstation.  Those are just two examples of how forensic investigations can help quickly determine whether departed employees may have stolen your company’s important data.  The quicker you know your exposure, the better.

So, what happened in the two cases referenced above?  The court issued terminating sanctions against the defendants in both cases due to their intent to deprive the plaintiffs of key evidence in discovery.

For more information regarding Cimplifi’s Forensics & Investigations Expertise, click here.

Case links courtesy of eDiscovery Today, which is an Educational Partner of Cimplifi.