Fired worker took sensitive information – and still wins in court

Laptop in classic library

When this worker was fired from her job, she quickly sent sensitive information to a private email account. But when the company took her to court, a judge actually ruled in her favor. Find out why – and what you can do to avoid similar legal trouble. 

Susan Dominique was fired from her job at Emanuel Medical Center (EMC), a hospital in Turlock, CA. She sued for wrongful termination, believing she was fired for refusing to overlook regulatory violations by others on the staff. The company said the reason she was fired was for losing support of her staff.

According to the lawsuit, more than a week after she was fired:

“Dominique came to EMC to return an EMC-issued Blackberry cell phone and laptop and pick up her personal items. Prior to the return of the Blackberry cell phone, Dominique continued to have access to company e-mails on that device, even though EMC had disabled her employee’s user account that allowed active employees to access EMC’s database. At the time, EMC thought that disabling her employee’s user account would mean Dominique could no longer access EMC e-mails.”

This mistaken allowed Dominique to forward 110 emails to her personal email account, many of which contained attachments with EMC documents. She also sent these emails to various lawyers to support her case.

EMC counter-sued Dominique for stealing proprietary information.

Was it protected speech?

Dominique didn’t deny that she took these work documents. Instead, she argued that her actions were “protected activity” – she had taken the emails in order to pursue a wrongful termination claim against the company.

After one court sided with the company, Dominique appealed, and the appeals court ruled mostly in her favor. It said that although some of the documents she had taken may not have fallen under the protected activity umbrella, others did.

And the company failed on another count: It couldn’t show any financial damage from the emails being stolen. While emails containing patients’ medical info could be financially damaging if leaked, that didn’t happen yet. So the company couldn’t get compensated for it.

Therefore, the appeals court threw out the earlier decision for the company, which likely means a settlement or costly appeals process.

Revoking permissions would’ve been less costly

Insider threats are a huge problem. They cost companies more than any other attacks, and they come in many forms. Sometimes it’s a current employee with an ax to grind, others it’s former employees looking for revenge.

One key way to address this threat is to revoke all permissions immediately after a user leaves your company.

This is important for several reasons:

  • It prevents employees from taking valuable information, leads, trade secrets etc. to the competition.
  • Transferring data outside of your systems opens it up to risk, and employees may be tempted to hang onto some sensitive information from previous jobs.
  • According to a recent survey, nearly 1-in-4 IT employees could access accounts from a previous job.
  • Hackers could use accounts that are inactive and assumed to be decommissioned to access sensitive data.

Make sure that as soon as an employee is fired, quits or changes roles in your company, their account credentials are put on hold. Every second you wait is another opportunity for them to collect data.

This is especially important for BYOD accounts. If the user still has access to company information from their own device, they could easily take it off between the time they leave the company and you deactivate their accounts or block access.

Finally, make sure that all company devices and property are returned promptly. If you provided it (and your policies state its your company’s property), it needs to be returned immediately.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy