The growth of electronic and mobile listening devices has created a new threat to corporate data and trade secrets.
Photo credit: (Image Courtesy of BigStock Photos)
Kevin D. Murray CPP, CISM, CFE is a business counterespionage consultant with over three decades of experience.
Someone secretly records in your workplace. It could be an employee, a visitor, or an unknown with espionage or voyeurism in mind. Their tool could be a smartphone app, a recorder in a USB stick[i], or an audio-video recorder hidden in a fake key fob, pen or wristwatch.
This is bad news for you and your company. You won’t realize it has happened until a lawsuit begins or your competitive advantage evaporates. Embarrassment and expense follow. Surreptitious workplace recording is a serious issue on both a business and personal level. You can protect yourself and your organization, but first let’s review some motivations you are facing:
Industrial Espionage – Defined as the theft of trade secrets by the removal, copying or recording of confidential or valuable information.[ii]
HR Issues – One-third of employees who visit the U.S. Equal Employment Opportunity Commission (EEOC) office to file discrimination complaints bring secretly made recordings.[iii] Katrina Patrick, a lawyer who represents aggrieved employees, says that more than 50 percent of the people who come to her office bring digital evidence. Some cases are settled for six figure sums.[iv] One case is now in its eighth year.[v] Obviously, not anticipating surreptitious recording is expensive.
Blackmail – Recordings force outcomes. Recently, three employees bugged their boss for a promotion, literally. They hid a recorder in his office and tried to blackmail him with the video footage.[vi]
Sex – Spycams are being placed in areas where there is an expectation of privacy (locker-rooms, business-provided restrooms, etc.). The problem is epidemic.[vii] Dozens of these stories appear in the news every week, and these are only the few who got caught. Inspecting privacy areas is now a regular part of our clients’ due diligence inspections.
What Can You Do?
Totally eliminating the possibility of surreptitious recording is not a realistic goal. Think protection. Aim at mitigating the threat and the damage it causes using this two point strategy.
1. Create a written policy. In addition to its deterrent value, a policy provides discipline / termination leverage, and a stronger standing in court.
2. Conduct proactive verification sweeps (TSCM)[viii] for covert recording devices. This is especially effective in combating industrial espionage. It also shows your due diligence when defending trade secret and bathroom spycam cases.
This two-pronged approach sends a strong message to anyone considering making you a target. Should you be recorded, or need to handle a covert recording workplace issue, you will find being prepared is the winner’s strategy.
Elements of a Workplace Recording Policy
The following are some of the most common elements of establishing a creditable and comprehensive workplace recording policy:
- Work with an attorney who specializes in employment matters.
- ·Clearly define the purpose of the policy, e.g.
- to encourage an atmosphere for honest and open workplace communications,
- to protect trade secrets, confidential and proprietary information,
- to protect employee privacy — against spycams in restrooms, showers, changing areas, etc.)
- Clearly define the specific conditions where recording is permissible, e.g.
- as part of the manufacturing process,
- customer service quality control,
- when specifically relevant to Section 7 of the National Labor Relations Act.[ix]
- ·Include a formal TSCM inspection schedule (debugging sweep) to show due diligence; important in expectation-of-privacy (spycam) and trade secret cases.
- List the types of recordings you want to prohibit. (audio, video, data)
- Make it clear the policy covers everything business-related; on and off premises.
- List who may, and under what conditions, create exemptions to the policy.
- Review and update the policy periodically.
- Keep an acknowledged copy of the latest revision in employees’ personnel files.
- ·Obtain an acknowledged copy from all visitors.
Tips for Management
As a security manager you must always be diligent when it comes to considering the potential threats to your organization’s data and privacy concerns. Here are some basics:
- Assume your discussions are being recorded.
- Before proceeding, ask if they are recording. Ask again during the conversation. If they say no and record anyway, well… juries don’t like sneaky liars.
- Be professional. If you would not say it in a courtroom, don’t say it.
- Red Flag – When an employee tries to recreate a previous conversation with you.
- To increase due diligence credibility, have the TSCM debugging inspections conducted by an independent specialist.
Information losses, arbitration hearings and lawsuits are costly and embarrassing. Implementing a policy to mitigate this risk is very inexpensive insurance, and a good business practice. Do it today.
This security report is also available in electronic form with links to make sharing with colleagues easier. http://tinyurl.com/lbnz7nd
About the Author:
Kevin D. Murray CPP, CISM, CFE is a business counterespionage consultant with over three decades of experience. Feel free to contact him directly with your questions or comments at: http://counterespionage.com/contact.html
Information about Murray Associates electronic surveillance detection and business counterespionage services is available at: http://counterespionage.com/download.html
[viii] Technical Surveillance Countermeasures