[mocko]

This assumes he doesn't backup his laptop. Beware that there may be other copies of the data.

Also (assuming your soon-to-be-ex employee is smart) I doubt the threat of criminal proceedings will have much effect. If multiple people have access to the data you'd have difficulty proving which one of them leaked it.

[phaus]

If he's smart, he wouldn't even consider leaking any data he may have access too.

[imglorp]

Right.

Because an individual defending himself against civil AND criminal proceedings will get very expensive very fast. In addition, any competitor would be very cautious about touching that data if the guy approaches them trying to sell it, because see figure (1).

So the only avenue remaining is selling the PII to spammers and identity thieves, which will still land him at figure (1) if they get caught and roll over.

[jrs235]

#3 should cover this.

3) Make him and every employee sign-off on the P&P Handbook, in which there's a clear clause that in case any personally identifiable data is on his/her machine, he/she is fully liable for the implications of that data getting leaked. Any such employee will be complicit in any criminal proceedings.

[jerf]

"All production data" means all production data. Making that clear is part of this process.

[dhimes]

Making it clear and making it happen are two very different things.

[jerf]

The principle of charity is having a bad time in this thread. brijeshp did not type "all" and secretly mean "all but the backups". I did not say "make it clear for abstract reasons, but don't bother making it concretely happen because that's not necessary". These "corrections" are not adding to the conversation.

[dhimes]

On re-reading, I see your point. My apologies.