Exploring the connection between email, outsourcing and trade secret theft

Where trade secrets are concerned, I guess one never can be too paranoid, so here's a new study coming out in a few weeks that may be of interest.  The Hidden Cost of Outsourcing: 2006 Proofpoint Survey Finds that Nearly 20% of Large Companies Have Investigated Exposure of Confidential Information by a Third-Party Vendor or Outsourcing Firm In its annual study of outbound email and content security issues, messaging security company Proofpoint, Inc. found that outbound email and other outbound electronic communication protocols continue to grow as a source of risk for companies. The study found that 17.7% of companies investigated the exposure of confidential, sensitive or private information by a third-party vendor or outsourcing firm with whom they share such data. The study also found that 38% of companies with 1,000 or more employees hire staff to read or analyze outbound email. 44% of larger companies (those with more than 20,000 employees) employ staff for this purpose. Companies appear to have good reason to worry – more than 1 in 3 investigated a suspected email leak of confidential or proprietary information and 36.4% investigated a suspected violation of privacy or data protection regulations in the past year. Additional key findings from the survey, which was fielded by Forrester Consulting, include: •   Nearly 1 in 3 companies (31.6%) has terminated an employee for violating email policies in the past 12 months. More than half (52.4%) of companies have disciplined an employee for violating email policies in the past year. •   Companies estimate that more than 1 in 5 outgoing emails (22.8%) contains content that poses a legal, financial or regulatory risk. The most common form of non-compliant content is messages that contain confidential or proprietary business information. •   More than a third (34.7%) of companies report their business was impacted by the exposure of sensitive or embarrassing information in the last year. More than 1 in 5 (21.1%) were impacted by improper exposure or theft of customer information, while 15% were impacted by improper exposure or theft of intellectual property. •   More than 1 in 4 companies (25.2%) were ordered by a court or regulatory body to produce employee email in the last year. The study also found that other communications channels, such as blogs and message boards, are emerging as sources of risk for companies: •   More than half (55.4%) of companies are very concerned or concerned about Web-based email as a conduit for exposure of confidential or proprietary information. Respondents are also very concerned about FTP, instant messaging, peer-to-peer networks, blogs and message boards. •   Nearly 1 in 5 companies (17.3%) has disciplined an employee for violating blog or message board policies in the last year. 7.1% of companies fired an employee for such infractions. •   10% of public companies investigated the exposure of material financial information via a blog or message board posting in the past year. This year’s study indicates that the issues that companies are most concerned about are: •   Protecting personal identity and financial information confidentiality in email •   Ensuring compliance with financial disclosure or corporate governance regulations •   Ensuring that confidential internal memos cannot be disseminated via email •   Protecting the confidentiality of private healthcare information in email To sign up for the report, which comes out next week, click here.