What to do after an employee leaked our algorithm?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
6
down vote
favorite
One of my company's internally developed algorithms was published online. It's a complex algorithm that took years to develop, I have a pretty good idea of which employee leaked it based on the team who worked on it and personal information on the blog, but I want confirmation. The algorithm is covered in detail but without any code from our codebase, so my employee might have thought it was okay to share this information publicly when it is absolutely not.
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
Related legal questions have been asked over at Law SE.
software-development intellectual-property confidentiality
edited 15 mins ago
David K
21.5k1276111
asked 1 hour ago
tgreg9
342
New contributor
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
6
down vote
favorite
One of my company's internally developed algorithms was published online. It's a complex algorithm that took years to develop, I have a pretty good idea of which employee leaked it based on the team who worked on it and personal information on the blog, but I want confirmation. The algorithm is covered in detail but without any code from our codebase, so my employee might have thought it was okay to share this information publicly when it is absolutely not.
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
Related legal questions have been asked over at Law SE.
software-development intellectual-property confidentiality
edited 15 mins ago
David K
21.5k1276111
asked 1 hour ago
tgreg9
342
New contributor
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Hi and welcome to The Workplace. However, is it possible that this might be a better fit for law.stackexchange.com? I'm not sure it's really a workplace issue?
– Time4Tea
1 hour ago
"What steps should I take to confirm this employee's identity" - hire an investigator. Then talk with an IP lawyer. That should have happened long ago. Then decide if the employee should have know better or not. If the former, fire him immediately. If the latter have a long talk with him privately, and then with everyone else in the company publicly.
– Joe Strazzere
49 mins ago
@Time4Tea Hi, my first question is more of a management issue as it relates to my employee's behavior. However, I can move this to law.stackexchange.com if it is better suited there.
– tgreg9
47 mins ago
2
@tgreg9 You are right that your management question is on topic. I would just cut the questions asking for how to handle the IP from a legal perspective and maybe ask those specific parts at Law.
– David K
46 mins ago
Not much you can do other than an internal company investigation and possible disciplinary action. Legally its not worth your time or effort since even if a competitor now copied the algorithm its unlikely you'll ever find out or be able to prove anything.
– solarflare
33 mins ago
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
One of my company's internally developed algorithms was published online. It's a complex algorithm that took years to develop, I have a pretty good idea of which employee leaked it based on the team who worked on it and personal information on the blog, but I want confirmation. The algorithm is covered in detail but without any code from our codebase, so my employee might have thought it was okay to share this information publicly when it is absolutely not.
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
Related legal questions have been asked over at Law SE.
software-development intellectual-property confidentiality
edited 15 mins ago
David K
21.5k1276111
asked 1 hour ago
tgreg9
342
New contributor
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
One of my company's internally developed algorithms was published online. It's a complex algorithm that took years to develop, I have a pretty good idea of which employee leaked it based on the team who worked on it and personal information on the blog, but I want confirmation. The algorithm is covered in detail but without any code from our codebase, so my employee might have thought it was okay to share this information publicly when it is absolutely not.
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
Related legal questions have been asked over at Law SE.
software-development intellectual-property confidentiality
software-development intellectual-property confidentiality
edited 15 mins ago
David K
21.5k1276111
asked 1 hour ago
tgreg9
342
New contributor
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 15 mins ago
David K
21.5k1276111
asked 1 hour ago
tgreg9
342
New contributor
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 15 mins ago
David K
21.5k1276111
edited 15 mins ago
David K
21.5k1276111
edited 15 mins ago
David K
21.5k1276111
21.5k1276111
asked 1 hour ago
tgreg9
342
New contributor
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 hour ago
tgreg9
342
asked 1 hour ago
tgreg9
342
342
New contributor
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
tgreg9 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Hi and welcome to The Workplace. However, is it possible that this might be a better fit for law.stackexchange.com? I'm not sure it's really a workplace issue?
– Time4Tea
1 hour ago
"What steps should I take to confirm this employee's identity" - hire an investigator. Then talk with an IP lawyer. That should have happened long ago. Then decide if the employee should have know better or not. If the former, fire him immediately. If the latter have a long talk with him privately, and then with everyone else in the company publicly.
– Joe Strazzere
49 mins ago
@Time4Tea Hi, my first question is more of a management issue as it relates to my employee's behavior. However, I can move this to law.stackexchange.com if it is better suited there.
– tgreg9
47 mins ago
2
@tgreg9 You are right that your management question is on topic. I would just cut the questions asking for how to handle the IP from a legal perspective and maybe ask those specific parts at Law.
– David K
46 mins ago
Not much you can do other than an internal company investigation and possible disciplinary action. Legally its not worth your time or effort since even if a competitor now copied the algorithm its unlikely you'll ever find out or be able to prove anything.
– solarflare
33 mins ago
add a comment |Â
Hi and welcome to The Workplace. However, is it possible that this might be a better fit for law.stackexchange.com? I'm not sure it's really a workplace issue?
– Time4Tea
1 hour ago
"What steps should I take to confirm this employee's identity" - hire an investigator. Then talk with an IP lawyer. That should have happened long ago. Then decide if the employee should have know better or not. If the former, fire him immediately. If the latter have a long talk with him privately, and then with everyone else in the company publicly.
– Joe Strazzere
49 mins ago
@Time4Tea Hi, my first question is more of a management issue as it relates to my employee's behavior. However, I can move this to law.stackexchange.com if it is better suited there.
– tgreg9
47 mins ago
2
@tgreg9 You are right that your management question is on topic. I would just cut the questions asking for how to handle the IP from a legal perspective and maybe ask those specific parts at Law.
– David K
46 mins ago
Not much you can do other than an internal company investigation and possible disciplinary action. Legally its not worth your time or effort since even if a competitor now copied the algorithm its unlikely you'll ever find out or be able to prove anything.
– solarflare
33 mins ago
Hi and welcome to The Workplace. However, is it possible that this might be a better fit for law.stackexchange.com? I'm not sure it's really a workplace issue?
– Time4Tea
1 hour ago
Hi and welcome to The Workplace. However, is it possible that this might be a better fit for law.stackexchange.com? I'm not sure it's really a workplace issue?
– Time4Tea
1 hour ago
"What steps should I take to confirm this employee's identity" - hire an investigator. Then talk with an IP lawyer. That should have happened long ago. Then decide if the employee should have know better or not. If the former, fire him immediately. If the latter have a long talk with him privately, and then with everyone else in the company publicly.
– Joe Strazzere
49 mins ago
"What steps should I take to confirm this employee's identity" - hire an investigator. Then talk with an IP lawyer. That should have happened long ago. Then decide if the employee should have know better or not. If the former, fire him immediately. If the latter have a long talk with him privately, and then with everyone else in the company publicly.
– Joe Strazzere
49 mins ago
@Time4Tea Hi, my first question is more of a management issue as it relates to my employee's behavior. However, I can move this to law.stackexchange.com if it is better suited there.
– tgreg9
47 mins ago
@Time4Tea Hi, my first question is more of a management issue as it relates to my employee's behavior. However, I can move this to law.stackexchange.com if it is better suited there.
– tgreg9
47 mins ago
2
2
@tgreg9 You are right that your management question is on topic. I would just cut the questions asking for how to handle the IP from a legal perspective and maybe ask those specific parts at Law.
– David K
46 mins ago
@tgreg9 You are right that your management question is on topic. I would just cut the questions asking for how to handle the IP from a legal perspective and maybe ask those specific parts at Law.
– David K
46 mins ago
Not much you can do other than an internal company investigation and possible disciplinary action. Legally its not worth your time or effort since even if a competitor now copied the algorithm its unlikely you'll ever find out or be able to prove anything.
– solarflare
33 mins ago
Not much you can do other than an internal company investigation and possible disciplinary action. Legally its not worth your time or effort since even if a competitor now copied the algorithm its unlikely you'll ever find out or be able to prove anything.
– solarflare
33 mins ago
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
6
down vote
Step 1 - Get an intellectual property law firm hired. Not a lawyer, a LAW FIRM!
Step 2 - Listen to them!
At the very least, you should file for a copyright AND a patent on it ASAP (copyright will probably get turned down, but patent will probably not).
Then have that law firm send a takedown notice to the blog's registered agent(s).
This will cost $, but if your algorithm is valuable, this is what to do.
answered 1 hour ago
Wesley Long
46.1k16101170
1
Why do you differentiate between lawyer and law firm? Isn't a law firm just a group of lawyers?
– David K
1 hour ago
Because a guy "flying solo" out of a rented 1-room suite that happens to have a bar card is not going to bring the same resources to the game as a firm. If you've ever been in an IP fight, you'll see the difference really quickly.
– Wesley Long
58 mins ago
2
@WesleyLong 3 guys in a basement calling themselves a "firm" will probably also not bring the same resources as an individual who's represented the best of the best.
– Dukeling
56 mins ago
@Dukeling - Most certainly true. I'll leave it to the poster to decide how to vet the firm.
– Wesley Long
55 mins ago
Patents dont mean anything unless you have the money to hire a team of lawyers to enforce it. Even then 35% of patent lawsuits fail.
– solarflare
34 mins ago
 |Â
show 2 more comments
up vote
2
down vote
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
First, since you are reasonably confident which employee it was, I suggest pulling them aside and talking to them. Time is important here, so I wouldn't waste too much time trying to make 100% sure you have the right person.
John, this is your blog, right? I need you to take this post down immediately. This is proprietary company information that and cannot be leaked to the public.
Depending on how you want to handle this, you might discuss consequences for the employee, but the biggest thing is just getting them to take it down as soon as possible.
Once you've taken care of the immediate damage, I'd say it's worth having a company meeting or sending out a company-wide email (depends on your style and size of your company). Don't name names or mention the specific incident, but explain that all company algorithms and information are proprietary and should not be shared or published without prior approval. This shouldn't be new information for them, but it sounds like it needs to be reiterated.
As for damage control for the information that has already leaked, I don't have a good answer, but I recommend talking to a professional who specializes in intellectual property.
answered 53 mins ago
David K
21.5k1276111
add a comment |Â
up vote
2
down vote
It's possible that the employee did nothing wrong.
IANAL, but my understanding is that actual implementation is intellectual property and belongs to the company, but the generic idea of algorithms can't be protected. This is the reason why companies like Google and Facebook are extremely strict about not disclosing anything about their algorithms in public. And this shows also in game rules. Rules can't be protected but all names, artwork, fluff can be. That's why you see similar copied games right after somebody publishes a successful one.
What you do to protect yourself in future is contact lawyer and start obtaining patents and make all your employees to sign NDA where you explicitly prohibit disclosing any information related to your work.
And because it's possible the employee did nothing wrong, I'd approach the issue very carefully. Contact a lawyer and verify what you can and cannot do to mitigate damage on this incident.
answered 52 mins ago
Sopuli
80528
1
I have no idea whether you are right about the legality of the issue or not, but even if you are, that doesn't mean that "the employee did nothing wrong". It is morally wrong to potentially harm the company you work for by releasing knowledge that it took time, effort, and money to develop.
– Jim Clay
47 mins ago
1
I'm not certain if your explanation of IP is accurate, but your first statement is most definitely inaccurate. Another company may not be legally liable if they use another company's algorithms, but an employee who leaks company secrets is most definitely at fault.
– David K
47 mins ago
1
@DavidK Depends on contract. If there is no NDA or other clause, nothing restricts you from talking ideas. You can't share the code but you can discuss on general level.
– Sopuli
45 mins ago
I would be shocked to discover there's any software company in the world that doesn't have something like "anything you create for the company or on company time belongs to the company, and sharing it outside the company without prior agreement is gross misconduct" in every contract.
– BittermanAndy
35 mins ago
1
I don't think ethics or morality is a factor here. The employee published the blog and saying it's morally wrong doesn't help anybody anymore. This is the reason NDAs exist in the first place. And as OP didn't say the country, it might be illegal termination to fire the employee over this incident.
– Sopuli
30 mins ago
 |Â
show 2 more comments
up vote
0
down vote
The other answers highlighting your need for legal advice right now are correct, but for reasons other than they give.
As the employee disclosed no code, copyright is not a concern here - in pretty much all jurisdictions, you cannot copyright an algorithm.
Patents are an approach, but again have different issues in different jurisdictions - some jurisdictions are "first to file" and some are "first to discover", so you may not have any retroactive cover from any patent applied for today, even assuming the algorithm is patentable.
What you can attempt to pursue is protection for your algorithm under trade secrets laws if they exist in your jurisdiction, which can apply protection and civil and (often) criminal penalties for unauthorised disclosure, even when no copyright or patent is violated.
Also check your employment contract for any non-disclosure agreement, which would certainly apply in this case. Seek legal advice as to how enforceable it is in your jurisdiction and in this specific case.
Once its been established what right of control you have over the algorithms disclosure, I would suggest you have a full team meeting with everyone who has access to the code base in which you discuss what happened, why it is inappropriate to disclose such things as they can be extremely detrimental to the companies operation and their continued employment, and also highlight the potential civil or criminal liabilities such actions can result in.
If the specific employee in question does not come forward after the team meeting, there is little you can do without proof of identity - you can of course hire an investigator to see if they can uncover proof, but then all of this really comes down to what course of action are you intending to take if you do discover their identity.
A slap on the wrist and a "that was really damaging to the company, please dont do it again"? - well, the team meeting will have covered that.
Firing the employee? Intent on taking legal action against the employee? - depends on how badly you want retribution.
answered 17 mins ago
Moo
6,25941824
You can take far worse actions against an employee than firing them, if you want retribution. Firing them is the soft option - it only hurts till they have found their next job, and that might be tomorrow.
– alephzero
4 mins ago
add a comment |Â
StackExchange.ready(function ()
$("#show-editor-button input, #show-editor-button button").click(function ()
var showEditor = function()
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
;
var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True')
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');
$(this).loadPopup(
url: '/post/self-answer-popup',
loaded: function(popup)
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');
pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
)
else
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true)
showEditor();
);
);
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
6
down vote
Step 1 - Get an intellectual property law firm hired. Not a lawyer, a LAW FIRM!
Step 2 - Listen to them!
At the very least, you should file for a copyright AND a patent on it ASAP (copyright will probably get turned down, but patent will probably not).
Then have that law firm send a takedown notice to the blog's registered agent(s).
This will cost $, but if your algorithm is valuable, this is what to do.
answered 1 hour ago
Wesley Long
46.1k16101170
1
Why do you differentiate between lawyer and law firm? Isn't a law firm just a group of lawyers?
– David K
1 hour ago
Because a guy "flying solo" out of a rented 1-room suite that happens to have a bar card is not going to bring the same resources to the game as a firm. If you've ever been in an IP fight, you'll see the difference really quickly.
– Wesley Long
58 mins ago
2
@WesleyLong 3 guys in a basement calling themselves a "firm" will probably also not bring the same resources as an individual who's represented the best of the best.
– Dukeling
56 mins ago
@Dukeling - Most certainly true. I'll leave it to the poster to decide how to vet the firm.
– Wesley Long
55 mins ago
Patents dont mean anything unless you have the money to hire a team of lawyers to enforce it. Even then 35% of patent lawsuits fail.
– solarflare
34 mins ago
 |Â
show 2 more comments
up vote
6
down vote
Step 1 - Get an intellectual property law firm hired. Not a lawyer, a LAW FIRM!
Step 2 - Listen to them!
At the very least, you should file for a copyright AND a patent on it ASAP (copyright will probably get turned down, but patent will probably not).
Then have that law firm send a takedown notice to the blog's registered agent(s).
This will cost $, but if your algorithm is valuable, this is what to do.
answered 1 hour ago
Wesley Long
46.1k16101170
1
Why do you differentiate between lawyer and law firm? Isn't a law firm just a group of lawyers?
– David K
1 hour ago
Because a guy "flying solo" out of a rented 1-room suite that happens to have a bar card is not going to bring the same resources to the game as a firm. If you've ever been in an IP fight, you'll see the difference really quickly.
– Wesley Long
58 mins ago
2
@WesleyLong 3 guys in a basement calling themselves a "firm" will probably also not bring the same resources as an individual who's represented the best of the best.
– Dukeling
56 mins ago
@Dukeling - Most certainly true. I'll leave it to the poster to decide how to vet the firm.
– Wesley Long
55 mins ago
Patents dont mean anything unless you have the money to hire a team of lawyers to enforce it. Even then 35% of patent lawsuits fail.
– solarflare
34 mins ago
 |Â
show 2 more comments
up vote
6
down vote
up vote
6
down vote
Step 1 - Get an intellectual property law firm hired. Not a lawyer, a LAW FIRM!
Step 2 - Listen to them!
At the very least, you should file for a copyright AND a patent on it ASAP (copyright will probably get turned down, but patent will probably not).
Then have that law firm send a takedown notice to the blog's registered agent(s).
This will cost $, but if your algorithm is valuable, this is what to do.
answered 1 hour ago
Wesley Long
46.1k16101170
Step 1 - Get an intellectual property law firm hired. Not a lawyer, a LAW FIRM!
Step 2 - Listen to them!
At the very least, you should file for a copyright AND a patent on it ASAP (copyright will probably get turned down, but patent will probably not).
Then have that law firm send a takedown notice to the blog's registered agent(s).
This will cost $, but if your algorithm is valuable, this is what to do.
answered 1 hour ago
Wesley Long
46.1k16101170
answered 1 hour ago
Wesley Long
46.1k16101170
answered 1 hour ago
Wesley Long
46.1k16101170
answered 1 hour ago
Wesley Long
46.1k16101170
46.1k16101170
1
Why do you differentiate between lawyer and law firm? Isn't a law firm just a group of lawyers?
– David K
1 hour ago
Because a guy "flying solo" out of a rented 1-room suite that happens to have a bar card is not going to bring the same resources to the game as a firm. If you've ever been in an IP fight, you'll see the difference really quickly.
– Wesley Long
58 mins ago
2
@WesleyLong 3 guys in a basement calling themselves a "firm" will probably also not bring the same resources as an individual who's represented the best of the best.
– Dukeling
56 mins ago
@Dukeling - Most certainly true. I'll leave it to the poster to decide how to vet the firm.
– Wesley Long
55 mins ago
Patents dont mean anything unless you have the money to hire a team of lawyers to enforce it. Even then 35% of patent lawsuits fail.
– solarflare
34 mins ago
 |Â
show 2 more comments
1
Why do you differentiate between lawyer and law firm? Isn't a law firm just a group of lawyers?
– David K
1 hour ago
Because a guy "flying solo" out of a rented 1-room suite that happens to have a bar card is not going to bring the same resources to the game as a firm. If you've ever been in an IP fight, you'll see the difference really quickly.
– Wesley Long
58 mins ago
2
@WesleyLong 3 guys in a basement calling themselves a "firm" will probably also not bring the same resources as an individual who's represented the best of the best.
– Dukeling
56 mins ago
@Dukeling - Most certainly true. I'll leave it to the poster to decide how to vet the firm.
– Wesley Long
55 mins ago
Patents dont mean anything unless you have the money to hire a team of lawyers to enforce it. Even then 35% of patent lawsuits fail.
– solarflare
34 mins ago
1
1
Why do you differentiate between lawyer and law firm? Isn't a law firm just a group of lawyers?
– David K
1 hour ago
Why do you differentiate between lawyer and law firm? Isn't a law firm just a group of lawyers?
– David K
1 hour ago
Because a guy "flying solo" out of a rented 1-room suite that happens to have a bar card is not going to bring the same resources to the game as a firm. If you've ever been in an IP fight, you'll see the difference really quickly.
– Wesley Long
58 mins ago
Because a guy "flying solo" out of a rented 1-room suite that happens to have a bar card is not going to bring the same resources to the game as a firm. If you've ever been in an IP fight, you'll see the difference really quickly.
– Wesley Long
58 mins ago
2
2
@WesleyLong 3 guys in a basement calling themselves a "firm" will probably also not bring the same resources as an individual who's represented the best of the best.
– Dukeling
56 mins ago
@WesleyLong 3 guys in a basement calling themselves a "firm" will probably also not bring the same resources as an individual who's represented the best of the best.
– Dukeling
56 mins ago
@Dukeling - Most certainly true. I'll leave it to the poster to decide how to vet the firm.
– Wesley Long
55 mins ago
@Dukeling - Most certainly true. I'll leave it to the poster to decide how to vet the firm.
– Wesley Long
55 mins ago
Patents dont mean anything unless you have the money to hire a team of lawyers to enforce it. Even then 35% of patent lawsuits fail.
– solarflare
34 mins ago
Patents dont mean anything unless you have the money to hire a team of lawyers to enforce it. Even then 35% of patent lawsuits fail.
– solarflare
34 mins ago
 |Â
show 2 more comments
up vote
2
down vote
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
First, since you are reasonably confident which employee it was, I suggest pulling them aside and talking to them. Time is important here, so I wouldn't waste too much time trying to make 100% sure you have the right person.
John, this is your blog, right? I need you to take this post down immediately. This is proprietary company information that and cannot be leaked to the public.
Depending on how you want to handle this, you might discuss consequences for the employee, but the biggest thing is just getting them to take it down as soon as possible.
Once you've taken care of the immediate damage, I'd say it's worth having a company meeting or sending out a company-wide email (depends on your style and size of your company). Don't name names or mention the specific incident, but explain that all company algorithms and information are proprietary and should not be shared or published without prior approval. This shouldn't be new information for them, but it sounds like it needs to be reiterated.
As for damage control for the information that has already leaked, I don't have a good answer, but I recommend talking to a professional who specializes in intellectual property.
answered 53 mins ago
David K
21.5k1276111
add a comment |Â
up vote
2
down vote
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
First, since you are reasonably confident which employee it was, I suggest pulling them aside and talking to them. Time is important here, so I wouldn't waste too much time trying to make 100% sure you have the right person.
John, this is your blog, right? I need you to take this post down immediately. This is proprietary company information that and cannot be leaked to the public.
Depending on how you want to handle this, you might discuss consequences for the employee, but the biggest thing is just getting them to take it down as soon as possible.
Once you've taken care of the immediate damage, I'd say it's worth having a company meeting or sending out a company-wide email (depends on your style and size of your company). Don't name names or mention the specific incident, but explain that all company algorithms and information are proprietary and should not be shared or published without prior approval. This shouldn't be new information for them, but it sounds like it needs to be reiterated.
As for damage control for the information that has already leaked, I don't have a good answer, but I recommend talking to a professional who specializes in intellectual property.
answered 53 mins ago
David K
21.5k1276111
add a comment |Â
up vote
2
down vote
up vote
2
down vote
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
First, since you are reasonably confident which employee it was, I suggest pulling them aside and talking to them. Time is important here, so I wouldn't waste too much time trying to make 100% sure you have the right person.
John, this is your blog, right? I need you to take this post down immediately. This is proprietary company information that and cannot be leaked to the public.
Depending on how you want to handle this, you might discuss consequences for the employee, but the biggest thing is just getting them to take it down as soon as possible.
Once you've taken care of the immediate damage, I'd say it's worth having a company meeting or sending out a company-wide email (depends on your style and size of your company). Don't name names or mention the specific incident, but explain that all company algorithms and information are proprietary and should not be shared or published without prior approval. This shouldn't be new information for them, but it sounds like it needs to be reiterated.
As for damage control for the information that has already leaked, I don't have a good answer, but I recommend talking to a professional who specializes in intellectual property.
answered 53 mins ago
David K
21.5k1276111
What steps should I take to confirm this employee's identity, and make sure this issue doesn't happen again with our engineers?
First, since you are reasonably confident which employee it was, I suggest pulling them aside and talking to them. Time is important here, so I wouldn't waste too much time trying to make 100% sure you have the right person.
John, this is your blog, right? I need you to take this post down immediately. This is proprietary company information that and cannot be leaked to the public.
Depending on how you want to handle this, you might discuss consequences for the employee, but the biggest thing is just getting them to take it down as soon as possible.
Once you've taken care of the immediate damage, I'd say it's worth having a company meeting or sending out a company-wide email (depends on your style and size of your company). Don't name names or mention the specific incident, but explain that all company algorithms and information are proprietary and should not be shared or published without prior approval. This shouldn't be new information for them, but it sounds like it needs to be reiterated.
As for damage control for the information that has already leaked, I don't have a good answer, but I recommend talking to a professional who specializes in intellectual property.
answered 53 mins ago
David K
21.5k1276111
answered 53 mins ago
David K
21.5k1276111
answered 53 mins ago
David K
21.5k1276111
answered 53 mins ago
David K
21.5k1276111
21.5k1276111
add a comment |Â
add a comment |Â
up vote
2
down vote
It's possible that the employee did nothing wrong.
IANAL, but my understanding is that actual implementation is intellectual property and belongs to the company, but the generic idea of algorithms can't be protected. This is the reason why companies like Google and Facebook are extremely strict about not disclosing anything about their algorithms in public. And this shows also in game rules. Rules can't be protected but all names, artwork, fluff can be. That's why you see similar copied games right after somebody publishes a successful one.
What you do to protect yourself in future is contact lawyer and start obtaining patents and make all your employees to sign NDA where you explicitly prohibit disclosing any information related to your work.
And because it's possible the employee did nothing wrong, I'd approach the issue very carefully. Contact a lawyer and verify what you can and cannot do to mitigate damage on this incident.
answered 52 mins ago
Sopuli
80528
1
I have no idea whether you are right about the legality of the issue or not, but even if you are, that doesn't mean that "the employee did nothing wrong". It is morally wrong to potentially harm the company you work for by releasing knowledge that it took time, effort, and money to develop.
– Jim Clay
47 mins ago
1
I'm not certain if your explanation of IP is accurate, but your first statement is most definitely inaccurate. Another company may not be legally liable if they use another company's algorithms, but an employee who leaks company secrets is most definitely at fault.
– David K
47 mins ago
1
@DavidK Depends on contract. If there is no NDA or other clause, nothing restricts you from talking ideas. You can't share the code but you can discuss on general level.
– Sopuli
45 mins ago
I would be shocked to discover there's any software company in the world that doesn't have something like "anything you create for the company or on company time belongs to the company, and sharing it outside the company without prior agreement is gross misconduct" in every contract.
– BittermanAndy
35 mins ago
1
I don't think ethics or morality is a factor here. The employee published the blog and saying it's morally wrong doesn't help anybody anymore. This is the reason NDAs exist in the first place. And as OP didn't say the country, it might be illegal termination to fire the employee over this incident.
– Sopuli
30 mins ago
 |Â
show 2 more comments
up vote
2
down vote
It's possible that the employee did nothing wrong.
IANAL, but my understanding is that actual implementation is intellectual property and belongs to the company, but the generic idea of algorithms can't be protected. This is the reason why companies like Google and Facebook are extremely strict about not disclosing anything about their algorithms in public. And this shows also in game rules. Rules can't be protected but all names, artwork, fluff can be. That's why you see similar copied games right after somebody publishes a successful one.
What you do to protect yourself in future is contact lawyer and start obtaining patents and make all your employees to sign NDA where you explicitly prohibit disclosing any information related to your work.
And because it's possible the employee did nothing wrong, I'd approach the issue very carefully. Contact a lawyer and verify what you can and cannot do to mitigate damage on this incident.
answered 52 mins ago
Sopuli
80528
1
I have no idea whether you are right about the legality of the issue or not, but even if you are, that doesn't mean that "the employee did nothing wrong". It is morally wrong to potentially harm the company you work for by releasing knowledge that it took time, effort, and money to develop.
– Jim Clay
47 mins ago
1
I'm not certain if your explanation of IP is accurate, but your first statement is most definitely inaccurate. Another company may not be legally liable if they use another company's algorithms, but an employee who leaks company secrets is most definitely at fault.
– David K
47 mins ago
1
@DavidK Depends on contract. If there is no NDA or other clause, nothing restricts you from talking ideas. You can't share the code but you can discuss on general level.
– Sopuli
45 mins ago
I would be shocked to discover there's any software company in the world that doesn't have something like "anything you create for the company or on company time belongs to the company, and sharing it outside the company without prior agreement is gross misconduct" in every contract.
– BittermanAndy
35 mins ago
1
I don't think ethics or morality is a factor here. The employee published the blog and saying it's morally wrong doesn't help anybody anymore. This is the reason NDAs exist in the first place. And as OP didn't say the country, it might be illegal termination to fire the employee over this incident.
– Sopuli
30 mins ago
 |Â
show 2 more comments
up vote
2
down vote
up vote
2
down vote
It's possible that the employee did nothing wrong.
IANAL, but my understanding is that actual implementation is intellectual property and belongs to the company, but the generic idea of algorithms can't be protected. This is the reason why companies like Google and Facebook are extremely strict about not disclosing anything about their algorithms in public. And this shows also in game rules. Rules can't be protected but all names, artwork, fluff can be. That's why you see similar copied games right after somebody publishes a successful one.
What you do to protect yourself in future is contact lawyer and start obtaining patents and make all your employees to sign NDA where you explicitly prohibit disclosing any information related to your work.
And because it's possible the employee did nothing wrong, I'd approach the issue very carefully. Contact a lawyer and verify what you can and cannot do to mitigate damage on this incident.
answered 52 mins ago
Sopuli
80528
It's possible that the employee did nothing wrong.
IANAL, but my understanding is that actual implementation is intellectual property and belongs to the company, but the generic idea of algorithms can't be protected. This is the reason why companies like Google and Facebook are extremely strict about not disclosing anything about their algorithms in public. And this shows also in game rules. Rules can't be protected but all names, artwork, fluff can be. That's why you see similar copied games right after somebody publishes a successful one.
What you do to protect yourself in future is contact lawyer and start obtaining patents and make all your employees to sign NDA where you explicitly prohibit disclosing any information related to your work.
And because it's possible the employee did nothing wrong, I'd approach the issue very carefully. Contact a lawyer and verify what you can and cannot do to mitigate damage on this incident.
answered 52 mins ago
Sopuli
80528
edited 39 mins ago
answered 52 mins ago
Sopuli
80528
answered 52 mins ago
Sopuli
80528
answered 52 mins ago
Sopuli
80528
80528
1
I have no idea whether you are right about the legality of the issue or not, but even if you are, that doesn't mean that "the employee did nothing wrong". It is morally wrong to potentially harm the company you work for by releasing knowledge that it took time, effort, and money to develop.
– Jim Clay
47 mins ago
1
I'm not certain if your explanation of IP is accurate, but your first statement is most definitely inaccurate. Another company may not be legally liable if they use another company's algorithms, but an employee who leaks company secrets is most definitely at fault.
– David K
47 mins ago
1
@DavidK Depends on contract. If there is no NDA or other clause, nothing restricts you from talking ideas. You can't share the code but you can discuss on general level.
– Sopuli
45 mins ago
I would be shocked to discover there's any software company in the world that doesn't have something like "anything you create for the company or on company time belongs to the company, and sharing it outside the company without prior agreement is gross misconduct" in every contract.
– BittermanAndy
35 mins ago
1
I don't think ethics or morality is a factor here. The employee published the blog and saying it's morally wrong doesn't help anybody anymore. This is the reason NDAs exist in the first place. And as OP didn't say the country, it might be illegal termination to fire the employee over this incident.
– Sopuli
30 mins ago
 |Â
show 2 more comments
1
I have no idea whether you are right about the legality of the issue or not, but even if you are, that doesn't mean that "the employee did nothing wrong". It is morally wrong to potentially harm the company you work for by releasing knowledge that it took time, effort, and money to develop.
– Jim Clay
47 mins ago
1
I'm not certain if your explanation of IP is accurate, but your first statement is most definitely inaccurate. Another company may not be legally liable if they use another company's algorithms, but an employee who leaks company secrets is most definitely at fault.
– David K
47 mins ago
1
@DavidK Depends on contract. If there is no NDA or other clause, nothing restricts you from talking ideas. You can't share the code but you can discuss on general level.
– Sopuli
45 mins ago
I would be shocked to discover there's any software company in the world that doesn't have something like "anything you create for the company or on company time belongs to the company, and sharing it outside the company without prior agreement is gross misconduct" in every contract.
– BittermanAndy
35 mins ago
1
I don't think ethics or morality is a factor here. The employee published the blog and saying it's morally wrong doesn't help anybody anymore. This is the reason NDAs exist in the first place. And as OP didn't say the country, it might be illegal termination to fire the employee over this incident.
– Sopuli
30 mins ago
1
1
I have no idea whether you are right about the legality of the issue or not, but even if you are, that doesn't mean that "the employee did nothing wrong". It is morally wrong to potentially harm the company you work for by releasing knowledge that it took time, effort, and money to develop.
– Jim Clay
47 mins ago
I have no idea whether you are right about the legality of the issue or not, but even if you are, that doesn't mean that "the employee did nothing wrong". It is morally wrong to potentially harm the company you work for by releasing knowledge that it took time, effort, and money to develop.
– Jim Clay
47 mins ago
1
1
I'm not certain if your explanation of IP is accurate, but your first statement is most definitely inaccurate. Another company may not be legally liable if they use another company's algorithms, but an employee who leaks company secrets is most definitely at fault.
– David K
47 mins ago
I'm not certain if your explanation of IP is accurate, but your first statement is most definitely inaccurate. Another company may not be legally liable if they use another company's algorithms, but an employee who leaks company secrets is most definitely at fault.
– David K
47 mins ago
1
1
@DavidK Depends on contract. If there is no NDA or other clause, nothing restricts you from talking ideas. You can't share the code but you can discuss on general level.
– Sopuli
45 mins ago
@DavidK Depends on contract. If there is no NDA or other clause, nothing restricts you from talking ideas. You can't share the code but you can discuss on general level.
– Sopuli
45 mins ago
I would be shocked to discover there's any software company in the world that doesn't have something like "anything you create for the company or on company time belongs to the company, and sharing it outside the company without prior agreement is gross misconduct" in every contract.
– BittermanAndy
35 mins ago
I would be shocked to discover there's any software company in the world that doesn't have something like "anything you create for the company or on company time belongs to the company, and sharing it outside the company without prior agreement is gross misconduct" in every contract.
– BittermanAndy
35 mins ago
1
1
I don't think ethics or morality is a factor here. The employee published the blog and saying it's morally wrong doesn't help anybody anymore. This is the reason NDAs exist in the first place. And as OP didn't say the country, it might be illegal termination to fire the employee over this incident.
– Sopuli
30 mins ago
I don't think ethics or morality is a factor here. The employee published the blog and saying it's morally wrong doesn't help anybody anymore. This is the reason NDAs exist in the first place. And as OP didn't say the country, it might be illegal termination to fire the employee over this incident.
– Sopuli
30 mins ago
 |Â
show 2 more comments
up vote
0
down vote
The other answers highlighting your need for legal advice right now are correct, but for reasons other than they give.
As the employee disclosed no code, copyright is not a concern here - in pretty much all jurisdictions, you cannot copyright an algorithm.
Patents are an approach, but again have different issues in different jurisdictions - some jurisdictions are "first to file" and some are "first to discover", so you may not have any retroactive cover from any patent applied for today, even assuming the algorithm is patentable.
What you can attempt to pursue is protection for your algorithm under trade secrets laws if they exist in your jurisdiction, which can apply protection and civil and (often) criminal penalties for unauthorised disclosure, even when no copyright or patent is violated.
Also check your employment contract for any non-disclosure agreement, which would certainly apply in this case. Seek legal advice as to how enforceable it is in your jurisdiction and in this specific case.
Once its been established what right of control you have over the algorithms disclosure, I would suggest you have a full team meeting with everyone who has access to the code base in which you discuss what happened, why it is inappropriate to disclose such things as they can be extremely detrimental to the companies operation and their continued employment, and also highlight the potential civil or criminal liabilities such actions can result in.
If the specific employee in question does not come forward after the team meeting, there is little you can do without proof of identity - you can of course hire an investigator to see if they can uncover proof, but then all of this really comes down to what course of action are you intending to take if you do discover their identity.
A slap on the wrist and a "that was really damaging to the company, please dont do it again"? - well, the team meeting will have covered that.
Firing the employee? Intent on taking legal action against the employee? - depends on how badly you want retribution.
answered 17 mins ago
Moo
6,25941824
You can take far worse actions against an employee than firing them, if you want retribution. Firing them is the soft option - it only hurts till they have found their next job, and that might be tomorrow.
– alephzero
4 mins ago
add a comment |Â
up vote
0
down vote
The other answers highlighting your need for legal advice right now are correct, but for reasons other than they give.
As the employee disclosed no code, copyright is not a concern here - in pretty much all jurisdictions, you cannot copyright an algorithm.
Patents are an approach, but again have different issues in different jurisdictions - some jurisdictions are "first to file" and some are "first to discover", so you may not have any retroactive cover from any patent applied for today, even assuming the algorithm is patentable.
What you can attempt to pursue is protection for your algorithm under trade secrets laws if they exist in your jurisdiction, which can apply protection and civil and (often) criminal penalties for unauthorised disclosure, even when no copyright or patent is violated.
Also check your employment contract for any non-disclosure agreement, which would certainly apply in this case. Seek legal advice as to how enforceable it is in your jurisdiction and in this specific case.
Once its been established what right of control you have over the algorithms disclosure, I would suggest you have a full team meeting with everyone who has access to the code base in which you discuss what happened, why it is inappropriate to disclose such things as they can be extremely detrimental to the companies operation and their continued employment, and also highlight the potential civil or criminal liabilities such actions can result in.
If the specific employee in question does not come forward after the team meeting, there is little you can do without proof of identity - you can of course hire an investigator to see if they can uncover proof, but then all of this really comes down to what course of action are you intending to take if you do discover their identity.
A slap on the wrist and a "that was really damaging to the company, please dont do it again"? - well, the team meeting will have covered that.
Firing the employee? Intent on taking legal action against the employee? - depends on how badly you want retribution.
answered 17 mins ago
Moo
6,25941824
You can take far worse actions against an employee than firing them, if you want retribution. Firing them is the soft option - it only hurts till they have found their next job, and that might be tomorrow.
– alephzero
4 mins ago
add a comment |Â
up vote
0
down vote
up vote
0
down vote
The other answers highlighting your need for legal advice right now are correct, but for reasons other than they give.
As the employee disclosed no code, copyright is not a concern here - in pretty much all jurisdictions, you cannot copyright an algorithm.
Patents are an approach, but again have different issues in different jurisdictions - some jurisdictions are "first to file" and some are "first to discover", so you may not have any retroactive cover from any patent applied for today, even assuming the algorithm is patentable.
What you can attempt to pursue is protection for your algorithm under trade secrets laws if they exist in your jurisdiction, which can apply protection and civil and (often) criminal penalties for unauthorised disclosure, even when no copyright or patent is violated.
Also check your employment contract for any non-disclosure agreement, which would certainly apply in this case. Seek legal advice as to how enforceable it is in your jurisdiction and in this specific case.
Once its been established what right of control you have over the algorithms disclosure, I would suggest you have a full team meeting with everyone who has access to the code base in which you discuss what happened, why it is inappropriate to disclose such things as they can be extremely detrimental to the companies operation and their continued employment, and also highlight the potential civil or criminal liabilities such actions can result in.
If the specific employee in question does not come forward after the team meeting, there is little you can do without proof of identity - you can of course hire an investigator to see if they can uncover proof, but then all of this really comes down to what course of action are you intending to take if you do discover their identity.
A slap on the wrist and a "that was really damaging to the company, please dont do it again"? - well, the team meeting will have covered that.
Firing the employee? Intent on taking legal action against the employee? - depends on how badly you want retribution.
answered 17 mins ago
Moo
6,25941824
The other answers highlighting your need for legal advice right now are correct, but for reasons other than they give.
As the employee disclosed no code, copyright is not a concern here - in pretty much all jurisdictions, you cannot copyright an algorithm.
Patents are an approach, but again have different issues in different jurisdictions - some jurisdictions are "first to file" and some are "first to discover", so you may not have any retroactive cover from any patent applied for today, even assuming the algorithm is patentable.
What you can attempt to pursue is protection for your algorithm under trade secrets laws if they exist in your jurisdiction, which can apply protection and civil and (often) criminal penalties for unauthorised disclosure, even when no copyright or patent is violated.
Also check your employment contract for any non-disclosure agreement, which would certainly apply in this case. Seek legal advice as to how enforceable it is in your jurisdiction and in this specific case.
Once its been established what right of control you have over the algorithms disclosure, I would suggest you have a full team meeting with everyone who has access to the code base in which you discuss what happened, why it is inappropriate to disclose such things as they can be extremely detrimental to the companies operation and their continued employment, and also highlight the potential civil or criminal liabilities such actions can result in.
If the specific employee in question does not come forward after the team meeting, there is little you can do without proof of identity - you can of course hire an investigator to see if they can uncover proof, but then all of this really comes down to what course of action are you intending to take if you do discover their identity.
A slap on the wrist and a "that was really damaging to the company, please dont do it again"? - well, the team meeting will have covered that.
Firing the employee? Intent on taking legal action against the employee? - depends on how badly you want retribution.
answered 17 mins ago
Moo
6,25941824
answered 17 mins ago
Moo
6,25941824
answered 17 mins ago
Moo
6,25941824
answered 17 mins ago
Moo
6,25941824
6,25941824
You can take far worse actions against an employee than firing them, if you want retribution. Firing them is the soft option - it only hurts till they have found their next job, and that might be tomorrow.
– alephzero
4 mins ago
add a comment |Â
You can take far worse actions against an employee than firing them, if you want retribution. Firing them is the soft option - it only hurts till they have found their next job, and that might be tomorrow.
– alephzero
4 mins ago
You can take far worse actions against an employee than firing them, if you want retribution. Firing them is the soft option - it only hurts till they have found their next job, and that might be tomorrow.
– alephzero
4 mins ago
You can take far worse actions against an employee than firing them, if you want retribution. Firing them is the soft option - it only hurts till they have found their next job, and that might be tomorrow.
– alephzero
4 mins ago
add a comment |Â
tgreg9 is a new contributor. Be nice, and check out our Code of Conduct.
tgreg9 is a new contributor. Be nice, and check out our Code of Conduct.
tgreg9 is a new contributor. Be nice, and check out our Code of Conduct.
tgreg9 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f122361%2fwhat-to-do-after-an-employee-leaked-our-algorithm%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Hi and welcome to The Workplace. However, is it possible that this might be a better fit for law.stackexchange.com? I'm not sure it's really a workplace issue?
– Time4Tea
1 hour ago
"What steps should I take to confirm this employee's identity" - hire an investigator. Then talk with an IP lawyer. That should have happened long ago. Then decide if the employee should have know better or not. If the former, fire him immediately. If the latter have a long talk with him privately, and then with everyone else in the company publicly.
– Joe Strazzere
49 mins ago
@Time4Tea Hi, my first question is more of a management issue as it relates to my employee's behavior. However, I can move this to law.stackexchange.com if it is better suited there.
– tgreg9
47 mins ago
2
@tgreg9 You are right that your management question is on topic. I would just cut the questions asking for how to handle the IP from a legal perspective and maybe ask those specific parts at Law.
– David K
46 mins ago
Not much you can do other than an internal company investigation and possible disciplinary action. Legally its not worth your time or effort since even if a competitor now copied the algorithm its unlikely you'll ever find out or be able to prove anything.
– solarflare
33 mins ago