Businesses are warned to think about whether they can track who has access to their commercial data, following allegations from building suppliers group Natbuild that an employee at rival Mitre 10 gained access to the group’s member website and details of confidential agreements with its trading partners.
Fairfax reports the National Building Suppliers Group filed an affidavit in the Federal Court last week, alleging computers registered to Mitre 10 and its subsidiary Danks had been used to access trading agreements through Natbuild’s member website.
The affidavit reportedly alleges that a Mitre 10 employee then contacted Natbuild supplier Corinthian Doors seeking better rebates based on the confidential information accessed.
Natbuild had initially thought the information could have obtained because one of its former members had been acquired by Mitre 10 this year, but on review, the dates of the information that had been accessed did not match up with this acquisition.
Audits of access of the Natbuild TradeNet site reportedly revealed that supplier agreements, meeting minutes and price lists had been accessed by computer with IP addresses registered to Mitre 10 and Danks. According to the report, the agreements accessed cover supplier agreements worth more than $350 million.
In a statement to the Australian Financial Review, Natbuild chairman Martin Hartcher said he was concerned the information had been “accessed unlawfully” and could impact on confidentiality of Natbuild’s supplier agreements.
Natbuild has been granted an injunction against Mitre 10, an employee and Home Timber and Hardware and Danks, restricting these organisations from accessing or using Natbuild’s materials, ahead of a court hearing later this year.
When contacted by SmartCompany this morning, Hartcher and Natbuild said there was nothing further to add on the case at this stage.
SmartCompany contacted Mitre 10 parent company Metcash for comment but did not receive a response prior to publication.
Information security key
John MacPhail, partner at Lynch Meyer Laywers, says cases involving the inappropriate use of commercially sensitive information are common, but businesses should keep in mind that “human stuff ups” and the actions of staff can play a role when this information is inappropriately accessed.
“It’s often not a technical let down, it’s usually that a human has stuffed up,” he says of cases in which a business discovers a competitor has their information.
It is often difficult to quantify the exact loss that is caused when another party accesses your pricing information, MacPhail says, making it difficult to “get any money out of it” if this happens.
While a business is able to ask for a court injunction to stop other parties from using that information, it can be hard to claim for damages, and MacPhail warns SMEs to ensure they don’t “leave confidential information lying around”.
He advises businesses to ensure they review data access processes and make sure confidential information is restricted as much as possible.
TressCox partner Tony Mylne agrees cases like this one are very common, and in general terms the best thing for businesses to do is make commercially sensitive information as secure as possible.
“Access to critical information needs to be sparing, well-documented, secure. You need to know who has accessed it and who hasn’t,” he tells SmartCompany.
While a business that suspects a competitor of having access to its information is able to seek an injunction to stop this, Mylne also says it’s better to work on prevention.
This includes ensuring data is secure, tracking who has access to it across the company, and making it clear to all employees within your own business that misusing data is unacceptable.
He recommends businesses get advice before pursuing any suspected cases of data misuse.
“You’ve got to as a business be quite intelligent about picking your marks. Get some legal advice around what your rights are, but then you also need to protect those rights fairly aggressively,” he says.