A Montreal IT company got hot a few days ago when it noticed that an ex-employee had downloaded the data of 530,000 current and potential customers. Fearing, among other things, that the information would end up with competitors and be heavily penalized, the company acted quickly. In less than two, lawyers for Lulu Software requested an injunction order to seize the personal devices of the former employee.
The seizure made it possible, according to the request which required rapid action, to recover the confidential information. This seizure and an affidavit by the ex-employee subsequently determined that there had been no wrongdoing or intention to sell the information, which the employee allegedly downloaded in error. No charges will be brought against him.
“The company is very satisfied with the order which made it possible to recover all the information without any third party having access to it,” explains Me Marc-André Landry, from LCM Avocats, which represents Lulu Software. It’s a happy ending. ”
Lulu Software notably develops software for managing and editing PDF documents.
More alerts from Desjardins
The story of the Desjardins data breach, publicized a year ago, has made companies aware of how to better protect themselves and to react quickly in such cases. “No one is safe from theft, unfortunately, but people are more on the lookout now,” says Me Marc-André Landry.
There is clearly an educational virtue in all of this, because Desjardins is known to everyone and she was hit hard. Companies are saying to themselves: it’s time to wake up. Especially since there are new regulations aimed at strengthening data protection.
Jean Loup Le Roux, founder of I&I Strategy and IT security specialist
Was the method used by Lulu Software, in discovering the leak, justified? Yes, according to his lawyers. “Because we have competitive information and which concerns third parties, answers Mr.e Landry. It’s part of the value of a business. And the data protection legislation is made very strict. ”
As such, we read in the request that Lulu Software, which has customers in North America and Europe, is notably subject to the General Data Protection Regulation of the European Union, in force since 2018.
“Lulu Software is exposed to serious penalties (civil, administrative and criminal) in the event of misuse of collected data or violation of regulations, which can reach, for example, for a first infringement, up to 10 million euros or up to 2% of the global annual turnover of the target company. ”
The cases of data leaks are increasing, notes Jean Loup Le Roux. More than ever, we must act quickly, he judges. He nevertheless considers that the measure requested from the court by Lulu Software (Anton Piller-type order, which allows rapid seizure to protect evidence) can in certain cases be triggered improperly.
Still, the security specialist notes a welcome rise in awareness of companies with regard to data protection and the mechanisms that must be put in place to protect themselves from such acts.
“People are always at the heart of the problem,” says Jean Loup Le Roux. And a lot of errors come from within. It is therefore important that employees are supervised and that there are reminders, to implant reflexes in their heads. ”
– With Louis-Samuel Perron, Press