打开手机,扫一扫二维码
即可通过手机访问网站
打开微信,扫一扫二维码
订阅我们的微信公众号
| 作者:詹姆斯·普利 (James Pooley)
“A security-focused exit interview will certainly inquire about the sources of any discontent, but not merely to gather suggestions for improving the workplace. Instead, reasons for leaving can provide clues about what the employee intends to do.” — 保罗·西蒙” It was February 2017 when Waymo, Google's self-driving car unit, sued Uber in what would become the biggest trade secret case of the century. Waymo alleged that its former manager, Anthony Levandowski, had organized a competing company while still at Waymo, and before leaving had downloaded 14,000 confidential documents. As it turned out, Uber had known about this when it agreed to pay $680 million for Levandowski's brand new startup; and we've already looked at how the hubris of that hasty transaction provides lessons for hiring in new markets driven by emerging technology. 1 Misappropriation Discovered by Mistake 意外暴露的不当使用 It wasn't until December, almost a year after Levandowski's massive collection, that Waymo claimed to have evidence that Otto/Uber was using its secret technology. This came in the form of an email from an Otto vendor attaching a circuit diagram, sent by mistake to Waymo instead of Otto. This drawing, according to the complaint, bore a “striking resemblance” to Waymo's proprietary technology. It was the “smoking gun” that Waymo was waiting for to file the case. 2 HR Views the Exit Interview Too Narrowly 人力资源部对离职面谈的理解过于狭隘 But here's the problem. Exit interviews traditionally are designed and executed by the Human Resources function. And HR professionals see them in a very limited way. Just take a look at any of the literature and you will see that the purpose of the exit process is to find out what made the employee decide to leave. Even if they are being let go, feedback from the interview might improve the company's people management through insights from those who, because they are on their way out, will be brutally honest about perceived problems. 3 It's Really About Assessment of Risk 至关重要的风险评估环节 In reality, the exit interview process forms a vital part of any trade secret management program. It represents the company's last clear chance to both assess the risk represented by the employee's leaving and to clarify expectations about how they should behave to protect the sensitive information they've been exposed to. Indeed, it is only by directly confronting the departing employee about their plans that the company can reach any useful conclusion about the risks and make informed decisions about reducing them. So don't limit it to ticking off some boxes on a form, but insist on a thorough discussion. There's a reason it's called an “interview.” 4 A Final Opportunity to Reinforce Your Trade Secrets 强化商业秘密的最后机会 Having received both verbal and written assurances that the employee will leave behind all company devices and data, the interviewer should explore the risk represented by what the employee will be carrying in their head when they leave. That assessment requires a robust discussion of the new employment and how doing that job might pose a threat of even inadvertent disclosure or misuse of secret information. Frequently, this kind of concern can be addressed with the direct question: “Please help me understand how you will be able to do what you've described at the new job while respecting the confidentiality of the information you've been exposed to in this one.”
“以风控为目的的离职面谈一定会询问员工离职的原因,但这不仅是为了收集改善工作环境的建议。相反,离职原因可以为了解员工离开后的打算提供线索。”
“There must be 50 ways to leave your lover. — Paul Simon
“一定有五十种方式可以离开你的爱人。
2017年2月,谷歌旗下的自动驾驶汽车公司Waymo起诉了Uber,这起案件或将成为本世纪最大的商业秘密诉讼案。Waymo指控其前经理安东尼·莱万多夫斯基在Waymo任职期间成立了一家竞争公司,并在离职前下载了14,000份机密文件。事实证明,Uber是在明确知道此事的情况下同意以6.8亿美元价格收购莱万多夫斯基创立的公司;我们此前已经讨论过新兴技术领域中这些疏忽给招聘工作带来的教训。
But what about Waymo, the left-behind company? Is there anything to be learned from how it handled the matter? To be sure, it scored points for putting on a convincing case in court. After just a few days of trial, to the disappointment of hundreds of journalists, the dispute was settled, with Uber paying $245 million in stock. Levandowski was forced into bankruptcy and found criminally liable, saved from a jail term only by President Trump's pardon. It certainly seemed as though Waymo had “won.” But would it have been even more successful if it had avoided the dispute entirely?
但是,原来没有提及的Waymo公司呢?它在处理这类问题时的方法有什么值得借鉴的?的确,Waymo在法庭上表现得很有说服力。令记者们失望的是,经过几天庭审后双方很快就达成了和解,Uber支付了价值2.45亿美元的股票,而莱万多夫斯基被迫破产并被判有刑事责任,多亏特朗普总统的赦免才避免了入狱。看起来Waymo似乎“赢了”,但如果它能彻底避免这场纠纷,是否会更加成功呢?
Waymo's complaint, which you can find here, implies that it was in the dark about what Levandowski was up to when he left, despite the fact that while still employed he had downloaded all those documents describing its proprietary sensor technology. Over a month later (in late January 2016), after having established his deal with Uber, Levandowski resigned. In May, his new company, Otto Trucking, emerged from “stealth mode” and by August had been acquired by Uber. In the meantime, several other Waymo employees had left to join him, and on their way out of Waymo had also downloaded a few proprietary documents.
Waymo在诉状中暗示其对莱万多夫斯基离职时的所作所为并不知情,尽管莱万多夫斯基在职期间就下载了所有那些描述专有传感器技术的保密文件。一个多月后(2016年1月底),在与Uber达成协议后,莱万多夫斯基从Waymo辞职。五月份,他的新公司Otto Trucking摆脱了“隐秘模式”,八月份就被Uber收购。在此期间,其他几名Waymo员工也辞职投奔莱万多夫斯基,他们离职前也同样下载了一些Waymo保密文件。
直到十二月,几乎在莱万多夫斯基大量收集保密技术文件的一年后,Waymo才声称掌握了Otto/Uber使用其保密技术的证据。这是一封来自Otto的一家供应商的电子邮件,该邮件附带了一张电路图,该邮件本应发给Otto但错误地发送给了Waymo。Waymo在起诉状中指出这张图纸与Waymo的保密技术“惊人相似”。这正是Waymo等待已久用来提起诉讼的“铁证”。
But let's pause for a moment and consider that if Waymo had known more of the facts at an earlier time, it might have been able to intervene to prevent Uber's acquisition of Otto, or at least to limit the damage from whatever information Levandowski may have passed on to the Uber design team. What if, at the time he resigned his position, Waymo knew that he had taken the 14,000 files and was planning to start a self-driving truck company? It doesn't take much imagination to conclude that the whole unfortunate drama could have been prevented.
但让我们停下来想一想,如果Waymo能更早些掌握更多情况,它就可能阻止Uber收购Otto,或至少减小因莱万多夫斯基向Uber设计团队泄密而造成的损害。如果Waymo能在莱万多夫斯基辞职时就知道他已经拿走了14,000份文件并且打算创办一家自动驾驶卡车公司呢?那么不难想象,这整个不幸的故事是可以避免的。
Why didn't Waymo realize that its trade secrets had been compromised immediately after the download? At the very least, considering Levandowski's extensive access and knowledge, you would have expected the company to insist on questioning him before he left. That process, which is widespread among companies of all types and sizes, is referred to as an “exit interview,” and as we will see it can be a critical step for any business that is losing high-level talent.
为什么Waymo没有在莱万多夫斯基下载文件后立即意识到其商业秘密已被不当获取?至少,考虑到莱万多夫斯基能广泛接触和知晓保密信息,你本以为公司应当在他离职前对他进行问询。这个过程在各种类型和规模的企业中都很普遍,被称为“离职面谈”。正如我们将看到的那样,这对于任何一家正在流失高级人才的企业来说都是一个至关重要的步骤。
问题在于,离职面谈通常由人力资源部门设计并执行。而人事对离职面谈的认识非常有限。只要翻阅一下相关文献你就会发现,离职面谈的目的是找出员工离职的原因。即使他们即将被解雇,也可能从离职面谈中得到能帮助改善人员管理的建议,因为即将离职的员工通常会坦率地说出他们认为存在的问题。
According to an article in the Harvard Business Review, the objectives of an exit interview are directed inward at the company being left, for example “gaining insight into managers' leadership styles” and “soliciting ideas for improving the organization.” A leading HR association promotes exit interviews as “giving the company a unique perspective on its performance and employee satisfaction.” And there's even a Wikipedia article on the subject, suggesting that they can be helpful to “reduce turnover . . . and increase productivity and engagement.” No one ever talks about the interview as a tool to reduce loss and maintain control over information assets.
根据《哈佛商业评论》中的一篇文章,离职面谈的目的是针对离职公司的内部,例如 "深入了解管理者的领导风格 "和 "征求改进组织的意见"。一家头部人力资源协会认为离职面谈能够 "帮助公司从独特的角度了解其业绩和员工满意度"。维基百科上甚至有一篇关于离职面谈的文章,认为它有助于 "减少人员流失......提高生产力和参与度"。但从未有人把离职面谈当作一种信息资产减损和控制工具。
事实上,离职面谈应当成为公司管理商业秘密的重要环节。公司既能利用此次机会最后一次评估员工离职带来的风险,又能向员工明确员工应如何保护所接触到的敏感信息。确实,公司也需要直接面对即将离职的员工,了解他们的计划,公司才能对风险得出有用的结论,并做出降低风险的明智决定。因此,离职面谈不要局限于在表格上打勾,而要坚持进行深度对话,这正是它被称为 "面谈"的原因。
Collecting relevant information doesn't necessarily depend on getting straight, fulsome responses. Sometimes body language speaks loudly, and a direct “I don't have to tell you that” can lead to an elevated concern and trigger a more intensive inquiry. If a high-level engineering manager claims that he's leaving to start an ice cream shop with his cousin, you may be excused for thinking that something is not quite right and digging deeper. One way to do that is a forensic examination of the employee's computer and recent history of system usage, including – ahem – unusual or excessive downloading of files.
收集信息不仅仅依赖直截了当、言之凿凿的回答,有时,肢体语言能表达更多,一句直白的 "我没必要告诉你 "能引发更多的关注和更深入的问询。如果一名高级工程经理声称他辞职是为了和表弟一起开一家冰淇淋店,你就应当产生合理怀疑并进行更深入的调查。方法之一是对员工的电脑和系统中的近期使用记录进行取证检查,包括非必要或超量下载的文件。
A security-focused exit interview will certainly inquire about the sources of any discontent, but not merely to gather suggestions for improving the workplace. Instead, reasons for leaving can provide clues about what the employee intends to do. For example, if they were disappointed that the company didn't immediately embrace their idea for a new product or process, they may think that they are free to use it themselves. That kind of misperception needs to be corrected, and this may be your final opportunity to do it.
以安全为侧重点的离职面谈当然会询问员工对公司任何不满的根源,但不仅仅是为了收集改善建议。相反,离职原因能为推测员工的后续安排提供线索。例如,当员工对公司没有立即采纳他们的新产品、新工艺点子感到失望时,他们可能认为自己能自由应用这些点子。这种错误认识需要纠正,而离职面谈也许是公司纠正这类错误认知的最后机会。
Indeed, another critical part of the process is confirming and reinforcing the employee's obligations to return all company devices and information. Usually, this discussion revolves around some sort of written termination statement by the employee acknowledging those obligations and confirming that all security policies have been complied with. They should specifically assure that they do not possess any company information, including in personal email accounts or in private cloud storage platforms like Dropbox. Any refusal to sign such a document should lead to escalation to relevant managers.
事实上,离职面谈的另一个要点在于确认、加强员工归还所有公司设备和信息的义务。通常情况下,这种讨论围绕员工的书面离职声明展开,员工书面离职声明中表示其知晓应当履行的义务并确认遵守所有安全政策,还应特别保证不保留任何公司信息,包括个人电子邮箱账户或 Dropbox 等私人云存储平台中的信息。任何拒绝签署此类文件的行为都应向相关管理人员上报。
在员工通过口头和书面形式保证他将归还所有公司设备和数据以后,离职面谈人员应当继续探讨员工离职时头脑中记忆的信息对应着怎样的风险。相关评估要求对新的工作以及从事该工作如何可能造成甚至是无意中泄露或滥用原公司保密信息的威胁进行充分讨论。这些顾虑往往可以归结为一个直接的提问:"请问你将如何既能在新工作中做到你描述的那样同时对此前工作中接触的信息进行保密"。
A final area of emphasis is not about gathering information but instead delivering a message about the integrity of your property. As we've already noted, this is the last practical chance to put a point on the employee's continuing obligations after departure. If the company has provided a robust training program that emphasizes the role of the workforce in protecting trade secrets, this will be a straightforward reminder. Conversely, if the company has not invested in regular communication around these issues, then you will have to step up the intensity of messaging at the time of departure, perhaps extending to formal letters to the employee and their new employer.
离职面谈最后的关注点不在于收集信息,而是传递关于公司财产完整性的信息。如前所述,离职面谈是强调员工离职后履行持续保密义务的最后机会。如果公司开展了完善的培训去强调员工在保护商业秘密中的作用,这当然是很直接的提醒;但如果公司没有就相关问题与员工进行过定期沟通,那就必须在员工离职时反复强调,也许还可以向员工及其新雇主发送正式告知函。
The best time to deal with risks is before they have matured into reality. It's not very efficient to discover and mitigate a harmful misappropriation later, when it could have been prevented at the outset.
应对风险的最佳时机是在风险变成现实之前。比起在保密信息泄露后才开展调查和弥补损失,积极预防、制止泄密行为显然是更高效而明智的选择。