Take our free quiz to determine if your comapny is at risk

Case Study: Dell's response to a former employee causes backlash

On June 14th, 2007 a former Dell Sales Manager posted 22 confessions to a public forum on the internet. In his confessions he used his insider knowledge to outline how a person could cheat Dell's system to get cheaper computers than otherwise possible, abuse the warranty system to get new laptops after a model is no longer in production, how to get bargains on printer cartridges from “cool” kiosk employees, and many more secrets and strategies that only a company employee would know. It is sad to say that threats like this are not uncommon on the internet today. Any company who entrusts their employees with critical knowledge about sales policies and procedures is vulnerable to this kind of action by an ex-employee.

After valuable information like this is posted to a high traffic site, it spreads like wild fire across the rest of the internet. In this particular case the post was made to The Consumerist, a popular online blog, and within the day it was picked up and spread to many other sites such as Digg, Slashdot, Fark, and Reddit. Each of those sites has a huge reader base, many of whom posted blurbs about the story on their own blogs and forums. This viral effect happened because the post contained so much proprietary and confidential information that it could not be ignored. If the post had contained only one or two points, instead of 22, the effect would not have been as intense and perhaps Dell would have stood a chance of containing the damage.

On the same day, Dell's legal counsel sent an email to The Consumerist informing them the information was proprietary and confidential and demanded that they take it down. However, at that point the damage was done, the number of people who had read it had reached a critical mass and there was no way the post could be retracted. If Dell had done more in-depth research they would have also known how The Consumerist was likely to respond to their request. Instead of taking down the post, The Consumerist made another post with the email conversation between the editor and Dell's representative. When trying to get threatening information removed from the web, it is critical to first research the site where the information is posted, consider multiple strategies, and find the one that is most likely to work in that specific case. A simple take-down request will be honored in many cases, but in some cases like this one, it could make the situation worse.

A second round of the internet viral effect ensued and all of the sites who picked up on the first post also added the new post to their sites. The audience of the original material had effectively doubled because of the way Dell handled the situation. At that point there was nothing else Dell could do, the "22 confessions" were on the internet for good, and they had been further humiliated by having their legal requests also posted on the internet for everyone to see. On June 18th Dell made a post on their official blog apologizing and trying to save face by saying, "Now's not the time to mince words, so let me just say it ... we blew it ... We shouldn't have sent a notice". That blog post was also posted on The Consumerist.

Something like this happening to a large company is almost inevitable, but there are ways to decrease the likelihood and minimize the damage when it does happen. The most effective way to prevent it from happening is to have a proactive strategy for protecting confidential and proprietary information. This could include having strict employment agreements and confidentiality obligations for all employees. It is also important to provide ongoing training to all current employees regarding those procedures and to consistently enforce them. Managing ex-employees is also an area that many companies overlook, keeping in touch with former employees and reminding them they have obligations to the company even though they don't work there anymore is a good place to start. When an incident does happen, it is essential to catch it as quickly as possible. An online monitoring service like webArgos is constantly on the lookout for breaches of security like this and can inform companies as soon as they happen. Finally, when you are trying to get a threat removed it is best to be cautious, consult with professionals, and find a strategy that will work for the specific case before taking any action.