Termination, IP Suits, and Earn-Outs: Which Salesforce Data is Most Useful in Legal Matters?

Examining all the user activity and access in a CRM like Salesforce can go a long way toward helping your defend your business against costly legal suits and countersuits.

When it comes to legal matters, discovery can be made infinitely more complicated by the sheer amount of unstructured data held across applications. The lawyers are at the front line of attack, but it’s important to be able to help them translate the importance of specific data held in mission-critical cloud applications. Forensic investigations could touch a variety of applications, including CRMs like Salesforce. So what Salesforce data is most useful in legal matters – and how can you uncover it?

What Are You Protecting in Salesforce?

A CRM may hold simple information, like phone calls made, account state of play, or sales pipeline data.

“Most of the data are not that interesting or scary, but there is some stuff that can be very important to all types of cases,” said David Taber, CEO of the Salesforce.com consultancy SalesLogistix and author of “Salesforce.com Secrets of Success.” In an intellectual property case, for example, this might include price books, discount schedules, quotes, won and lost deals — even customer complaints.

“The classic scenario is, on their way out, the salesperson takes reports — or even their laptop full of data — walks into their new employer and uses, or attempts to use, the data in their new firm,” Taber explained. “This is totally illegal, but stuff like this happens.”

That makes it imperative to protect both your data and your systems – against data theft and the introduction of stolen data.

“You don’t want to be on the other end of an intellectual property theft suit, so you need to have controls over what gets imported,” said Taber. “Just having somebody sign a stipulation on their employment contract isn’t enough. You need to make sure you have protection against data that ‘fell off a truck,’ because that could be very dangerous data.”

What Types of CRM Data Can be Most Useful?

A CRM’s audit logs can reveal how users are interacting with the system and what they’re doing with data. For example, you can learn:

  • When users are logging in and how long they’re staying. This can be a good indication of whether the workforce is using the system – and, potentially, doing their job. A change in login patterns may also reveal data theft, said Taber. “If somebody who doesn’t ever log in on the weekend is suddenly logging in all weekend and running reports, they’re either very diligent or stealing information.”
  • Data additions and modifications. This will show you who added what, and when. For imports, this can help ensure you’re not on the receiving end of a data dump you shouldn’t have. And exports can show you any data that’s potentially being taken out the door by existing or departing employees.
  • Justification for archiving or deleting data. This is a “whodunit” on the system configuration itself. “If all of a sudden, a bunch of data is hidden or added to a page layout, you want to know who did that,” said Taber. “Particularly if they’re a contractor and you have a statement of work in progress, you want to understand when they made changes and how big the changes were.”

Your CRM system, like Salesforce and other mission-critical cloud applications, contains a lot of sensitive data. But how dangerous is it? It depends on the situation. Here are seven scenarios where CRM data can be useful.

7 Legal Scenarios, and Where to Find the Most Useful Data

  1. Wrongful termination suit. Can you prove an employee was fired for cause? “If you can prove they didn’t log in or use the system or update any records, that’s pretty powerful,” Taber said. Look at login or table history in those cases. Anything done against policy, on the other hand, may show up in table history, report/export events, or import events.
  2. Improper sales tactics and spamming. If your company could be on the hook for spamming or other prohibited sales or marketing tactics, certain areas of your Salesforce instance can reveal important information about those violations. For example, did emails go to those who weren’t opted in? Look at the activity and leads tables. Were given pricing and terms improper? Check quotes, deals, and the accounts
  3. IP theft: Did a terminated employee remove data from your org for personal or competitive? You can look at report or export events to determine any unauthorized data exfiltration. Several tables and histories can also reveal whether a current employee brought a prior employer’s data into your org.
  4. Patent infringement suit. A time-series data analysis of won and lost deals and their amounts can reveal a lot about potential damages. “If the other side is claiming they lost a bunch of deals, you can say, ‘You may have lost a deal to Boeing, but I never sold to Boeing, so that deal’s off the table’,” Taber said. Here, you’ll need to incorporate non-CRM data, as well, such as competitors’ deals and market share, for the greatest insight.
  5. Investor suits Many class-action investor suits deal with sales forecasting and deal pipelines. Here, most of the action will be on the opportunity table, but there are some other places you can look. Again, a time-series analysis of win/loss, deal amounts, quotes, quotas, and forecasts will be useful here, along with non-CRM data.
  6. M&A “earn out” agreement. In a merger or acquisition, revenue achievement can make or break a payout. If you’re challenged by a plaintiff saying something like, “My product would have sold three times as much if your sales team hadn’t messed it up,” you can perform forensic work in the CRM on forecast data. Look for bogus pipelines and mysterious disappearances from the forecast.
  7. System integrator nonperformance. These types of suits can be surprisingly expensive, with countersuits inflating the total amount of damages into the millions. If a consulting firm’s project has led to a suit – lack of payment countered by lack of performance – you can show the state of the system when they stopped working. Look at the case table, the setup audit trail, and the sandbox, and plan to correlate with other non-CRM data, particularly email.

Cloud applications like Salesforce log many interactions. As most organizations are beginning to use Salesforce and other cloud apps as CRM tools, these tools are evolving beyond a simple contact database into a full-featured repository of sensitive information. Understand how the data locked within can reveal the truth, and how to locate that data. Interpreting its meaning for the legal team will help your company save time and money on discovery, prevail in lawsuits, and help increase trust and visibility organization-wide.

Start monitoring for changes to security controls, sales pipelines, data theft and more with a 14-day trial to Imprivata FairWarning for Cloud Solutions for Salesforce.