Stolen-Coke-Secrets Case Could Spur Review of Security Policies

U.S. bosses could be scurrying to lock file cabinets and recover printouts from their waste baskets after federal prosecutors this week charged three people with stealing information from Coca-Cola Co. (KO) and trying to sell it to rival PepsiCo Inc. (PEP).

"Companies invest substantial sums of money in technology today," said Chris Renk, a partner at law firm Banner & Witcoff, which specializes in intellectual property law. "They make use of passwords and firewalls to lock up trade secrets and sometimes they overlook the simple things."

In the Coke case, Joya Williams, 41, an administrative assistant who worked for the director of global brand marketing at Coca-Cola was the source of the trade secrets that were to be sold, prosecutors charged Wednesday.

Video surveillance showed Williams at her desk going through files in search of documents and stuffing them in her bags, prosecutors said.

While the episode highlights the importance of simple security measures such as locking up confidential documents, it also puts the spotlight on thorough background searches of employees of all levels, surveillance experts said.

"A lot of times companies say 'This person is just a secretary and I don't need to do everything on them as far as screening,"' said Jason Morris, president of employee screening firm Background Information Services. "Your secretary may not have the keys to the safe but he or she may have access to your CEO's e-mails, which could have the formula for a Coke product in them."

The Coke episode is a wake-up call for many American corporations to put their security policies under the microscope.

"When anything happens on a magnitude like this in a competitive industry, it forces everyone to stop and re-examine what their existing policies are," said No. 2 U.S. beer maker Miller's spokesman Pete Marino.

And Ron Wilson, chief operating officer of bottler Philadelphia Coca-Cola Bottling Co, agrees. "We might have to review our systems — and we will," Wilson said.

Coke Chief Executive Neville Isdell also said in a memo to employees that the company will review its information protection policies.

One way to ensure a tighter rein on confidential documents would be to allow well-monitored but controlled access to such information.

"Maintenance of access to trade secrets on a need-to-know basis is critical," Banner & Witcoff's Renk said. "In Coke's case, it seems like the administrative assistant who didn't need to have access to such information did indeed have access to the trade secrets."

But despite having stringent security measures in place, it is important not to create an environment of fear and distrust among employees, analysts said.

"The problem with oversecuritizing is that you put too much under wraps and you don't get the benefit of people interacting each other," said Manny Goldman, a beverage industry consultant.