📦 Return of Company Property & Device Surrender Demand Letters
Recover hardware, access credentials, and confidential data from departed employees and contractors
Contractual and Policy Basis for Return

Most employers have multiple legal bases for demanding return of property:

Source Typical Language
Offer letter / Employment agreement "Upon termination, Employee agrees to return all Company property, including but not limited to computers, phones, access badges, keys, documents, and data."
Employee handbook "All equipment, materials, and information provided to employees remain Company property and must be returned immediately upon separation."
IT/Acceptable Use Policy "Employees have no expectation of privacy in Company devices or systems. All hardware and data must be returned upon request."
Confidentiality agreement "Employee certifies that upon termination, all confidential information, documents, and materials (physical and electronic) will be returned or destroyed."
Separation agreement "As a condition of severance, Employee agrees to return all Company property and certify destruction of all copies of confidential information."
💡 Pro Tip: Even if you don't have explicit contract language, common law supports your right to recover property that belongs to you. However, written policies make enforcement much easier and reduce disputes.
Supporting Legal Doctrines
Legal Theory Application Limitations
Breach of contract Violation of agreement to return property Requires written contract with clear return obligation
Conversion Wrongful exercise of dominion over your tangible property (laptops, phones, etc.) Requires intent to deprive you of possession; may not apply to data
Trespass to chattels Wrongful interference with your possessory rights in property Generally for physical property; digital property is gray area
Trade secret misappropriation Retention of confidential data = ongoing misappropriation Must qualify as trade secret under CUTSA/DTSA
Computer Fraud (CFAA) Unauthorized access to company systems after termination Narrow application; mainly for hacking or continued system access, not passive retention
⚠️ CFAA Caution: The Computer Fraud and Abuse Act (18 U.S.C. § 1030) is primarily for unauthorized access to systems, not merely retaining data you once lawfully accessed. Don't overclaim CFAA violations in your demand letter—courts are skeptical of CFAA claims in employment disputes. Focus on contract breach and trade secret misappropriation.
Certification Requirements

Many agreements require the departing employee/contractor to certify that they have:

  • Returned all company property
  • Deleted all confidential information from personal devices and cloud accounts
  • Not retained copies of company data in any form
  • Not disclosed confidential information to third parties

If your policy includes certification requirements, demand a signed certification statement as part of the return process. This creates powerful evidence if you later discover they retained data.

Timing: When to Send the Demand
Scenario Timing
Voluntary resignation Send checklist/demand on last day of work or within 24 hours of departure
Termination for cause Collect property immediately during termination meeting; send formal demand same day
Layoff / reduction in force Collect during exit meeting; send confirmation/demand within 24 hours
Contractor project completion Send with final payment or as condition of final payment
Discovery of missing property post-departure Send immediately upon discovery; delay weakens urgency and may suggest you don't care
Physical Hardware
☐ Laptops and desktop computers (including power adapters, mice, keyboards)
☐ Mobile phones and tablets (company-issued or BYOD with company accounts)
☐ Monitors and peripherals
☐ USB drives, external hard drives, SD cards
☐ Chargers, cables, dongles, adapters
☐ Headsets, webcams, microphones
☐ Printers, scanners, fax machines (if assigned)
☐ Corporate credit cards and procurement cards
☐ Access badges, key fobs, security tokens
☐ Office keys, parking passes, building access cards
☐ Company vehicles (if applicable)
Documents and Physical Media
☐ Paper files, binders, printouts
☐ Notebooks, planners, meeting notes
☐ Business cards (company-issued)
☐ Confidential documents, contracts, proposals
☐ Training materials, manuals, SOPs
☐ Marketing materials, brochures, promotional items
Digital Assets and Access
☐ Company email account credentials (to be disabled by IT)
☐ VPN access and remote desktop credentials
☐ Cloud storage accounts (Dropbox, Google Drive, OneDrive, Box)
☐ SaaS platform logins (Salesforce, Slack, Asana, GitHub, etc.)
☐ Social media account access (LinkedIn company page admin, Twitter business accounts)
☐ Domain and hosting credentials (if employee managed websites)
☐ Password manager vault contents (if used for company passwords)
☐ Two-factor authentication devices (hardware tokens, Yubikeys)
🔐 IT Security Checklist: While demanding physical return, immediately disable all system access: revoke email, VPN, cloud storage, and application logins. Don't rely on the employee to "hand over" credentials—proactively terminate access via IT.
Specialized Equipment by Industry
Industry Additional Property to Recover
Healthcare Medical devices, pagers, HIPAA-compliant laptops, patient data (must be securely destroyed)
Construction / field services Tools, safety equipment, company vehicles, fuel cards, uniforms
Sales Demo products, sample inventory, client gift inventory, corporate credit cards
Tech / software Development environments, code repositories (ensure no unauthorized forks), API keys
Finance Trading platform access, market data terminal credentials, Bloomberg terminal logins
Creating a Comprehensive Inventory

Maintain an asset inventory for each employee/contractor from day one. Track:

  • Asset tag / serial number for all hardware
  • Date issued and condition at issuance
  • Assigned user and department
  • Value (for conversion damages if not returned)
  • Software licenses tied to specific devices or users

When an employee departs, cross-reference this inventory in your demand letter to show exactly what's missing.

The Digital Data Problem

Even if the employee returns the physical hardware, confidential data may still exist in multiple locations:

Location Risk How to Address
Personal devices Files emailed to personal accounts, downloaded to personal laptop/phone Demand certification of deletion from all personal devices
Personal email Forwarded company emails containing confidential info Demand deletion of all forwarded emails and attachments
Personal cloud storage Dropbox, Google Drive, iCloud, OneDrive synced with company files Demand deletion and certification; may request access to verify if litigation likely
External hard drives / USB Backups or copies made "just in case" Demand return of all external media and certification that no copies exist
Cloud collaboration tools Slack messages, Notion pages, Asana tasks exported or saved Revoke access immediately; demand deletion of any offline copies
Code repositories GitHub forks, GitLab mirrors, local git clones on personal machines Demand deletion of all forks, clones, and local repositories
⚠️ You Can't Force Deletion Without Legal Process: Your demand letter can request deletion and certification, but you generally cannot force the employee to let you access their personal devices to verify deletion. If you need to confirm deletion, you'll need to pursue litigation and discovery (forensic imaging, interrogatories, depositions).
Certification of Data Deletion

Include a certification template in your demand letter requiring the employee to sign and return:

CERTIFICATION OF RETURN AND DELETION

I, [Employee Name], hereby certify under penalty of perjury that:

  1. I have returned all Company property, including all hardware, documents, access credentials, and materials listed in Exhibit A;
  2. I have deleted all Company confidential information, documents, files, and data from my personal devices, including computers, phones, tablets, USB drives, and external hard drives;
  3. I have deleted all Company emails, attachments, and data from my personal email accounts (including [list specific accounts if known]);
  4. I have deleted all Company data from my personal cloud storage accounts, including Dropbox, Google Drive, iCloud, OneDrive, and any other cloud services;
  5. I have not retained any copies, backups, or derivatives of Company confidential information in any form or location;
  6. I have not disclosed any Company confidential information to third parties, including my new employer;
  7. I will not access any Company systems, accounts, or data after the date of this certification.

Signed: _________________________
Date: _________________________

Data on BYOD (Bring Your Own Device)

If the employee used a personal device for work under a BYOD policy, you face additional challenges:

Issue Solution
Can't demand return of personal device Demand deletion of company data and apps; if company used MDM (mobile device management), remotely wipe corporate partition
Commingled personal and work data Demand deletion of work data only; cannot force deletion of personal data
No visibility into compliance Require written certification; reserve right to pursue forensic verification if litigation ensues
Employee refuses to delete Pursue trade secret misappropriation claim and seek court order
💡 MDM Solutions: If you use Mobile Device Management software (Intune, AirWatch, Jamf, etc.), you can remotely wipe corporate data from BYOD devices without affecting personal data. Exercise this option immediately upon termination, then follow up with a demand for certification.
Preservation vs. Deletion

There's a tension between demanding deletion and preserving evidence for litigation:

  • If litigation is NOT anticipated: Demand immediate deletion and certification to minimize ongoing exposure
  • If litigation IS anticipated: Send a preservation notice prohibiting deletion, alteration, or destruction of data, then seek court-ordered forensic imaging to verify what was taken

Preservation notice language:

You are hereby instructed to preserve all evidence related to your access, use, and retention of [Company]'s confidential information and property, including:

  • All devices (computers, phones, tablets, USB drives) that may contain Company data;
  • All emails, text messages, and electronic communications;
  • All cloud storage accounts and file-sharing services;
  • All documents, files, and data in any format.

Do not delete, alter, or destroy any of these materials. Failure to preserve evidence may result in sanctions, including adverse inference instructions and spoliation penalties.

Essential Elements of Property Return Demand Letter
  1. Reference to contractual/policy obligations: Cite specific provisions requiring return of property
  2. Itemized list of property: Be specific—serial numbers, asset tags, descriptions
  3. Return logistics: Where to send, how to ship, who to contact, prepaid shipping label (if applicable)
  4. Deadline: Typically 5–10 business days
  5. Certification requirement: Include certification of deletion template to be signed and returned
  6. Consequences of non-compliance: Conversion claim, trade secret misappropriation, cost recovery, attorneys' fees
Sample Property Return Demand Letter

Dear [Former Employee/Contractor]:

As you are aware, your employment with [Company] ended on [date]. Pursuant to [Employment Agreement / Employee Handbook / IT Policy] Section [X], you are required to return all Company property immediately upon termination.

Our records indicate that you have not yet returned the following items:

Item Description / Serial Number Value
Laptop MacBook Pro 16", Serial: C02X12345678 $2,800
iPhone iPhone 14 Pro, IMEI: 123456789012345 $1,200
Access badge Badge #4521 $50
Total Value: $4,050

DEMANDS:

  1. Return all items listed above to [Company Address, Attn: [Contact Name]] by [specific date, typically 10 days from letter];
  2. Complete and return the attached Certification of Return and Deletion, confirming that you have deleted all Company data from personal devices and cloud storage; and
  3. Contact [IT Contact Name] at [email/phone] to arrange return logistics. We will provide a prepaid shipping label upon request.

CONSEQUENCES OF NON-COMPLIANCE:

If you fail to return the property by the deadline, [Company] will pursue all available legal remedies, including:

  • A claim for conversion and recovery of the fair market value of unreturned property ($[total value]);
  • Trade secret misappropriation claims for retained confidential data;
  • Withholding of final paycheck [if permitted by state law] to offset the value of unreturned property;
  • Attorneys' fees and costs; and
  • Referral to law enforcement if appropriate.

Please contact me immediately if you have any questions.

Sincerely,

[Sender Name / HR Director / Attorney]

⚠️ Final Paycheck Withholding: Check your state's law before threatening to withhold final paychecks. In California and many other states, you cannot withhold wages to offset unreturned property—you must pay final wages on time and pursue property recovery separately. Illegal withholding can trigger waiting-time penalties.
Tone: Cooperative vs. Aggressive
Approach When to Use Sample Language
Cooperative Amicable departure, valued former employee, likely just forgot "We know you've been busy with your transition. As a reminder, please return the following items at your earliest convenience..."
Firm but professional Standard departure, property not returned within reasonable time "Pursuant to your contractual obligations, you must return all Company property by [date]. Failure to do so will result in [consequences]."
Aggressive Termination for cause, suspected theft, unresponsive to initial requests "Your failure to return Company property constitutes conversion. We will pursue immediate legal action, including claims for damages, attorneys' fees, and potential criminal referral."
Balancing Preservation Rights and Employee Privacy

When requesting return or forensic imaging of devices, be mindful of privacy concerns:

Situation Privacy Concern Balanced Approach
Company-issued device (no personal use allowed) Minimal—employee had no expectation of privacy Demand immediate return; forensic imaging is permissible
Company device with incidental personal use Some personal data may exist (personal emails, photos) Offer neutral third-party imaging with filter protocols to exclude personal data
BYOD (personal device with company data) High—significant personal data commingled Cannot demand return of device; can only demand deletion of company data and certification
🔐 Acceptable Use Policies Matter: If your IT policy clearly states "no expectation of privacy" and "company may access, monitor, and image devices at any time," you have much stronger footing to demand imaging. Without such a policy, expect pushback.
Forensic Imaging Protocols

If litigation is likely and you need to verify data deletion:

  1. Propose neutral third-party forensic examiner: Mutually agreed upon expert who will image the device and apply search terms/filters
  2. Define search scope: Limit to company-related data (file names, email addresses, specific terms)
  3. Filter out personal data: Protocol for excluding personal emails, photos, medical records, attorney-client communications
  4. Privilege log: Employee can claim privilege over attorney communications or other protected materials
  5. Cost sharing: Negotiate who pays for forensic imaging (often split or employer bears cost)
Sample Forensic Imaging Proposal Language

To verify your compliance with the return and deletion obligations, we propose the following protocol:

  1. You will deliver the laptop to [Neutral Forensic Firm], a mutually agreed-upon third-party forensic examiner;
  2. The examiner will create a forensic image of the device and search for Company-related data using the following search terms: [list specific terms, file extensions, email domains];
  3. The examiner will filter out personal data unrelated to [Company] business, including personal emails (non-Company domains), personal photos, and privileged attorney communications;
  4. The examiner will provide a report to [Company] identifying any Company data found on the device, without disclosing your personal information;
  5. [Company] will bear the cost of the forensic examination.

This protocol protects your privacy while allowing us to verify compliance with your contractual obligations.

⚠️ Spoliation Sanctions: If the employee deletes data after you send a preservation notice, you can seek court sanctions for spoliation of evidence. This can include adverse inference instructions (jury is told to assume the deleted data was harmful to the employee's case) and monetary penalties.
Remote Wipe: When and How

If you have remote wipe capabilities (via MDM or "Find My" features), consider these factors:

Factor Consideration
Legal right to wipe Your IT policy should reserve right to remotely wipe company-issued devices
Preservation concern If you may need to prove data theft, wiping destroys evidence—consider imaging first
BYOD devices You can wipe corporate partition/apps, but cannot wipe entire personal device without consent
Notice to employee Best practice: notify employee before wiping to avoid claims of destruction of personal data
How I Can Help

I assist companies in recovering property and confidential data from former employees and contractors. I draft demand letters, coordinate forensic imaging, negotiate return protocols, and pursue litigation for conversion and trade secret misappropriation when necessary.

Services Offered
  • Property return demand letters: Comprehensive letters with itemized inventory, clear deadlines, and certification requirements
  • Data deletion certification protocols: Draft certification templates and follow-up procedures
  • Forensic imaging coordination: Negotiate neutral third-party imaging protocols that balance preservation and privacy
  • Preservation notices: Prevent spoliation when litigation is anticipated
  • Conversion and trade secret litigation: Pursue claims for unreturned property and retained confidential data
  • Policy review and drafting: Strengthen your IT policies, acceptable use policies, and exit procedures to prevent future disputes
My Approach
  1. Asset inventory review: I work with your IT and HR teams to create a complete inventory of what should be returned.
  2. Tailored demand letters: I draft letters calibrated to the relationship—cooperative for valued ex-employees, aggressive for bad actors.
  3. Privacy-conscious protocols: I propose forensic imaging and verification procedures that protect employee privacy while securing your rights.
  4. Rapid escalation readiness: If the employee ignores the demand, I'm prepared to file for injunctive relief and pursue conversion/misappropriation claims quickly.
  5. Policy improvement: I identify gaps in your current policies and help you implement stronger property return and exit procedures to prevent future issues.
📦 Former Employee Won't Return Company Property?

Contact me for a consultation. I'll draft a demand letter, coordinate return logistics, and if necessary, pursue legal action to recover your property and data.

Email: owner@terms.law
Frequently Asked Questions
In most states, no. California, for example, prohibits withholding final wages to offset unreturned property (Lab. Code § 221). You must pay final wages on time and pursue property recovery separately through demand letters or litigation. Check your state's wage payment laws before withholding.
If the loss or damage was due to negligence or intentional conduct, you can pursue a conversion or negligence claim for the fair market value of the property. However, if the loss was due to normal wear-and-tear or circumstances beyond their control, recovery may be limited. Your employment agreement may address responsibility for lost/damaged property.
You can wipe the corporate partition or company-managed apps if your MDM solution supports containerization. You cannot wipe the employee's entire personal device without their consent—doing so could expose you to liability for destruction of personal data. Always notify the employee before initiating a remote wipe.
Forensic imaging of devices (if you can access them), system logs showing downloads/emails before departure, third-party reports (clients saying the employee used your confidential info), and side-by-side comparison of your materials vs. the employee's new work product. In litigation, you can use discovery to compel production and forensic examination.
For conversion: fair market value of the property at the time of conversion. For trade secret misappropriation (retained confidential data): actual losses, unjust enrichment, and up to 2× damages for willful misconduct. You may also recover attorneys' fees if your contract or applicable statute permits.
If litigation is not anticipated: demand deletion to minimize ongoing risk. If litigation is likely or you need to prove data theft: send a preservation notice prohibiting deletion so you can later seek forensic imaging. You cannot do both—choose based on whether you prioritize risk mitigation or evidence preservation.