Survey after survey has shown that company insiders, such as employees or vendors, can pose a significant risk to a company’s ability to protect its trade secrets—whether the insider acts with or without malicious intent—the question for many companies becomes: what should I do to minimize this risk?
The short answer is a company can best protect itself and its valuable secrets by focusing on two separate but interrelated goals: (1) minimizing the chance that trade secret theft occurs and (2) maximizing the company’s ability to obtain legal remedies when theft occurs. Below is a high-level overview of some best practices for achieving these goals.
Best practices before theft occurs
- Identify, at a high-level, the types and locations of the company’s trade secrets, and then limit access on a need-to-know basis
- Draft precise policies regarding confidentiality and trade secrets, and train employees using practical examples of how they interact with and must protect those secrets
- Ensure the company is using enforceable and clear agreements that put employees on notice of their obligations
- Implement ways to catch theft, such as using data loss prevention software that throws an alert when a large amount of data is downloaded
- Prepare a response protocol that includes all relevant entities (e.g. legal, HR, and IT) and addresses proper preservation of evidence
- Consistently utilize sufficient exit protocols, which can include an exit interview, re-certification of the employee’s confidentiality obligations, and ensuring all company devices and documents are promptly collected
- Share information with third-parties (e.g. vendors, suppliers, manufacturers) in a secure manner that limits the ability to further disseminate or indefinitely download the information
Best practices After theft is suspected
- Broadly preserve evidence, thinking beyond just computers and emails to other sources such as instant messages, USB devices, keycard logs, and printer logs
- Maintain and document the chain of custody for collecting electronic devices and store the devices in a secure location
- Make a forensic, bit-for-bit image of a device before conducting any review
- Consider a referral to law enforcement, which has valuable investigative tools that can allow the company to secure and prevent further dissemination of its information
- Be careful to maintain privilege, such as by limiting to whom within the company information is shared and marking work product
- Take steps to promptly contain the issue, including sending cease and desist and/or preservation notices
In addition to the above, companies must not forget about the flip side of the coin: preventing new employees from injecting trade secrets from their former employer into the company. Indeed, even companies who are very mature in how they protect their own trade secrets sometimes neglect this issue, opening themselves up to being the defendant in a costly trade secret lawsuit. Companies can minimize this risk by taking steps ranging from training interviewers so they do not ask questions that could be perceived as inquiring about trade secrets, to requiring new employees to attest they are not bringing and will not use a former employer’s trade secrets, to requiring high-risk employees to consent to a forensic review of their personal devices.
trade secrets course collaboration available now
True Office Learning has partnered with Winston Strawn LLC to produce an adaptive, data-rich course on Trade Secrets that is available now. We recently hosted a webinar on the subject, click here to request the webinar deck and a demo of the course.