Today’s labor force is more mobile and willing to move between organizations than in the past. Rare is the employee who stays with one employer over the course of a career. Some observers see a post-Covid “Turnover Tsunami” on the horizon.
With such mobility comes administrative and financial headaches, especially when departing employees help themselves to company trade secrets and other confidential information on the way out the door. Companies need to take a multi-pronged approach to protection of it trade secrets and confidential information. The steps the organization takes on the front end will impact the legal remedies available after the employee has left the organization with trade secrets or other confidential information in tow.
Step 1 – Define Trade Secrets
The first step in a company’s trade secrets and confidential information protection plan is to the define and identify what the company deems to be trade secrets and confidential information. It is important to note that trade secrets are not and should not be treated as synonymous with a company’s confidential information. Although trade secrets certainly are confidential, they are defined and protected by statute. Confidential information, however, is defined by contract or company policy, and its defined scope may be broader than the more narrow statutory definition of trade secret. Conflating the terms is a common mistake, but one that could leave an employer with less than adequate remedies for misappropriation or misuse of its trade secrets.
Trade secrets are protected under both federal and state law. Under federal law, misappropriation of certain trade secrets is a crime and has been since 1996. In 2016, Congress amended that law by enacting the Defend Trade Secrets Act (DTSA) which provides an owner of trade secrets certain civil remedies as well, enforceable in federal court.
Trade secrets also are protected in almost every state under the state’s version of the Uniform Trade Secrets Act (UTSA). The UTSA is a model statute that was created in 1979 by a legal nonprofit organization, the Uniform Law Commission (ULC). (Avisen Shareholder Kimberly Lowe currently is a member of the ULC’s Legislative Committee.) The purpose of the UTSA was to facilitate interstate commerce and cooperation among the states by providing them with a uniform and consistent enforcement mechanism for the protection of trade secret information. At this time, the UTSA or a variation of the UTSA is the law in 47 states.
The DTSA and the UTSA define a trade secret as information, including a formula, pattern, compilation, program, device, method, technique, or process that:
- derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use; and
- is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
Although this is a somewhat vague definition, court decisions have developed a body of case law that helps define what is and what is not a trade secret. For example, a company’s basic customer list generally will not be protected as a trade secret because the names and contact information of businesses or consumers is publicly available information. Although the list itself can be protected by contract as confidential information, it usually will not enjoy the greater protections provided under DTSA and the USTA.
Every business should thoughtfully decide what information it has that meets the definition of trade secret and take steps to protect it. If there is additional confidential information that requires protection, steps can be taken to protect that information as well.
Step 2 – Document Restrictions on Access to, Use and Dissemination of Trade Secrets and Confidential Information
Every business has some confidential information. Unfortunately, not all businesses have policies governing and limiting employee access to and use of such information. This is where many organizations can run into trouble when a departing employee takes confidential information with them.
The first step for an employer to take is to conduct an evaluation of the informational assets of the organization and classify the information as trade secret, confidential or unprotected. This will help to determine what types of policies need to be put into place to protect the information and preserve legal remedies should a policy be violated. See Time for a Trade Secret Check-Up.
Information can be divided into many different types of categories depending upon the organization. For each category, the business should also include a list of those employees authorized to access the information and under what circumstances. Not only will this provide employees with clear guidance as to the proper use and access to information, it will also help a company prove elements of a claim should the employee access information without authorization or take information to which they were not authorized.
If the company has a Bring Your Own Device Policy, it should have a procedure in place to wipe its data from the employee’s device upon termination. The employee should sign an acknowledgment prior to any employer data being stored on the employee’s device. The company may need to confer with IT department or vendor to determine whether the entire device would need to be wiped or if employer data can be walled off from the employee’s personal data and wiped remotely. This will assist counsel with drafting the policy and the required acknowledgments.
To comply with the notice provision of the DTSA, an employer should implement a reporting policy for suspected violations of law. This policy or a reference to the policy should be included in all contracts or agreements with employees to ensure compliance and preserve the right to exemplary damages and attorneys’ fees in the event of a successful claim under the DTSA. (18 U.S.C. 1836)
Employers should ensure that employees with access to trade secret and other confidential employer information sign confidentiality or non-disclosure agreements (NDAs). NDAs can be joined with or incorporated into a non-compete and non-solicitation agreement as well. The NDA should include limitations on the employee’s use of trade secrets and other confidential information as well as any legal rights an employer may have should the employee disclose or use the confidential information for personal gain or for the gain of third parties.
Employers should have experienced counsel draft these agreements as they must be carefully drafted based upon the state in which they are going to be enforced.
Assessing a Breach
If an employer has undertaken the steps above, it will be better prepared to assess a breach when it occurs. The first step in assessing the breach would be to work with the IT department or vendor to determine the type of information taken and how the information was accessed. This will be critical in determining the legal remedies available to the employer to prevent the employee from using the information or to arrange the return of the information.
As an employer, if you do not have these policies and agreements in place, it would be beneficial to contact an experienced attorney to begin the process of classifying your information and identifying the appropriate policies and procedures to put in place to protect your trade secrets and confidential information. Experienced counsel will also be able to assist with drafting appropriate NDAs and related agreements to protect your company’s intangible assets.