Are Your Secrets Safe?

Jason T. Murata , John M. Tanski , Brooke J. Oppenheimer


June 1, 2014

RM0614_ff.secretsYour doors are locked. Your security system is on. Your firewall is up. Even your smartphone and tablet have security access codes. But, like many business owners, your most valuable assets may have already left the building.

Companies have traditionally gone to great lengths to protect their machinery, equipment and business strategies. Most have also come a long way in safeguarding electronic data, especially after recent high-profile hacking incidents. But often the heart of a business's success is the intellectual property that resides in the minds of its employees. In fact, experts estimate that these intangible assets make up as much as 85% of a company's value.

The greatest risk of trade secret disclosure is not hacking, corporate espionage or even reverse engineering by a competitor. Instead, former trusted insiders-departing and departed employees or ex-business partners-are the cause of 90% of trade secret lawsuits. In a recent study, half of departing employees admitted to taking confidential information from their former employer.

Many businesses rely heavily on trade secrets to serve clients and deliver value to investors, but do not have adequate intellectual property protection measures in place. Here are five tips to better protect your company's intellectual property:

Identify your assets. Trade secrets come in many forms, including formulas, processes, business strategies and even customer lists. Almost any type of information can qualify if it has competitive value to your company, has been maintained as a secret and has been reasonably protected.

Clearly defining a trade secret is an essential part of protection. Identifying and documenting your intellectual property in advance will help prove your case in any dispute. Therefore, keep documents indicating what your trade secrets are, how you developed them, how you protected them and what competitive value they have to your business by virtue of their exclusivity.

Establish protocols. If you ever end up in a trade secret lawsuit, you will need to show that reasonable measures were adopted to protect intellectual property. A written policy will be an important part of that case. The policy should cover documents and filing systems, physical facilities, computer systems, email and mobile devices. It should also set out the circumstances under which employees, vendors, contractors and visitors are able to access the physical and virtual areas in which trade secrets are stored.

Creating a policy that protects your assets without unduly interfering with day-to-day operations can be a challenge. A policy that is too onerous will look great until the court hears that employees have ignored it in order to do their jobs efficiently. But many security measures-from keycard access for sensitive areas of a building, to limiting information on a need-to-know basis, to complex computer passwords and robust spam and virus protection-can be implemented with relatively little cost or disruption.

Educate your employees. Most companies require employees to periodically sign a form agreeing that they have read and will follow company policies. That is a good practice, but it should not be the end of your efforts to educate employees about IP protection.

Employees, new and old, junior and executive, should all be trained about what the company's IP protection policy is, why it is important and how it applies to their particular responsibilities. And, like any good education program, there must be ongoing efforts to remind employees about the existing policy and update them on any amendments.

Employees also need to understand that the company's policy is to respect the IP rights of others. An employee who acts honorably with someone else's confidential information can save your company from the cost, distraction and negative publicity that follows an accusation of trade secret misappropriation. There is also value in creating a culture of respect for IP rights so that, when employees leave, they will be less inclined to misuse the trade secrets entrusted to them.

Monitor compliance. Once an IP protection policy is in place, make sure employees follow it. Conduct routine audits, and document the results. These audits will show that your IP protection policy is more than just words-you have taken steps to ensure policy implementation and compliance.

Audits can also show problem areas to correct before you end up in a dispute. Audits should therefore include interviews of staff members and business partners about the ease or practicality of the policy and might reveal some good ideas about how to improve IP protection or increase policy adherence.

Enforce your policy. Enforcing an IP protection policy requires three things. First, employees who do not follow the policy need to be reminded, retrained or relieved of their duties depending on the severity of their behavior.

Second, a departing employee and the new employer should be given a documented notice of confidentiality and/or non-compete obligations. Watch for unusual behavior, such as excessive file downloading or entering the building at odd hours. Make sure the exit interview includes an inventory of company property, along with confirmation that any data stored on personal devices has been deleted. And remind departing employees that their obligations also extend to the trade secrets in their heads.

Third, if you suspect that a former employee has improperly used or disclosed your assets, take action immediately. Waiting can harm your legal position, making it harder to get a court order and halt further use and disclosure during a lawsuit. What's more, if other employees see that you have done nothing, they might also be less inclined to take the policy seriously.
Jason T. Murata is counsel with Axinn, Veltrop & Harkrider.
John M. Tanski is an associate with Axinn, Veltrop & Harkrider.
Brooke J. Oppenheimer is an eDiscovery attorney with Axinn, Veltrop & Harkrider.