How’s this for a nightmare scenario: You get a call from the company’s Chief Operating Officer informing you that Ms. Smith is leaving the company to go to work for a competitor. You’re told she has knowledge and copies of many confidential projects and strategies, including key marketing strategy presentations. The COO wants to know what can be done to protect the company. You tell him not to worry because Ms. Smith signed a confidentiality agreement when she joined the company and therefore everything will be fine. A few days later you need to go back to the COO and tell him everything might not be fine regarding Ms. Smith and, in fact, according to outside counsel, the company has likely failed to do a number of things necessary to protect some of its trade secrets, meaning there may be little that can be done to stop Ms. Smith from divulging those items to her new employer – your competitor.
Pretty awful, right? But, this is exactly the scenario you can find yourself in if the company and the legal department have not been on top of how to best secure trade secrets. Failing to have the right agreements, policies, training, and plans in place could mean a very rough day in the office. While there is never any 100% guarantee, there are a number of things you can do as in-house counsel to increase the company’s ability to protect itself. This edition of Ten Things will set out some practical tips for you to put together an action plan to help ensure your trade secrets protection program works:
- What is a trade secret? Your bosses probably think everything the company does is a trade secret. Unfortunately, that is not the case. A trade secret is typically a) something not generally known to the public; b) where reasonable efforts are made to keep it confidential; and c) confers some type of economic value to the holder by the information not being known by another party. What exactly constitutes a trade secret can vary by state (in the US) or by country. A good shorthand for what constitutes a trade secret is: Any information you would not want your competitors to have. For an excellent discussion of what is (or is not) a trade secret see Thad Felton’s “What is a Trade Secret.” Some examples of likely trade secrets include new business models, customer and supplier information (especially around price), marketing strategy, processes and formulae, and other confidential business information.
- Keep it secret – every day. Even if you have plans or processes or formulae that you don’t want your competitors to have, if the company doesn’t take appropriate steps to keep that information confidential it can lose the ability to claim such items are trade secrets. In the example above, if the company has handed out copies of its future marketing plans to customers without any type of non-disclosure agreement in place or failing to label the plans as “confidential” there may not be any way to keep Ms. Smith from handing those plans over to her new employer. Courts will generally look at the following factors to determine if something is a trade secret: a) extent to which the information is known outside of the company, b) the measures taken to guard the secrecy of the information, c) the value of the information to competitors, d) the extent to which the information is known throughout the company’s employee base and others involved in the business, e) money or effort spent by the company to develop the information and how easy would it be for others to duplicate the information.
- Catalog your trade secrets. The first thing to do is to inventory all of the company’s trade secrets. This does not mean a list of patents or trademarks. While such assets are protected by law, they are publicly disclosed and therefore not confidential. You should interview key company employees and executives around what they believe are trade secrets (you should also talk with your in-house legal team as they will have input as well) and match that against the definition above. By creating an inventory of what is considered a trade secret you can a) identify what steps are needed to keep those specific items confidential and protected, and b) be clear with the business what items are not considered trade secrets (i.e., set expectations so there are fewer painful discussions about what the COO thought was a trade secret vs. what actually is a trade secret). For a great discussion around how to inventory trade secrets, the economic impact of theft, and likely threats, see the 2014 PwC report entitled “Economic Impact of Trade Secret Theft.”
- Have the right agreements in place. Core to any strategy to maintain trade secrets is ensuring you have several key agreements in place and that you regularly review and update those documents as circumstances warrant. First, courts will want to see such agreements in place as part of its analysis of whether the company took the proper steps to maintain confidentiality. Second, provisions drafted 10 years ago probably do not cover new situations and circumstances such as social media or smartphones. Now is a good time to review and refresh your contractual protections (and don’t forget to consider having the agreements available in foreign languages to increase your ability to enforce the provisions outside your home country). The core agreements include: a) non-compete agreements (to prevent key employees from working for a competitor), b) non-solicitation agreements (to prevent former employees from cherry-picking company employees with offers of a new job), c) non-disclosure/confidentiality agreements (both internal and for use with third parties), and d) Work From Home or telecommuting agreements (ensuring the employee is aware of expectations around confidentiality when they work remotely). In the example above, if the company has a valid non-compete in place, it is unlikely Ms. Smith is heading out the door to work for a competitor in the first place.
As you review your existing agreements or create new ones, keep in mind that the enforceability of these types of agreements (especially non-competes) can vary wildly depending on the jurisdiction. You can try a “one-size-fits-all” approach but you should not take comfort that an agreement that is, for example, perfectly enforceable in Texas will be enforceable in North Dakota (which prohibits most non-competes) or in Latin America, Europe, etc. It would be wise to spend a few dollars with outside counsel as part of the update process to best ensure that each of the agreements you are putting in place is state of the art and is enforceable in the most locations/jurisdictions you care most about.
- Have the right policies in place. The next step is to ensure that you have the right policies in place to educate employees and prevent leaks of your trade secrets and to best ensure you can convince a court that the company was taking the right steps to keep its trade secrets “secret”. Proper policies should include discussions about:
- Proper marking of documents and materials deemed confidential.
- Social media (e.g., what employees should not discuss the company’s plans on social media).
- Limiting disclosures to those with a “need to know.”
- Visitors to the office (including the need for escorts and sign-in agreements whereby the visitor acknowledges obligations around confidentiality).
- “Clean Desk” policies and policies around proper storage/disposal of confidential material.
- Password and information security (including the potential disabling of USB ports).
- The removal of confidential information from the premises.
- Security cameras and building access control.
- Work From Home (including use of VPN networks, firewalls, passwords, etc.).
- Email use/use of company computers (and companies’ right of access to all emails).
- Bring Your Own Device procedures and requirements around the security of information (including smartphones).
- Procedures for providing confidential information to third parties (including the need for an NDA).
- Procedures around On-boarding/Off-boarding employees.
This is another area with spending money with outside counsel regarding your company’s policies would be a worthwhile investment.
- Training. It’s one thing to have the right agreements and policies in place, but if your employees are not taught how to protect trade secrets nor regularly reminded about protecting company secrets, you may not be taking the steps necessary to convince a court that you are investing enough to protect your trade secrets. Putting in place a comprehensive training program around confidentiality, information security, and trade secrets will go far in convincing a court that your company is serious about its confidential information. The best training will include examples that of things your company believes are trade secrets. Training should be conducted for all new hires and yearly for other employees. You can conduct most training via an online program. Better yet, add several live training events every year (including webcasts) where members of the legal department discuss trade secrets and confidentiality directly with employees. There are a number of third-party vendors who can help you set up an online training program. Likewise, regular company-wide email reminders from the legal department about trade secrets and confidentiality will be helpful as well (and be sure to require that employees acknowledge they got the message and understand its contents). You and your team should be on the lookout for potential problem areas, including giving reminders – gentle at first – to colleagues who trip up (e.g., forget to mark confidential documents properly). View these as teaching moments and an opportunity to provide additional value to the company. Your ultimate goal should be to develop a strong company-wide culture around confidentiality and protecting trade secrets.
- Mark confidential documents as “Confidential.” One of the easiest ways to help ensure that confidential documents and materials will be treated as such is to develop a process whereby employees clearly mark such materials as “Confidential” or “Contains Trade Secrets” or some other moniker that will make it absolutely clear that the materials should be treated as a trade secret and extra care is needed in terms of distribution and storage of these materials. Similarly, if there are meetings where confidential information is going to be discussed, a reminder at the beginning of the meeting about the nature of the information is helpful, along with picking up and properly disposing of any confidential materials handed out at the meeting (assuming they are not otherwise needed by the attendees).
- Warning signs. Managers, legal, HR, and others should receive basic training on “red flags” to look for in terms of determining whether an employee (or visitor) is a risk to take or disclose company trade secrets. Unhappy employees are among the biggest risks. For example, employees who have received layoff notices, were passed-over for promotion, refuse exit interviews, or are required to follow a PIP (performance improvement plan) may warrant closer observation. You should prepare a checklist of things to look for. The FBI has produced a helpful publication on this topic called Insider Threat: An Introduction to Detecting And Deterring An Insider Spy. Here are some of the warning signs the FBI notes are warning signs with respect to an employee possibly stealing secrets from the company:
- Without need or authorization, takes proprietary or other material home via documents, thumb drives, computer disks, or e-mail. Inappropriately seeks or obtains proprietary or classified information on subjects not related to their work duties.
- Interest in matters outside the scope of their duties, particularly those of interest to foreign entities or business competitors.
- Unnecessarily copies material, especially if it is proprietary or classified.
- Disregards company computer policies on installing personal software or hardware, accessing restricted websites, conducting unauthorized searches, or downloading confidential information.
- Works odd hours without authorization; notable enthusiasm for overtime work, weekend work, or unusual schedules when clandestine activities could be more easily conducted.
- Unreported foreign contacts (particularly with foreign government officials or intelligence officials) or unreported overseas travel.
- Short trips to foreign countries for unexplained or strange reasons. Unexplained affluence; buys things that they cannot afford on their household income.
- Engages in suspicious personal contacts, such as with competitors, business partners, or other unauthorized individuals.
- Overwhelmed by life crises or career disappointments.
- Concern that they are being investigated; leaves traps to detect searches of their work area or home; searches for listening devices or cameras.
- Exit interviews. It is very important to have a proper exit interview process in place as departing employees constitute one of your biggest risks in the area of trade secrets. You should work with the HR team to develop a checklist that ensures the following:
- Departing employees receive a copy of any confidentiality agreement, non-compete, non-solicitation agreement, etc. that they signed during their employment with the company along with the company’s trade secret policy. The employee should sign a document acknowledging any ongoing obligations.
- Reminders about the obligations of the employee around trade secrets and confidentiality post-employment.
- Determining whether an employee has any company information at home (hard copy or soft) or stored on any cloud system.
- Determining whether the employee is going to work at a competitor and plans on engaging in any competitive activity (if so, that should trigger several additional steps, e.g., non-compete enforcement). If you know the employee is going to work at a competitor (and there is no non-compete in place), you should consider a short, non-hostile business letter to the competitor’s legal and HR departments explaining that the departing employee has confidentiality obligations and you expect their help in ensuring the employee honors those obligations and will take steps to ensure the employee does not breach any obligations owed to your company in their new job. Most companies will respect such a letter and take steps to ensure compliance
- Employee surrenders all company property including smartphone, laptop, documents, files, materials, etc. (and signs an acknowledgment that he/she has returned all such items and has not kept copies or provided copies to anyone).
- Termination (asap) of all passwords, access to information systems/email, identification badge/access to buildings, parking cards, etc.
- If there is reason to suspect the employee is a risk of potential misappropriation of company trade secrets, a search of his/her email, hard-drive, computer files, voice mail, for any improper activity.
- Have a plan. You have your new agreements, state of the art policies, and a well-trained workforce but it’s all for naught unless you have a plan for what to do when your trade secrets are threatened. Here are some things to consider to plan for when trouble hits:
- A strong relationship with HR, Information Security, and Internal Audit are very helpful. Legal should work in concert with these other groups to ensure plenty of communication in the event they see, feel, or hear of trouble (e.g., via an exit interview, investigation, or “water cooler talk”). Getting this group together in advance to map out in writing what to do and how everyone will work together if there is a trade secrets breach is job one.
- Have your outside counsel advisors lined up in advance. Know who you will call in the event you need immediate legal action (e.g., a TRO) or advice. Ideally, it will be a firm you have already partnered with in terms of preparing and updating the agreements and policies discussed above. Don’t forget counsel in foreign countries.
- Have a good system in place to gather necessary agreements signed by the breaching employee, applicable policies, etc. Counsel will need this for numerous reasons.
- Work out in advance with Information Security who to call to terminate system access, revoke passwords, and building access. Also, know who to speak with if you need to preserve hard drives or have email searched. Time will likely be of the essence in the event of a trade secret breach. Be sure to have back up numbers.
- Think through your potential legal claims (especially by what is available by geography) so when you are asked “what can we do”, you have some parameters you’ve already investigated. This doesn’t mean they will all be available as you gather the facts, but it will be a lot better than saying “we’ll need to look into that and get back to you” given that management will be somewhat frantic if they think trade secrets are walking out the door. Potential claims include: breach of trade secrets statute/law or unfair competition law (e.g., the Lanham Act or the Uniform Trade Secrets Act – which has been adopted by 46 states in the US), misappropriation of trade secrets (tort), breach of contract, breach of fiduciary duty, tortious interference with business relations, unjust enrichment, inevitable disclosure (which is losing steam as a valid claim), criminal claims, etc. You should have a good idea of your options in your principal business locations.
- Be ready to contact the party that received your confidential information and ask that your trade secrets be returned immediately and/or destroyed, along with an acknowledgment that they have done so. This can be especially effective if the disclosure is inadvertent.
- Know who to contact at local law enforcement and the FBI in the event of a computer crime or theft of trade secrets.
- Revisit your trade secret program at least once a year and update as necessary.
Being prepared for a trade secret breach should be one of your key goals for the year. Prevention is key because once a trade secret is revealed, it may be too late to undo the harm. If you or your team haven’t thought about this issue in a while, now is the perfect time to dust things off. This is a tricky area of the law, so experienced outside counsel can add a lot of value to your efforts.
March 19, 2015
(If you find this blog useful, please pass along to colleagues or friends and/or “Tweet” it. “Ten Things” is not legal advice or legal opinion. It is intended to provide practical tips and references to the busy in-house practitioner and other readers. You can find this blog and all past posts at http://www.TenThings.net or www.sterlingmiller2014.wordpress.com. You can follow me on Twitter: @10ThingsLegal)
Useful checklist -thanks!