The Covid-19 pandemic has caused massive disruption of business and work processes for nearly every sector of our economy. Many of these changes are likely to continue for the foreseeable future. This disruption creates significant risk for the protection of a company’s trade secrets and confidential business information on a scale not previously experienced, and it should compel companies to have an enhanced focus on trade secret protection. This alert describes steps that companies should take to protect themselves in this new and fraught business environment.
There are two primary risks to trade secrets that arise from the pandemic’s disruption of the economy. First, work from home (WFH) and conducting business from outside the office have become the new normal for most companies. Even as the pandemic subsides and businesses reopen, many WFH practices will become part of business as usual going forward, and companies need to address the implications for protection of trade secrets. Second, companies have had to furlough or lay off huge numbers of workers in a very short time, resulting in great fluidity in the labor market. Separated employees may feel great economic temptation to use or disclose confidential information of their former employer to pursue their own business interests or to make themselves valuable to a competitor. And it is likely that voluntary departures will increase after the economy opens up again.
It is crucial that companies take appropriate action to protect their trade secrets during this period of heightened risk. Indeed, failure to take reasonable steps to maintain secrecy in the new environment could result in the loss of trade secret rights. We recommend that companies focus in four areas: (1) IT infrastructure and security, (2) enhanced training and policy protections for employees, (3) enhanced monitoring and protections with business partners, and (4) advance preparation for disputes by having outside counsel ready to act if necessary.
- IT INFRASTRUCTURE AND SECURITY
The necessity of WFH presents obvious risks for misappropriation of trade secrets and confidential information. Workers may have to access the company’s sensitive information and data through less secure infrastructure. They are handling that information and data outside of an office environment and thus beyond the view of supervisors and co-workers, where misappropriation can be easier to do without detection. Some best practices to enhance security in the WFH environment are:
- Make sure all employees who need to handle sensitive information have a secure IT infrastructure through which to access company networks. The company should require employees to access data in the company’s system through a virtual private network that provides enhanced security protection.
- Establish multi-factor authentication for logging into company networks and email.
- For businesses that require team or group conferences, provide a secure video-conferencing platform. Companies must strike the appropriate balance between ease of use and confidentiality, so companies should verify the security protections of third-party platforms.
- Limit access to key networks or files only to those employees who truly have a need to know or use those materials.
- Restrict the use of portable storage devices like flash drives to the greatest extent practical to run the business. Many companies prevent the use of flash drives with company computers.
- Monitor access to sensitive company systems or data. Often this only happens after a key employee has left, but in the WFH environment companies should monitor access and downloads of sensitive information on a regular basis.
- For terminated and furloughed employees, immediately disable access to company networks and retrieve any company-issued hardware. It is surprising how often this step is not taken immediately which gives the former employee a window for misappropriation.
2. ENHANCED TRAINING AND POLICY PROTECTIONS
Having appropriate trade secret protection policies and agreements in place along with rigorous, repeated training for employees has always been important. It is even more important in the current environment. Here are things to keep in mind:
- Review employment agreements with key employees and make sure they are executed and up to date.
- Remind employees of the company’s confidential information policies, computer use policies, and handbook provisions that deal with use and protection of confidential information. During the WFH period, companies should transmit regular reminders from HR or team leaders of these policies and requirements.
- Take even greater care to mark and track the dissemination of confidential or commercially sensitive documents and files. Where appropriate, grant access only for a limited period of time. Instruct employees to permanently delete copies of files when they are superseded or no longer needed.
- Conduct exit interviews with departing employees and document those discussions. Although this is logistically harder in a WFH environment, an exit interview is critical to confirm the return of company devices and materials, provide the employee with copies of agreements and other documents evidencing post-employment obligations, and learn about the employee’s future plans if applicable.
3. ENHANCED MONITORING AND PROTECTIONS WITH BUSINESS PARTNERS
If your employees are working remotely, it’s likely that the employees of businesses with which you are sharing confidential information are doing so as well. Just as your company’s trade secrets are more at risk in this WFH environment from misappropriation by your employees and former employees, so too with employees of your business partners. Best practices for dealing with business partners track those for a company’s own employees.
- Review NDAs to make sure they include appropriate provisions to protect against improper use and disclosure in a WFH situation. Any new requirements your company is imposing on its own employees should be considered for your B2B relationships as well. Companies should consider amending NDAs as necessary to ensure appropriate protections.
- Take extra care in tracking and limiting access where possible to the confidential information your company discloses. Insist that the other party keep records of its dissemination and retrieval of your confidential information.
- Be vigilant about compliance with return and deletion protocols when the project ends or the confidential information is no longer necessary.
4. ADVANCE PREPARATIONS – HAVE OUTSIDE COUNSEL READY TO ACT WHEN NECESSARY
The final step in the trade secret protection program is to be ready to act when necessary to protect the company’s rights and address misappropriation. Time is of the essence in most trade secret disputes, as the nature of trade secret rights requires a company to act quickly to protect its competitive advantage and to prevent loss of the secret through public disclosure. To do this, a company should have its outside legal team on board and ready to go before an emergency arises. Preparation the company and its outside counsel can do beforehand include:
- Form demand letters - a cease and desist letter for a departed employee, and a notice letter for a new employer.
- Template affidavits for company representatives to establish the competitive value of the primary trade secrets, including development efforts, development costs, how the information or technology differs from what is otherwise generally known, commercial value to the business, and how a competitor could use the information to gain a competitive advantage against the company.
- Legal argument sections for an injunction brief setting out the standards to obtain temporary injunctive relief (particularly the requirements to show irreparable harm), statutory or case law establishing the enforceability of restrictive covenants in the company’s employment agreements, and any other commonly arising legal issue in the applicable jurisdiction.
- Draft injunction orders for various levels of emergency relief.
- Establish a relationship with a trusted, experienced forensic ESI vendor who can be available on short notice to perform forensic imaging and analysis to show the electronic trail of the wrongdoer.
The Covid-19 pandemic has created numerous problems and challenges for businesses. The threat of trade secret misappropriation in this environment might not be an obvious risk, but it is an important one. Opportunities and incentives for misappropriation are great. Companies should pay attention and take extra precautions to protect their information-based assets during this disruptive time.
Click here to learn more about the Intellectual Property & Restrictive Covenants practice group.