Ten Things: Trade Secrets and Protecting Your Company

 By Sterling Miller

Sterling Miller has more than 20 years of in-house legal experience as General Counsel, Corporate Secretary, and Chief Compliance Officer of Sabre Corporation and Travelocity.com. He currently is Senior Counsel to Gober Hilgers and writes the Ten Things You Need to Know as In-House Counsel blog.

How’s this for an in-house counsel’s nightmare? Your Chief Operating Officer informs you that Ms. Smith is leaving the company to work for a competitor, taking with her knowledge and copies of many confidential projects and strategies, including key marketing strategy presentations. You tell the COO not to worry because Ms. Smith signed a confidentiality agreement. Then outside counsel alerts you that the company’s failure to do a number of things necessary to protect some of its trade secrets may mean you cannot prevent Ms. Smith from divulging those items to her new employer—your competitor.

Pretty rough day at the office, right? You can find yourself in this exact scenario if the company and legal department failed to have the right agreements, policies, training and plans in place. While there is never a 100% guarantee, in-house counsel can do a number of things to increase the company’s ability to protect itself. The following practical tips help ensure your protection program works.

Know what a trade secret is. Your bosses probably think everything the company does is a trade secret. Unfortunately, that is not the case. The definition can vary by state (in the U.S.) or by country. Good shorthand for what constitutes a trade secret is: Any information you would not want your competitors to have. For an excellent discussion of what is (or is not) a trade secret, see Thad Felton’s “What is a Trade Secret?” Some examples of likely trade secrets include new business models, customer and supplier information (especially around price), marketing strategy, processes and formula, and other confidential business information.

Keep it secret—every day. If the company doesn’t take appropriate steps to keep information confidential it can lose the ability to claim such items are trade secrets. In the example above, if the company handed out copies of its future marketing plans to customers without any type of non-disclosure agreement in place or failed to label the plans as “confidential,” there may not be any way to keep Ms. Smith from handing those plans over to her new employer. Courts generally look at:

• ·       The extent to which the information is known outside of the company
• ·       The measures taken to guard the secrecy of the information
• ·       The value of the information to competitors
• ·       The extent to which the information is known throughout the company’s employee base and others involved in the business
• ·       Money or effort spent by the company to develop the information and how easy it would be for others to duplicate the information. 

Catalogue your trade secrets. You need an inventory of all of the company’s trade secrets, excluding patents or trademarks, which are already protected by law and are publicly disclosed and therefore not confidential. Interview key company employees and executives and your in-house legal team. Compare what is on their lists of trade secrets against the definition above. An inventory helps you identify what steps are needed to keep those specific items confidential and protected and be clear with the business what items are not considered trade secrets (i.e., set expectations so there are fewer painful discussions about what the COO thought was a trade secret vs. what actually is a trade secret). For a great discussion of how to inventory trade secrets, economic impact of theft and likely threats, see the 2014 PwC report “Economic Impact of Trade Secret Theft.”

Have the right agreements in place. Core to any protection strategy is ensuring several key agreements are in place and regularly reviewed and updated. First, courts want to see such agreements in place when analyzing whether the company took the proper steps to maintain confidentiality. Second, provisions drafted 10 years ago probably do not cover new situations and circumstances, such as social media or smartphones. Now is a good time to review and refresh your contractual protections (and don’t forget to consider having the agreements available in foreign languages to increase your ability to enforce the provisions outside your home country). Core agreements include:

• ·       Non-compete agreements—to prevent key employees from working for a competitor
• ·       Non-solicitation agreements—to prevent former employees from cherry picking company employees with offers of a new job
• ·       Non-disclosure/confidentiality agreements—both internal and for use with third parties
• ·       Work-from-home or telecommuting agreements—ensuring the employee is aware of expectations around confidentiality when they work remotely

In the example above, if the company has a valid non-compete in place, it is unlikely Ms. Smith is heading out the door to work for a competitor in the first place.

As you review or create agreements, keep in mind that their enforceability (especially non-competes) can vary wildly depending on the jurisdiction. Do not take comfort in a “one-size-fits-all” approach. Spend a few dollars for outside counsel to participate in the update process to best ensure that each agreement is state of the art and is enforceable in the locations/jurisdictions you care most about.

Have the right policies in place. The next step is to ensure your policies educate employees and prevent trade-secret leaks and to ensure you can convince a court that the company took the right steps to keep its trade secrets “secret.” Policies should include discussions about:

• ·       Proper marking of documents and materials deemed confidential
• ·       Social media (e.g., what employees should not discuss about the company’s plans on social media)
• ·       Limiting disclosures to those with a “need to know ”
• ·       Visitors to the office (including the need for escorts and sign-in agreements whereby the visitor acknowledges obligations around confidentiality)
• ·       “Clean Desk” policies and policies around proper storage/disposal of confidential material
• ·       Password and information security (including the potential disabling of USB ports)
• ·       Removal of confidential information from the premises
• ·       Security cameras and building access control
• ·       Work from Home (including use of VPN networks, firewalls, passwords, etc.)
• ·       Email use/use of company computers (and companies’ right of access to all emails)
• ·       Bring Your Own Device procedures and requirements around security of information (including smartphones)
• ·       Procedures for providing confidential information to third parties (including need for an NDA)
• ·       Procedures around On-boarding/Off-boarding employees

This is another area where spending money on outside counsel is a worthwhile investment.

Conduct training. It’s one thing to have the right agreements and policies in place, but if your employees are not taught nor regularly reminded how to protect trade secrets, a court may not be convinced that you are investing enough to protect them. The best training includes examples of things your company believes are trade secrets. Training should be conducted for all new hires and yearly for other employees. You can conduct most training via an online program. Better yet, add several live training events every year (including webcasts) where members of the legal department discuss trade secrets and confidentiality directly with employees. A number of third-party vendors can help set up an online training program. Likewise, regular company-wide email reminders from the legal department about trade secrets and confidentiality will be helpful. Be sure to require that employees acknowledge they received the message and understand its contents. You and your team should be on the lookout for potential problem areas, including giving reminders—gentle at first—to colleagues who trip up (e.g., forget to mark confidential documents properly). View these as teaching moments and an opportunity to provide additional value to the company. Your ultimate goal should be to develop a strong company-wide culture around confidentiality and protecting trade secrets.

Mark confidential documents as “Confidential.” One of the easiest ways to help ensure that confidential documents and materials will be treated as such is to develop a process whereby employees clearly mark such materials as “Confidential” or “Contains Trade Secrets” or some other red flag that makes it absolutely clear that the materials should be treated with care. A reminder to attendees before a meeting involving confidential information, and picking up and properly disposing of any confidential materials handed out at a meeting (assuming they are not otherwise needed by the attendees) go a long way toward protection.

Recognize warning signs. Management, legal, HR and other personnel should be trained to recognize “red flags.” Unhappy employees are among the biggest risks. For example, employees who received layoff notices, were passed-over for promotion, refused exit interviews or are required to follow a PIP (performance improvement plan) may warrant closer observation. The FBI’s “Insider Threat: An Introduction to Detecting and Deterring an Insider Spy” says it is a warning sign when an employee:

• ·       Without need or authorization, takes any form of proprietary or other material home.
• ·       Shows interest in matters outside the scope of duties, particularly those of interest to foreign entities or business competitors.
• ·       Unnecessarily copies material, especially if it is proprietary or classified.
• ·       Disregards company computer policies on installing and downloading.
• ·       Works odd hours without authorization.
• ·       Has unreported foreign contacts or unreported overseas travel, particularly short, unexplained trips.
• ·       Exhibits unexplained affluence.
• ·       Engages in suspicious contacts with competitors, business partners or other unauthorized individuals.
• ·       Is overwhelmed by life crises or career disappointments.
• ·       Has concerns about potential investigations; leaves traps to detect searches.

Do exit interviews. Departing employees constitute one of your biggest risks for trade-secret theft. Work with the HR team to develop an exit checklist that ensures:

• ·       Departing employees receive a copy of any confidentiality agreement, non-compete, non-solicitation agreement, etc. that they signed during their employment, along with the company’s trade-secret policy. The employee should sign a document acknowledging any ongoing obligations.
• ·       Regular reminders about the employee’s obligations regarding trade secrets and confidentiality post-employment.
• ·       Determination of whether employee has any company information at home or stored on any cloud system.
• ·       Determination of whether the employee will work at a competitor and plans on engaging in any competitive activity (if so, that should trigger several additional steps, e.g., non-compete enforcement).

If there is no non-compete in place, consider a short, non-hostile business letter to the competitor’s legal and HR departments explaining the departing employee’s confidentiality obligations, that you expect their help in ensuring they are honored and that you will take steps to ensure they are.

• ·       Employee surrenders all company property and signs an acknowledgement that he/she has not kept or provided anyone copies.
• ·       Immediate termination of all passwords and access to systems and buildings.
• ·       A search of his/her email, hard-drive, computer files, voice mail if there is an indication of improper activity.

Have a plan. You have your new agreements, state-of-the-art policies, and a well-trained work force, but it’s all for naught unless you have a plan for what to do when your trade secrets are threatened. When developing a plan you should:

• ·       Have a strong relationship with HR, Information Security and Internal Audit. Getting this group together in advance to map out in writing what to do and how everyone will work together if there is a trade secrets breach is job one.
• ·       Have outside counsel advisors lined up in advance to help. Know who you will call in the event you need immediate legal action (e.g., a TRO or advice. Ideally, it will be a firm you have already partnered with in terms of preparing and updating the agreements and policies discussed above. Don’t forget counsel in foreign countries.
• ·       Develop a good system to gather necessary agreements signed by the breaching employee, applicable policies, etc. Counsel will need this for numerous reasons.
• ·       Work out in advance with Information Security who to call to terminate system access, revoke passwords and building access and who will preserve hard drives or search email.  Be sure to have back-up phone numbers.
• ·       Think through your potential legal claims (especially by what is available by geography), so when you are asked, “What can we do?” you don’t have to respond, “We’ll need to look into that and get back to you.” Potential claims include: breach of trade secrets statute/law or unfair competition law (e.g., the Lanham Act or the Uniform Trade Secrets Act—which has been adopted by 46 states in the U.S.), misappropriation of trade secrets (tort), breach of contract, breach of fiduciary duty, tortious interference with business relations, unjust enrichment, inevitable disclosure (which is losing steam as a valid claim), criminal claims, etc.
• ·       Be ready to contact the party that received your confidential information and ask that your trade secrets be returned immediately and/or destroyed, along with an acknowledgement that they have done so. This can be especially effective if the disclosure is inadvertent.
• ·       Know who to contact at local law enforcement and the FBI in the event of a computer crime or theft of trade secrets.
• ·       Include a requirement to revisit your trade-secret program at least once a year and update as necessary.

Being prepared for a trade-secret breach should be one of your key goals for the year.  Prevention is key, because once a trade secret is revealed, it may be too late to undo the harm. If you and your team haven’t thought about this issue in a while, now is the perfect time to dust things off. This is a tricky area of the law, so experienced outside counsel can add a lot of value to your efforts.