September 16, 2020
Trade secret protection under both federal and state law depends on a company’s ability to demonstrate that the information it seeks to protect has independent economic value derived from being secret, and that the company has taken reasonable measures to keep the information secret. In other words, unlike other forms of intellectual property, the inherent value of trade secrets comes from not being generally known or ascertainable. With so many employees working from home in response to the COVID-19 pandemic, now more than ever, companies need to analyze their internal policies to assess whether their pre-COVID-19 measures to protect trade secrets are adequate and appropriate in this new work paradigm.
As a consequence of the COVID-19 pandemic, and in some cases in response to specific government shutdown orders, companies have implemented work-from-home policies to protect their employees from contracting or spreading the virus. A few tech companies, including Twitter, Square and Slack, have extended their work-from-home policies indefinitely. While work-from-home policies have inherent benefits, such as reduced potential for employee exposure to the COVID-19 virus, reduced commute times, reduced operational costs, and greater flexibility for employees, if not implemented, monitored, and managed correctly, these policies could jeopardize a company’s trade secrets. In this article, we highlight some important processes and policies companies should consider to ensure their trade secrets remain protected as employees work remotely.
Training, Training, and More Training
Unlike other forms of intellectual property, which are readily identifiable, trade secrets are more difficult to identify because the subject matter of trade secrets is defined in very broad terms. A trade secret can be a formula, practice, process, design, instrument, pattern, commercial method, or compilation of information which is not generally known or reasonably ascertainable by others, and by which a business can obtain an economic advantage over competitors or customers. This can include information such as financial projections, sales data, cost and pricing information, customer lists, unpublished promotional material, distribution methods, consumer profiles, marketing plans, supplier lists, client details, manufacturing processes, and certain personnel information. Because trade secrets typically are not readily identifiable by employees, companies should regularly audit their trade secret portfolio for purposes of cataloging and identifying their trade secrets. Equally important is frequent training of employees to educate them on what the company considers to be its trade secrets and the measures the company and the employees should take to maintain trade secret protection. Courts frequently look to the level of training provided by a company in determining whether the company took reasonable steps to protect its trade secrets.
Training becomes even more important now as employees work from home, where new threats exist to jeopardize the trade secret status of important and competitive company data. As employees continue to work from home, companies need to ensure that their employees remain vigilant in protecting the company’s trade secrets. Companies should train employees on specific policies and practices focused on protecting the company’s trade secrets while working from home. For example:
- As employees continue to use digital platforms such as Zoom to conduct important business meetings, employees should be educated to regularly change meeting IDs and passwords and activate waiting rooms, which requires the host to grant access to the call to prevent uninvited guests from joining private meetings.
- Employees should be mindful of their environment when working from home or in public places. Particularly, employees with roommates or other house guests should be attentive to the information they leave on their desks or other public places around their homes and who is present when they have conference calls or interactive video conferences where trade secrets are shared or discussed.
- Employees should be discouraged from printing confidential or trade secret documents unless absolutely necessary, provided instructions for destruction, and directed regarding secure ways to store tangible company material, such as in a locked drawer or other secure locations.
- Employees should be reminded of the company’s policies regarding use of personal email or personal devices for work. These standards should not be lowered or ignored because employees are working from home.
- Employees should certify that they have been trained on, and are in compliance with, company policies relating to the protection of the company’s proprietary information.
Update Company Policies
In addition to training employees regarding the heightened risks associated with working from home, companies should reevaluate their policies and update them as necessary to ensure that they adequately protect the company’s trade secrets in this new remote-working environment. In this regard, companies should consider:
- Providing a video-conferencing solution that is stored on a private cloud and having default security protocols implemented, such as not storing instant messaging logs, to protect against loss of information through the use of video-conferencing platforms.
- Requiring certain basic requirements for remote employee’s devices and Wi-Fi settings, and having employees certify compliance.
- Reevaluating their VPN and remote-access protocols to determine what limitations a remote employee has in terms of being able to copy data outside the company’s system to a local device.
- Updating “clean desk” policies to apply to work-from-home scenarios.
- Preparing a plan, with input from HR, IT, and business managers, to ensure prompt collection of company devices and information when a remote employee’s employment relationship with the company is terminated.
- Routinely monitoring the company’s networks for suspicious or unauthorized activity by employees.
- Restricting each employee’s network access to only those network locations or segments that the employee needs to use, with appropriate security for those locations.
Take Prompt Action If Any Unauthorized Disclosure Is Suspected
Finally, if a company suspects any unauthorized disclosure of its trade secrets or breach of its security protocols, the company should take prompt action to protect its trade secrets and demonstrate “reasonable measures.” Delay in taking action may jeopardize the trade secret status of a company’s information in at least two ways. First, by not immediately taking action on learning of an alleged misappropriation, the company could miss the opportunity to prevent any further dissemination of its trade secrets and preserve the secrecy of the misappropriated information, which is critical for maintaining trade secret protection. Second, a company exposes itself to an argument that it failed to take “reasonable measures” to protect the secrecy of its trade secrets by failing to take prompt action on learning of an alleged misappropriation.
While work-from-home policies do present certain challenges to maintaining trade secret protection for company data, working from home is now a reality, and in many instances mandatory, rather than merely an option. As such, a careful review (and update as necessary) of existing company policies, as well as updated training to employees, should be an element of a company’s compliance practices to ensure that trade secrets remain protected notwithstanding employees working from home.
Reprinted with permission from the September 16, 2020 issue of The Recorder. © 2020 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.