Whether you’re running a newly minted start-up or leading an established corporation, genuine trade secrets will almost always provide your company with a competitive edge in the marketplace under both federal and state law. But you must handle them properly. Unfortunately, that edge can deteriorate, or vanish entirely, if your company makes one or more of the critical errors discussed below. You may not need a more robust compliance team to protect your company’s confidential business information, but you do want to take reasonable measures, and aim to avoid these all-too common mistakes. Below are the top 10 pitfalls to avoid at all costs:
1. Don’t Assume You Don’t Have Trade Secrets
Start-ups often assume they don’t have information that necessitates protection. Setting aside time to think through what information you have that could constitute a trade secret is a critical first step. You may not need to keep a detailed itemized list of your trade secrets. Indeed, it can be risky to enumerate them because you will likely miss some and create an inference that the unlisted information is not a trade secret. Still, you should have a sense of what confidential business information is essential to the company so you can decide what precautions you and your management team should take to prevent theft, and put your company in the strongest legal position possible in case litigation arises.
2. Don’t Forget the Confidentiality Provision
Most companies are not solo acts. They are team efforts that flourish through the hard work of many people. It’s great to work with others but when others have access to your information, you should install protections. For example, when you hire a new employee, engage a contractor, or partner with another business, you should include a confidentiality provision in the contract that sets forth an on-going obligation not to use or disclose any of your confidential information. In some situations, you will want to sign a separate NDA with the party.
3. Don’t Hire New Personnel Without Exercising Proper Caution
Bringing on new employees is always exciting. Your company is growing. But you can miss the opportunity to establish your employees’ expectations about the company’s confidentiality culture if you don’t discuss the company’s policy and practices from the outset with all new hires. Ideally, the policy should accompany any offer letters, and should make clear that the company does not need or want any other company’s confidential information. Then, during the hiring and orientation process, your company’s leaders should make sure that all new employees understand they can’t use confidential information from prior employers. And of course, the message should be clear that if they leave the company, they can’t take with them any of your company’s proprietary information. Executing these simple steps early in the relationship, and reiterating them throughout the employment relationship, sends the right message to all of your employees, protects your company’s confidential business information, and helps insulate your company from potential lawsuits brought by the former employers of your new employees.
4. Don’t Say Goodbye Without an Exit Interview
Everyone is busy, and no one typically likes to go through the rigamarole of saying goodbye and reminding the departing employee of her on-going confidentiality obligations to your company. It carries the implication of distrust. Still it’s essential to conduct an exit interview, even if remote, where you remind every single one of your departing employees of his or her obligations to keep your information confidential. Your company’s leadership should document its efforts with each employee, provide the employee with a copy of any NDA or restrictive covenant the employee entered, and discuss on-going obligations after she leaves. Reminding departing employees that the company can use forensics to track any downloading, uploading or printing of proprietary information can markedly improve the rate of return of your company’s property.
5. Don’t Wait to Terminate Access or Collect Property
Allowing a trusted employee to keep her computer for a few weeks or forgetting to disable network access at the time of departure invites trouble. Even though there is some up-front cost, you should arrange for logistics by paying for a courier or arranging a delivery service to collect any company property, including laptops, external storage devices, hard copy files, or any other company devices. That protects your company’s information and supports your claim that you took reasonable steps to do so. Having an employee certify that she has returned all company property can serve to remind the employee of the company’s commitment to confidentiality and helps to document the company’s reasonable measures in the event of litigation.
6. Don’t Allow Unlimited Access to Confidential Information
Not everyone at your company needs access to every piece of information. In fact, almost everyone does not. While it takes discipline, you should impose barriers – both physical and electronic – so that information goes only to those with a need to know. The “secret sauce” belongs in a safe, not out on the table in the office kitchen.
7. Don’t Re-Purpose Equipment Without Preserving Evidence
Electronics are expensive and it can be tempting to quickly re-purpose a departing employee’s devices for another employee. But wiping them clean without taking steps to preserve data can leave your company exposed. If an employee had access to confidential information, and especially if that employee left for a direct competitor, you should work with IT or a specialist to collect and analyze data in case of litigation. And, if you suspect misappropriation, you should strongly consider forensic imaging that will provide you with a replica of the device and its metadata.
8. Don’t Blend Your IP With Another Company’s IP
Likewise, companies can run into trouble with claims of ownership if they fail to keep third-party data separate from their own intellectual property. If you have a business partnership where you are receiving another company’s confidential information, to the extent possible strive to (a) use that information only for approved purposes, (b) keep that information segregated from your own, and (c) maintain a wall between personnel working on that joint project and any internal, independent development of related products or materials. This is not always easy because people working on similar projects are naturally inclined to communicate, but if the partnership falters, maintaining segregation and documentation of independent development will offer your company a potential defense from allegations that you misappropriated the other party’s confidential information.
9. Understand the Risks of Remote Working
When your employees work remotely, your company has multiple new points of information leakage. Employees may be more likely to use unsecured networks, mix information on their work versus personal devices, or inadvertently expose your company’s information to family members or roommates. Depending on your business, it may be necessary to take renewed steps to encrypt critical data, require employees to install security software, and to remind employees to perform work on a company-owned device though a secure connection. Collaborating with an IT department or specialist can help you determine the cost and benefits of implementing these types of security measures.
10. Don’t Create a Policy You Cannot Follow
Many companies set themselves up for failure by adopting written policies that they cannot adhere to. For example, as mentioned above, if you claim to catalog all your trade secrets, you will have a tough time if someone steals an item that is confidential and valuable but is not on your list. Similarly, if your written policy says that you mark all such documents “Confidential,” you risk losing protection of documents that people fail to mark. If you do adopt trade secret policies, they should be practical, and should contain proper caveats to maintain flexibility as issues arise.