Protecting Confidential Information and IP Amid Employee Mobility
A companys ability to maintain the confidentiality of its trade secrets and other sensitive information is affected to a significant degree by employee mobility. An exiting employee can leave with a companys confidential information, risking loss of trade secrets and serious harm to the company. Additionally, incoming employees can threaten a companys confidential information by contaminating it with proprietary information from a prior employer. This article describes several practical steps and specific procedures that companies can follow with respect to departing and incoming employees to help protect company confidential information, and to mitigate the risk of exposure to third-party confidential information.
Companies regularly have to decide whether to seek patent protection for their innovations or to maintain them as trade secrets. Many companies will file patents for certain inventions and elect to treat other techniques, formulae, or processes as trade secrets. For example, companies may more frequently seek to patent customer-facing innovations, while maintaining back-end solutions as trade secrets. Each route has its advantages and limitations. Regardless, all companies will continue to have confidential information that they will want to preserve. Some of the confidential information may constitute protectable trade secrets, while other information may simply be sensitive information the company does not wish to share with the publicand certainly not with its competitors. In either event, the value of the information (and any legal protection) is largely dependent upon the companys ability to maintain its confidentiality.
It is nonetheless a practical reality that companies generate, maintain, and lose confidential information through their employees. While with the company, many employees will have access to, and work regularly with, the companys confidential information, using myriad company-issued computers, devices, and storage media to handle the information. When such employees depart, there is a risk that, through inadvertence or otherwise, they will take confidential information with them. To address this risk, companies should have procedures in place to ensure confidentiality is maintained. These procedures may include having new hires execute invention disclosure, assignment, and confidentiality agreements. These elements are particularly important for departing employees, through whom companies frequently have the greatest exposure to lost confidential information.
Protecting Confidential Information and IP When Employees Depart
Upon notification that an employee will be leaving, companies should consider, as part of their overall intellectual property management system, taking at least the following steps:
- Confirm that the departing employee will return all company confidential information, and, as appropriate, prepare, collect, and return all company-issued IT systems and access materials and IT-related devices before the departure date. Items that should be collected may include badges, calling cards, cell phones, corporate cards, token/hard keys, furniture and office keys, pagers, wireless devices, laptops, and any other devices or accessories that may contain or enable access to the companys confidential information.
- Verify that written notice has been provided to the departing employee about his or her continuing obligations regarding the companys confidential information, and maintain such written notice in an appropriate repository. Reaffirm obligations under appropriate confidentiality, invention disclosure, and assignment agreements.
- Obtain the departing employees new contact and employment information. The company should consider notifying the new employer of the departing employees ongoing obligations with respect to company confidential information.
- Take appropriate steps to limit or halt the departing employees access to company confidential information and to instruct the network administrator to tailor access to all IT systems and facilities accordingly.
- Request and review a memo from the departing employee that summarizes ongoing projects. The nature or status of the projects may indicate the need for further security measures.
- Determine whether the departing employee is subject to a litigation hold and, if so, coordinate as necessary to take steps to ensure the continued preservation of any information within the scope of the hold.
- Obtain written certification from the departing employee that all company confidential information has been returned.
The level of risk associated with the departure will influence the measures that need to be taken to restrict access to company confidential information. It is therefore critical to determine at the earliest opportunity whether a departure presents a high risk to company confidential information, warranting special protective measures. Considerations that may indicate the need for further measures include that the departing employee:
- is of high rank or seniority;
- has special access to or responsibility for confidential information;
- is presently engaged in a sensitive business unit or initiative;
- is associated with actual or threatened mishandling or misappropriation of confidential information; and/or
- intends to work for a competitor.
In higher-risk situations, the company may consider immediately confiscating company-issued computers/devices, disabling access to all networks and facilities, and even potentially escorting the employee from the facility. Additionally, the company should promptly investigate all information, computer systems, and devices (e.g., voicemail, email, etc.) that have been used or accessed by a departing employee. The departing employees work area should be checked for any missing files, records, or documents. By contrast, in comparatively low-risk situations, the company may permit the departing employee access to company data, as necessary, to complete ongoing projects, before termination.
With these steps, a company can exert greater control over its confidential information during times of employee transition. While these procedures cannot prevent all acts of misappropriation, they can certainly enable a company to identify threats and demonstrate that the company has taken reasonable steps to ensure the confidentiality of its informationan essential element for establishing, and enforcing, trade secret protection.
New Employees and Confidential Information
Companies face a different risk when hiring new employees. Incoming employees can bring with them confidential information from their prior employers, exposing their new company to the information. These situations can lead to claims against the company for misappropriation or mishandling of third-party confidential information. In addition, the companys exposure to third-party confidential information can effectively taint the companys own intellectual property portfolio, and potentially lead to accusations of infringement. The threat of litigation or business disruption caused by the introduction of third-party confidential information by new employees must be managed as part of a sound intellectual property and data management program.
To mitigate this risk, companies may consider requiring incoming employees to:
- certify in writing that they will not use, disclose, possess, access, or upload proprietary information belonging to a third party, including confidential information and trade secrets belonging to a former employer;
- search their personal files, computers, devices, etc., and affirm they do not possess any third-party confidential information, arrange to return any such information they may have to their prior employer, and certify such search and results to the prior employer;
- inform the legal department, in writing, if they learn that any third-party confidential information has been uploaded to the companys systems; and
- agree to cooperate in any monitoring the company may conduct regarding the employees use of the companys systems.
Companies should also review with their new employees the companys policies regarding limitations on access to confidential information, facilities, and company electronic data. These procedures should be considered for anyone given access to the companys confidential information, such as contractors. In connection with hiring, companies should have their new employees execute appropriate confidentiality, invention disclosure, and assignment agreements at the very start of the employment relationship.
These practices can help the company identify any problems at the outset of a new employment relationship, and can provide evidence that the company acted reasonablyto avoid exposure to a third partys accusation of confidential information and trade secret misappropriation. These steps can also minimize the potential for enabling third-party confidential information to contaminate the companys preexisting intellectual property assets.
E. Patrick Ellisen is a shareholder in the Silicon Valley and San Francisco offices of Greenberg Traurig. He focuses his practice on intellectual property and general commercial litigation, as well as intellectual property protection, counseling, and enforcement. He has broad experience handling intellectual property disputes, including patent infringement actions in the U.S. District Courts and before the U.S. International Trade Commission and has experience in insurance coverage of intellectual property disputes. He can be reached at firstname.lastname@example.org. Daniel T. McCloskey is of counsel in the Silicon Valley office of Greenberg Traurig. He represents companies and individuals in connection with intellectual property and complex business disputes. He focuses his practice on litigation, trial, pre-litigation counseling, and resolution with respect to patent, trademark and copyright infringement, trade secret misappropriation, and varied business contract and tort actions. He can be reached at email@example.com.