X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
On April 30, the U.S. Sentencing Commission submitted to Congress proposed amendments to the Federal Sentencing Guidelines updating the requirements for an effective corporate compliance program. If not rejected by Congress, these amendments will automatically take effect on Nov. 1, as the first revision to these compliance standards since they were first promulgated in November 1991. Among other consequences, the proposed guidelines could play a key role in protecting a company’s confidential business information and trade secrets. While a corporate compliance program organized on the basis of these guidelines is only a mitigating factor in sentencing a business organization that commits a federal crime, the sentencing guidelines have become the universally accepted standard for corporate compliance programs. The proposed amendments incorporate two key developments in the law that have occurred since these guidelines were first introduced: the 1996 decision of the Delaware Chancery Court in In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959 (Del. Ch. 1996) to expand a corporate director’s duty of care to ensure that the company has proper systems in place to minimize the possibility that its officers and employees will commit criminal acts in the course of their duties, and the 2002 Sarbanes-Oxley Act mandating that directors, chief executive officers and chief financial officers of public companies exercise direct oversight with respect to the company’s financial reporting. PROPOSED GUIDELINES REQUIRE COMPLIANCE WITH MORE LAWS The proposed guidelines both adopt and go beyond the dictates of Caremark and Sarbanes-Oxley. In addition to requiring a compliance program “to prevent and detect criminal conduct,” they define an effective compliance program as one that “encourages ethical conduct and a commitment to compliance with the law,” expanding its coverage to include not only the federal criminal law and financial reporting but also compliance with all federal and state laws, criminal or civil. Amendments to Sentencing Guidelines, � 8B2.1(a). The proposed guidelines place responsibility for oversight directly on boards of directors, who “shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.” Id. at � 8B2.1(b)(2)(A). The corporate commitment to the compliance and ethics program, under the proposed guidelines, is enhanced by designating the “overall responsibility for the compliance and ethics program” with “high level personnel” supervising “specific individuals” who are “delegated with the day-to-day operational responsibility.” This commitment must also be financial. Those in charge of operating the compliance program must be “given adequate resources, appropriate authority, and direct access” to the board of directors or one of its subcommittees. Id. at � 8B2.1(b)(2)(C). Other enhancements require an increased duty to audit the effectiveness of the compliance program, to train company personnel from top to bottom and to provide a means for company employees not only to report criminal conduct but also to seek “guidance regarding potential or actual criminal conduct.” Id. at � 8B2.1(b)(5)(C) In a presidential election year when corporate wrongdoing is still in the headlines, it is a virtual certainty that these proposed guidelines will not be rejected by Congress. They will also undoubtedly result in increased corporate resources being directed to compliance and ethics programs. Given these changes, an effective corporate compliance and ethics program can play a key role in protecting a company’s confidential business information and trade secrets. In particular, corporate boards of directors can take advantage of an effective compliance program under the guidelines to protect their company’s valuable business data. As the guidelines stand today, trade secrets should be one of the issues addressed in a compliance program. The Economic Espionage Act, 18 U.S.C. 1831 et seq., which makes it a federal crime to steal trade secrets, and the Computer Fraud and Abuse Act, 18 U.S.C. 1030, which makes it a federal crime to steal computer data, unquestionably designate two crimes that a compliance program is designed to prevent and detect. For example, a company that hires an employee from a competitor with the knowledge that the employee will bring the former employer’s trade secrets or computer data to his new job is exposing itself to potential criminal liability. The proposed change in the guidelines will expand this obligation to guard against a competitor’s confidential information from infecting the workplace by including within the purview of the compliance program the state trade secrets laws that make it a civil wrong to misappropriate a competitor’s trade secrets. Since a compliance program must include the defensive positioning of the company to prevent both criminal and civil violations of the trade secrets laws, the likely change in the guidelines provides several practical reasons why a compliance program should include the protection of the company’s own confidential business information. First, a board of directors charged with overseeing the compliance program should be just as concerned with offensively protecting the company’s confidential and property information as it is with defensively protecting the company from charges that it has illegally received intellectual property belonging to its competitors. Second, protecting the company’s own information is consistent with the business ethics being promoted by the proposed guidelines and the well-established view that the “trade secret law is intended to maintain and promote standards of commercial ethics and fair dealing.” Picker Int’l Corp. v. Imaging Equipment Services Inc., 931 F. Supp. 18, 37 (D. Mass. 1995). Third, the added cost of including the protection of the company’s own information, in the context of the proposed requirement that the board of directors must adequately fund the compliance program that should already include the trade secret issue, is minimal. What does such an expanded compliance program mean to the company? As an initial matter, the same code of ethics that is required by the guidelines and by Sarbanes-Oxley should include clear rules about the protection of the company’s own confidential and proprietary information and computer data, the format in which most of this information is maintained. This should include a clear explanation of why such rules are critical to the continued viability of the company’s competitive standing and individual employees’ job security, and how the information is to be safeguarded, incorporating rules for using company information inside and outside of the workplace. An explanation of these rules must be part of the compliance programs’ required training programs. Training should not be limited simply to group meetings explaining the importance of protecting the company’s confidential business information. Under the proposed guidelines, training also must include mechanisms for providing individual guidance to employees’ ethical concerns. An effective training program should also address the need to protect company information at two critical stages. The first is when an employee is hired. This is the logical time when the rules of a company can first be explained and is the critical juncture when a company can prevent an employee who has been hired from a competitor from using or disclosing the former employer’s confidential business information. The other critical stage is when the employment relationship terminates and the soon-to-be ex-employee is most likely to take the company’s confidential business information to use at the next job. Again, a structured exit procedure in which the employee is reminded of his or her post-employment legal obligation to maintain the secrecy of the company’s critical information can be significant in minimizing the unauthorized disclosures of the company’s information. This is also the time to conduct an inventory of the departing employee’s company documents and computer data to ensure that they do not leave the company. ENCOURAGING EMPLOYEES TO REPORT THEFT IS A KEY FEATURE Another feature of the effective compliance program that can be used to safeguard the company’s confidential information is providing all corporate employees with the ability to report suspected thefts — either anonymously through a telephone “hot line” or in person to a designated company ombudsman. This feature not only stresses the importance that the company places on the information, it also provides the company with information that can be used to prevent valuable data from leaving its premises. Achieving that result requires the compliance program to have adequate resources and the ability to investigate the allegations brought to its attention. The ultimate goal of any such investigation — whether it is conducted by corporate security, human resources personnel or outside counsel — is to uncover admissible evidence identifying the thief and the full scope of the theft of the confidential information. Armed with that evidence, the company can enlist the assistance of courts to obtain injunctive relief to recover the information and prevent its dissemination to competitors. A formal compliance program with specific rules governing the treatment of the company’s confidential information, reinforced through training programs, encouraging the reporting of thefts and funded with adequate resources, will not only serve to minimize the loss of the company’s information, but will also increase the likelihood of successful litigation by providing powerful proof of a critical element of a trade secrets case — that the company has taken reasonable steps to protect its information. Wyeth v. Natural Biologics Inc., 2003 WL 22282371, at 4 (D. Minn. 2003). Nick Akerman is a partner in the New York office of Dorsey & Whitney. If you are interested in submitting an article to law.com, please click here for our submission guidelines.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.