A company’s ability to maintain the confidentiality of its trade secrets and other sensitive information is affected to a significant degree by employee mobility. An exiting employee can leave with a company’s confidential information, risking loss of trade secrets and serious harm to the company. Additionally, incoming employees can threaten a company’s confidential information by contaminating it with proprietary information from a prior employer. This article describes several practical steps and specific procedures that companies can follow with respect to departing and incoming employees to help protect company confidential information and to mitigate the risk of exposure to third-party confidential information.
Companies regularly have to decide whether to seek patent protection for their innovations or to maintain them as trade secrets. Many companies will file patents for certain inventions and elect to treat other techniques, formulae or processes as trade secrets. For example, companies may more frequently seek to patent customer-facing innovations, while maintaining back-end solutions as trade secrets. Each route has its advantages and limitations. Regardless, all companies will continue to have confidential information that they will want to preserve. Some of the confidential information may constitute protectable trade secrets, while other information may simply be sensitive information the company does not wish to share with the public — and certainly not with its competitors. In either event, the value of the information (and any legal protection) is largely dependent upon the company’s ability to maintain its confidentiality.
It is nonetheless a practical reality that companies generate, maintain and lose confidential information through their employees. While with the company, many employees will have access to, and work regularly with, the company’s confidential information, using myriad company-issued computers, devices and storage media to handle the information. When such employees depart, there is a risk that, through inadvertence or otherwise, they will take confidential information with them. To address this risk, companies should have procedures in place to ensure confidentiality is maintained. These procedures may include having new hires execute invention disclosure, assignment and confidentiality agreements. These elements are particularly important for departing employees, through whom companies frequently have the greatest exposure to lost confidential information.
PROTECTING INFORMATION WHEN EMPLOYEES DEPART
Upon notification that an employee will be leaving, companies should consider, as part of their overall intellectual property management system, taking at least the following steps:
• Confirm that the departing employee will return all company confidential information, and, as appropriate, prepare, collect and return all company-issued IT systems and access materials and IT-related devices before the departure date. Items that should be collected may include badges, calling cards, cellphones, corporate cards, token/hard keys, furniture and office keys, pagers, wireless devices, laptops and any other devices or accessories that may contain or enable access to the company’s confidential information.
• Verify that written notice has been provided to the departing employee about his or her continuing obligations regarding the company’s confidential information, and maintain such written notice in an appropriate repository. Reaffirm obligations under appropriate confidentiality, invention disclosure and assignment agreements.
• Obtain the departing employee’s new contact and employment information. The company should consider notifying the new employer of the departing employee’s ongoing obligations with respect to company confidential information.
• Take appropriate steps to limit or halt the departing employee’s access to company confidential information and to instruct the network administrator to tailor access to all IT systems and facilities accordingly.
• Request and review a memo from the departing employee that summarizes ongoing projects. The nature or status of the projects may indicate the need for further security measures.
• Determine whether the departing employee is subject to a “litigation hold” and, if so, coordinate as necessary to take steps to ensure the continued preservation of any information within the scope of the hold.
• Obtain written certification from the departing employee that all company confidential information has been returned.
The level of risk associated with the departure will influence the measures that need to be taken to restrict access to company confidential information. It is therefore critical to determine at the earliest opportunity whether a departure presents a high risk to company confidential information, warranting special protective measures. Considerations that may indicate the need for further measures include that the departing employee:
• Is of high rank or seniority;
• Has special access to or responsibility for confidential information;
• Is presently engaged in a sensitive business unit or initiative;
• Is associated with actual or threatened mishandling or misappropriation of confidential information; and/or
• Intends to work for a competitor.
In higher-risk situations, the company may consider immediately confiscating company-issued computers/devices, disabling access to all networks and facilities, and even potentially escorting the employee from the facility. Additionally, the company should promptly investigate all information, computer systems and devices (e.g., voicemail, email, etc.) that have been used or accessed by a departing employee. The departing employee’s work area should be checked for any missing files, records or documents. By contrast, in comparatively low-risk situations, the company may permit the departing employee access to company data, as necessary, to complete ongoing projects, before termination.
With these steps, a company can exert greater control over its confidential information during times of employee transition. While these procedures cannot prevent all acts of misappropriation, they can certainly enable a company to identify threats and demonstrate that the company has taken reasonable steps to ensure the confidentiality of its information — an essential element for establishing, and enforcing, trade secret protection.
NEW EMPLOYEES AND CONFIDENTIAL INFORMATION
Companies face a different risk when hiring new employees. Incoming employees can bring with them confidential information from their prior employers, exposing their new company to the information. These situations can lead to claims against the company for misappropriation or mishandling of third-party confidential information. In addition, the company’s exposure to third-party confidential information can effectively taint the company’s own intellectual property portfolio and potentially lead to accusations of infringement. The threat of litigation or business disruption caused by the introduction of third-party confidential information by new employees must be managed as part of a sound intellectual property and data management program.
To mitigate this risk, companies may consider requiring incoming employees to:
• Certify in writing that they will not use, disclose, possess, access or upload proprietary information belonging to a third party, including confidential information and trade secrets belonging to a former employer;
• Search their personal files, computers, devices, etc., and affirm they do not possess any third-party confidential information, arrange to return any such information they may have to their prior employer, and certify such search and results to the prior employer;
• Inform the legal department, in writing, if they learn that any third-party confidential information has been uploaded to the company’s systems; and
• Agree to cooperate in any monitoring the company may conduct regarding the employee’s use of the company’s systems.
Companies should also review with their new employees the company’s policies regarding limitations on access to confidential information, facilities and company electronic data. These procedures should be considered for anyone given access to the company’s confidential information, such as contractors. In connection with hiring, companies should have their new employees execute appropriate confidentiality, invention disclosure and assignment agreements at the very start of the employment relationship.
These practices can help the company identify any problems at the outset of a new employment relationship, and can provide evidence that the company acted reasonably — to avoid exposure to a third party’s accusation of confidential information and trade secret misappropriation. These steps can also minimize the potential for enabling third-party confidential information to contaminate the company’s pre-existing intellectual property assets.
This article first appeared in Corporate Counsel, a Legal affiliate based in New York. •
E. Patrick Ellisen is a shareholder in the Silicon Valley and San Francisco offices of Greenberg Traurig. He focuses his practice on intellectual property and general commercial litigation, as well as intellectual property protection, counseling and enforcement. He can be reached at email@example.com.
Daniel T. McCloskey is of counsel in the firm’s Silicon Valley office. He represents companies and individuals in connection with intellectual property and complex business disputes. He can be reached at firstname.lastname@example.org.