What Walks Out the Door with Your Employees?

Every business has some trade secrets information that gives it some advantage, that others dont know, and that it tries to keep secret. One of the most common concerns brought to intellectual property lawyers and litigators is the belief that an ex-employee has walked out the door with the companys trade secrets and is using them, either himself or on behalf of a new employer. This suspicion of theft by a former employee becomes very personal for employers, and much litigation arises from suspected misappropriation. This litigation is messy, fact-specific and expensive. For a variety of reasons it is often hard to detect and then to prove misappropriation of a trade secret. Even when misappropriation can be shown, the damage often cannot be fully remedied: the competitive value of a trade secret is lost when it is no longer secret, and a permanent injunction may not be wholly effective in preventing some direct or indirect use. How common a problem is this? Symantec Corp. and the information management and research firm Ponemon Institute conducted a survey of employees who left their jobs in 2008. It presents some sobering findings. According to the press release announcing the findings, 59 % of the ex-employees surveyed admitted to taking some of their employers confidential information when they left. Much of the information taken was electronic: 53% of respondents downloaded information onto a CD or DVD, 42 percent onto a USB drive and 38% sent attachments to a personal e-mail account; and 79% of respondents took data without an employers permission. Evidently, taking employer information usually was not that difficult: 82 percent of respondents said their employers did not perform an audit or review of paper or electronic documents before the respondent left his/her job; and 24 percent of respondents had access to their employers computer system or network after their departure from the company. The survey results likely do not necessarily mean that 59 percent of ex-employees are using company confidential information in their new positions. Very often a company is not acting to ensure that its employees do not retain confidential information (on a home computer, for example). And sometimes companies designate all manner of information as confidential, but, in at least some circumstances, do not object if ex-employees take samples of their work or other documents. Nonetheless, it is chilling that 59 percent of survey respondents admit taking information that even they believe is confidential. Regardless of the ex-employees motivations or uses, employers plainly are not taking adequate safeguards to protect their trade secrets. If former employees are not always using the trade secrets, they could. And their mere possession of the information is damaging: possession without use may mean the loss of trade secret status. That is, a company likely will be unable to protect its trade secret against misappropriation by a third party if and when, in litigation, that third party can show that the information no longer is secret because it is in the hands of ex-employees. There are three approaches to preventing misappropriation by former employees. They are not mutually exclusive. They are: (1) employee confidentiality policies and agreements; (2) non-compete and non-solicitation agreements; and (3) trade secret protection programs embedded on the ongoing operations of a companys business. Confidentiality and non-compete agreements surely have some deterrent value. Yet, their main utility is after the fact, in limiting damage after confidential information has been stolen. Having some type of protection program is a necessary condition for preserving a trade secret; information cannot be protected, either as a practical matter or in litigation, if a company does not take reasonable steps to hold secret its confidential information. A comprehensive program also is the most effective means of preventing misappropriation in the first place, and of detecting it when it is attempted. What the survey illustrates in part is that, to be truly effective, a trade secret protection program must be far more extensive than is the norm. It is not enough to mark paper documents, restrict physical access to facilities, post confidentiality notices, set up a firewall and require passwords. The high access to and transportability of electronic data means that sensitive information easily spreads to multiple servers and computers within an organization, and beyond. Large amounts of confidential information can be lost via email, uploaded to online storage sites, and walk out the door on a laptop, cd-rom or even a thumb drive. Counsel and particularly technical consultants can be helpful in developing a comprehensive protection program. A thorough program can identify particularly sensitive information (companies deal with huge volumes of data, so consider what truly is important), limit the places where it is found, tag it, set up multiple layers of control to restrict access, prevent theft, and track information when misappropriation does occur. –Christopher J. Mugel