Your best and most reliable way to protect your trade secrets is by making sure that those that come into contact with your confidential information have a duty to keep it that way–a secret. As anyone who has ever completed middle school knows, not everyone is naturally good at keeping secrets. It is your job to make sure that the people who are privy to your business’ secrets know that the information is confidential and know that they are required to keep it that way. The foundation for setting these expectations and requirements is through written agreements and/or policies with your employees that clearly set out the employee’s responsibilities with regard to your confidential information.
As a threshold matter, tell your employees what information is considered to be confidential. Disclose that information only on a “need to know” basis. Require that employees participate in a confidential information awareness orientation (and, here’s the kicker, actually hold one and make them go). Put a “confidential” legend or watermark on confidential information and treat it that way. In addition, your employment agreements and/or handbooks should cover the following bases:
1. Include enforceable covenants not to compete in your employment contracts that are reasonable in time and scope. Courts don’t really like these provisions and in most cases will only require the employee to do what is absolutely necessary to protect the employer’s interests and no more. So, if you want the non-compete to be enforceable later, draft it narrowly and make it reach only as far as necessary.
2. Use non-use/nondisclosure provisions in your contracts that address the following:
a. Incorporate by reference the Espionage Act (18 U.S.C. §1832). Note that this provision can only protect “actually confidential” information that is subject to reasonable efforts to protect confidentiality. Tax Track Systems v. New Investor World, Inc., 478 F.3d 783 (7th Cir. 2007).
b. To secure the benefits of the CFAA (Computer Fraud and Abuse Act), use the language HP did in the following case, which proved to be critically important. Hewlett-Packard Co. V. BYD: Sign, Inc, 2007 WL 275476 at *11-13 (E.D. Tex. Jan. 25, 2007).The HP employees had agreed by contract to not disclose “any of HP’s intellectual property, trade secrets, and confidential information to any unauthorized persons, and to refrain from sending or accessing messages on HP’s computer systems for personal gain” (emphasis added). Consider going even further and get a covenant not to use the information in a manner contrary to the company’s business interests and define “personal gain” to include “personal non-economic benefit.
3. Obtain a specific promise not to post secrets or confidential information on the internet. This becomes particularly important as we start moving to cloud-based applications that allow the employee to easily move information from your systems to the internet without the need for downloading or emailing documents.
4. Have clear policies on what can be shared via social networking and blogging, etc.
5. Obtain covenants not to solicit other employees in the event the employee changes jobs.
6. Require anti-moonlighting provisions if appropriate.
7. Include a contractual provision that requires the employee to assign to the employer any trade secrets or other intellectual property created by the employee in the course of the employment. Also, while you’re at it, make clear who owns what with respect to other intellectual property, i.e., business-related blogs, twitter accounts, and LinkedIn connections, etc.
8. Obtain a requirement that employees return all company property upon separation, including any paper or electronic copies of company documents or other information.
9. Specify Rules, either in a contract or in the employee handbook, for use of off-site digital storage devices.
10. Require return/deletion of secrets from hard drives of digital storage devices used by the recipient. This provision would also include all the ways one can store data these days, i.e., on the employee’s cell phone, thumb drives, cameras, iPods, and the like.
11. Insist upon a requirement that the employees submit to an exit interview.
12. Require itemization of digital storage devices that have been used to store your company’s trade secrets.
13. Require that any disputes between the employer and employee be subject to mandatory arbitration (with an exception that allows you to seek an injunction for breach of these covenants if necessary).
14. Have policies that protect confidential information with layered passwords, firewalls, intranets, file size restrictions on e-mailable documents, and encryption.
15. Require one particular employee or IT consultant to check the internet regularly to monitor chat or other mentions of your company and protect its secrets. Early detection can limit damage.
Contractual Provisions with other Third Parties
Don’t just stop with your employees. Other people come into contact with your trade secrets too. Consider adding the following in agreements with other third parties:
1. Companies that provide consulting services might consider “no-hire” clauses in contracts with its customers (such provisions must be narrowly drawn, though).
2. Non-disclosure agreements with consultants or vendors who are likely to come into contact with confidential information or trade secrets. Consultants should be required to keep information confidential for some reasonable time period and then return or destroy the information.
3. Negotiate for Protective Orders in Litigation with others.
4. Always obtain a work made for hire agreement with consultants if at all possible.
5. License Agreements must contain provisions which prevent the “naked” assignment of rights.
6. Any shrink wrap agreements with users should prohibit the reverse engineering of your product and the posting of any secrets.
7. Third Party Agreements should contain language advising the other party of their potential personal liability for misuse of the trade secrets by others if they in fact do disclose secrets.
Preventing the theft or inadvertent disclosure of trade secrets is far cheaper and more effective than litigating about these issues after the horse is out of the barn. Putting some thought into your contracts with your employees and third party vendors can help avert a disaster down the road.