Category Archives: Trade Secrets

As If Wall Street Didn’t Have Enough Problems…

The Second Circuit issued what could be a significant blow to the one percent last week. Wall Street has been using the Economic Espionage Act (“EEA”) as an important weapon in its arsenal to protect its trade secrets against theft by rogue employees. For example, Goldman Sachs Group, Inc’s former programmer was convicted under the EEA of stealing Goldman’s confidential Continue reading

15 Provisions That Should Be In Your Employment Agreements if You Want to Keep Your Trade Secrets

Image courtesy of Jeff Trexler

Your best and most reliable way to protect your trade secrets is by making sure that those that come into contact with your confidential information have a duty to keep it that way–a secret. As anyone who has ever completed middle school knows, not everyone is naturally good at keeping secrets. It is your job to make sure that the people who are privy to your business’ secrets know that the information is confidential and know that they are required to keep it that way. The foundation for setting these expectations and requirements is through written agreements and/or policies with your employees that clearly set out the employee’s responsibilities with regard to your confidential information.

As a threshold matter, tell your employees what information is considered to be confidential. Disclose that information only on a “need to know” basis. Require that employees participate in a confidential information awareness orientation (and, here’s the kicker, actually hold one and make them go). Put a “confidential” legend or watermark on confidential information and treat it that way. In addition, your employment agreements and/or handbooks should cover the following bases:

1.    Include enforceable covenants not to compete in your employment contracts that are reasonable in time and scope. Courts don’t really like these provisions and in most cases will only require the employee to do what is absolutely necessary to protect the employer’s interests and no more. So, if you want the non-compete to be enforceable later, draft it narrowly and make it reach only as far as necessary.

2.    Use non-use/nondisclosure provisions in your contracts that address the following:

a.    Incorporate by reference the Espionage Act (18 U.S.C. §1832). Note that this provision can only protect “actually confidential” information that is subject to reasonable efforts to protect confidentiality. Tax Track Systems v. New Investor World, Inc., 478 F.3d 783 (7th Cir. 2007).

b.    To secure the benefits of the CFAA (Computer Fraud and Abuse Act), use the language HP did in the following case, which proved to be critically important. Hewlett-Packard Co. V. BYD: Sign, Inc, 2007 WL 275476 at *11-13 (E.D. Tex. Jan. 25, 2007).The HP employees had agreed by contract to not disclose “any of HP’s intellectual property, trade secrets, and confidential information to any unauthorized persons, and to refrain from sending or accessing messages on HP’s computer systems for personal gain” (emphasis added). Consider going even further and get a covenant not to use the information in a manner contrary to the company’s business interests and define “personal gain” to include “personal non-economic benefit.

3.    Obtain a specific promise not to post secrets or confidential information on the internet. This becomes particularly important as we start moving to cloud-based applications that allow the employee to easily move information from your systems to the internet without the need for downloading or emailing documents.

4.    Have clear policies on what can be shared via social networking and blogging, etc.

5.    Obtain covenants not to solicit other employees in the event the employee changes jobs.

6.     Require anti-moonlighting provisions if appropriate.

7.    Include a contractual provision that requires the employee to assign to the employer any trade secrets or other intellectual property created by the employee in the course of the employment. Also, while you’re at it, make clear who owns what with respect to other intellectual property, i.e., business-related blogs, twitter accounts, and LinkedIn connections, etc.

8.    Obtain a requirement that employees return all company property upon separation, including any paper or electronic copies of company documents or other information.

9.    Specify Rules, either in a contract or in the employee handbook, for use of off-site digital storage devices.

10.    Require return/deletion of secrets from hard drives of digital storage devices used by the recipient. This provision would also include all the ways one can store data these days, i.e., on the employee’s cell phone, thumb drives, cameras, iPods, and the like.

11.    Insist upon a requirement that the employees submit to an exit interview.

12.    Require itemization of digital storage devices that have been used  to store your company’s trade secrets.

13.    Require that any disputes between the employer and employee be subject to mandatory arbitration (with an exception that allows you to seek an injunction for breach of these covenants if necessary).

14.    Have policies that protect confidential information with layered passwords, firewalls, intranets, file size restrictions on e-mailable documents, and encryption.

15.    Require one particular employee or IT consultant to check the internet regularly to monitor chat or other mentions of your company and protect its secrets. Early detection can limit damage.

Contractual Provisions with other Third Parties

Don’t just stop with your employees. Other people come into contact with your trade secrets too. Consider adding the following in agreements with other third parties:

1.    Companies that provide consulting services might consider “no-hire” clauses in contracts with its customers (such provisions must be narrowly drawn, though).

2.    Non-disclosure agreements with consultants or vendors who are likely to come into contact with confidential information or trade secrets. Consultants should be required to keep information confidential for some reasonable time period and then return or destroy the information.

3.    Negotiate for Protective Orders in Litigation with others.

4.    Always obtain a work made for hire agreement with consultants if at all possible.

5.    License Agreements must contain provisions which prevent the “naked” assignment of rights.

6.    Any shrink wrap agreements with users should prohibit the reverse engineering of your product and the posting of any secrets.

7.    Third Party Agreements should contain language advising the other party of their potential personal liability for misuse of the trade secrets by others if they in fact do disclose secrets.

Preventing the theft or inadvertent disclosure of trade secrets is far cheaper and more effective than litigating about these issues after the horse is out of the barn. Putting some thought into your contracts with your employees and third party vendors can help avert a disaster down the road.

Avoiding Disaster: How to Avert a Data Breach

Picture

 
  Don’t Collect It In The First Place      One of the easiest ways to avoid seeing your company’s name all over the news for having a data breach is not to collect sensitive information. Unless you absolutely have a compelling business reason to take it from the customer and store it in your systems, do not collect it. Many older forms have a place for the customer or client to enter a social security number but often there is not a valid business reason to have it. For example, I was recently completing forms for my church for one of my children to go on a trip with the youth group. The form, probably the remnant of a form from thirty years ago, requested the child’s social security number. Don’t take socials on the front end and get rid of them if you have them. They will only cause you heartbreak. Similarly, the loss or breach of bank data and health data can trigger liability under the labrynthe of laws that addresses these issues in the United States. If you don’t absolutely have to have this information, don’t collect it.       Along these same lines, get rid of dusty old records sitting in your company’s basement or mildewing on an ancient hard drive somewhere. Not only can these things cause you untold grief if you get sued (you could conceivably have to pay a fortune to review and produce them in discovery), their loss or breach could catapult you into the news for a data breach with the likes of  TJMax and Sony. Do some spring data cleaning and get rid of these things. 

Top 10 Ways to Protect Your Trade Secrets

If you’re not doing these things, you should be:

1.    Where feasible, encrypt your data.
2.    Institute multi-level passwords to protect confidential information.
3.    Enter into confidentiality agreements with your employees requiring them to protect your data.
4.    Enter into confidentiality agreements with your vendors and contractors as well.
5.    Train your employees in data security and put in policies and procedures to keep it safe.
6.    Do not dispose of documents or data carelessly.
7.    Restrict visitors and employ prudent plant security.
8.    Lock up or otherwise secure sensitive information.
9.   Use copy protection and embedded codes to trace copies.
10.  Provide confidential information on a “need-to-know” basis only.