Given the number of employees and independent contractors working remotely, it is a good time for companies to reassess their trade secret policies and remind all personnel of their obligations to maintain and protect the confidentiality of company information.
For some people, this may be their first time working remotely and they may not be accustomed to the extra steps required at home to maintain appropriate levels of protection for all types of confidential information, particularly if their home environment may not seem conducive to the level of secrecy required for trade secret protection. For all people, regardless of their remote work history, working remotely in this environment of heightened stress is new and warrants a refresh on good trade-secret protection habits. This is true for people at all levels in an organization, regardless of seniority or position, including C-suite executives.
Under both state and federal laws, trade secret protection requires that a company take reasonable measures to maintain the secrecy of the information. Reasonable measures are not the same for every company or for every type of information, but include measures like having a trade secret protection policy; requiring execution of proprietary information agreements; stamping or marking documents confidential; maintaining secure computer networks; requiring strong passwords; ensuring safe handling of hard-copy documents; protecting computers, tablets, and smartphones from unauthorized access; and regularly educating personnel on their obligations to maintain confidentiality. Companies typically also have confidentiality obligations under agreements with third parties, or due to the private/personal nature of the information. With this in mind, companies are encouraged to give their employees, independent contractors, vendors, officers, owners, and directors appropriate reminders of their obligations during this expanded, unprecedented remote work period. This can be done through email notices, or whatever means the company is using to keep in regular communication with persons in these various categories.
Companies should consider tailoring the messages to different groups, depending on the sensitivity of the information to which each has access and the nature of the documents or physical items that the individual is now using at home. It also is important to ensure that the messages are consistent with the company’s existing policies and contractual obligations, including policies regarding use of company computers and networks, and policies and agreements addressing protection of company and third-party information. Bring Your Own Device (BYOD) policies should also be reviewed and adjustments considered if, for example, the policy conditions an employee’s use of a personal device for work on the employer having access-on-demand to the device. Companies may also consider having personnel take brief online refresher courses.
The following are topics companies may consider addressing in reminders to protect company trade secret information, as well as any other information it is obligated to maintain as confidential, such as employee private information and sensitive customer or other third-party data:
For all of the above, links to any relevant company policies will serve to reinforce the message.
For individuals who have access to and work with private information of employees and others, such as employment records, health and insurance records, financial account numbers, social security and passport numbers, and contact information, it is prudent to include reminders regarding obligations to protect such information.
For executives, officers, directors, in-house lawyers and others who deal with attorney-client privileged information, it is also prudent to include reminders regarding protection of privileged communications.
Once the shelter-in-place” restrictions are lifted and people return to the office, it will be important to revisit trade secret protection and other confidentiality compliance issues, including providing explicit instructions for appropriate handling and possible disposition of protected information and physical items used in the home.
There is an obvious balance that companies will want to achieve between strict confidentiality and secrecy rules and what can practically be expected of their employees and others entrusted with trade secrets and other types of confidential information. Rules that cannot reasonably be followed are of no value and can backfire. To the extent the company learns that individuals are taking shortcuts or crafting their own workaround solutions, it is appropriate to come up with solutions rather than ignore the issue. For example, if people have used personal email accounts to work around technical barriers, then they should be diligent about deleting all copies in their sent folder and trash and work with the company’s IT team to come up with a secure solution. Likewise, individuals should be encouraged to report any lapses so that the company can take appropriate corrective measures. It also is wise to tailor rules to the sensitivity of the information, having in mind that not every person will need or have access to the same level of sensitive information.
The types of reminders discussed in this article are in addition to steps companies should be taking with respect to computer network and data security, such as monitoring computer networks and email traffic to identify unauthorized access and intrusions, as well as unusual downloading, deleting, copying, or printing activities.
Our lawyers have broad experience working with clients to develop and implement trade secret protection policies and training programs, and are available to assist in development of appropriate reminders for protection of company trade secrets and other confidential information.
For our clients, we have formed a multidisciplinary Coronavirus COVID-19 Task Force to help guide you through the broad scope of legal issues brought on by this public health challenge. We also have launched a resource page to help keep you on top of developments as they unfold. If you would like to receive a daily digest of all new updates to the page, please subscribe now to receive our COVID-19 alerts. One of our many resources includes a list of current known IP office closures and extensions around the world.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact the authors, Carla B. Oakley (San Francisco), Christopher J. Banks (San Francisco), Seth M. Gerber (Century City), or any of the members of our trade secret practice:
Joshua M. Dalton
Jonathan D. Lotsoff
Kimberley E. Lunetta
Carrie A. Gonell
John V. Gorman