A 10-Step Guide to Protecting Your Company’s Trade Secrets
May 6, 2014 2 Comments
Under the Texas Uniform Trade Secrets Act (TUTSA), information is not considered a trade secret unless its owner took “reasonable efforts under circumstances to maintain its secrecy.” So, what efforts should a business be taking to protect its proprietary and confidential information and trade secrets? Here’s a quick step by step checklist.
1. Identify Your Trade Secrets and Proprietary Information. Before you start implementing any security measures, you need to identify what information you are trying to protect. Ask yourself two questions: (1) what information do I have that gives my business a competitive advantage? and (2) is this information publicly available? By way of example, under TUTSA, a trade secret can include: “formula, pattern, compilation, program, device, method, technique, process, financial data, or list of actual or potential customers or suppliers.” This information, however, is not likely to qualify as proprietary if it is “commonly known” or if it is available in the public domain.
2. Implement Access System on the “Need to Know Basis.” If the information you are seeking to protect is stored on paper, make sure your documents are stored in a secure cabinet or a room, which only few key employees can access. If the information is stored electronically, make sure that each employee has a separate log in account and that you keep track of who accessed the information, when, for how long, and what changes were made to such information. If possible, a company should consider having a pop-up window or a reminder that notifies its employees each time they access the program or the database that contains confidential information that such information is proprietary and may not be shared with third parties.
3. Require Key Employees to Sign Non-Disclosure Agreements (NDAs). Employees with access to confidential and proprietary information should be required to execute NDAs prior to receiving access to such information. A typical NDA will require an employee (a) not to disclosure the company’s confidential information to third parties; and (b) to assign all “rights, title, and interest” in the employee’s inventions to the company if they are developed in the scope of his or her employment. The NDA can be part of an offer letter or employment agreement or it can be a free-standing NDA contract. Make sure that the NDAs are filled out correctly, are current, are consistently being executed by each key employee, and are stored in safe location.
4. Require Third Parties to Sign Non-Disclosure Agreements. If you are sharing your business’s proprietary information with another party, such as your supplier, marketing agent, insurance company, etc., make sure that they execute a NDA as well. Ideally, you should not be sharing your proprietary information with anybody who has not executed a NDA.
5. Have a Written Confidentiality Policy. Your employee handbook and/or company policy should contain a statement regarding what information the company considers to be confidential, prohibition of disclosure of such information, description of the consequences of such disclosure, such as disciplinary action, and a requirement that all key employees execute a NDA.
6. Provide Training Regarding the Confidentiality Policy. Among other things, such training can serve to remind employees not to discuss the confidential information in public, not to access such information from public computers, and alert them regarding various ways of inadvertent disclosure that they can encounter in their day-to-day lives.
7. Enforce the Confidentiality Policy. It is not enough to have NDAs and confidentiality policies, but the employer should monitor employees’ compliance and conduct periodic audits. The rules and contracts are worthless unless the employer consistently enforces them.
8. When Key Employees Leave, Have Them Sign A Non-Disclosure Confirmation Form, Obtain Information About Their New Company, and Conduct Forensic Imaging of Their Computers. When key employees leave, during the exit interview have them sign a statement in which they acknowledge that they have not taken any of your confidential information. You should also ask them about where they are going, what duties they will be performing there and other information that will help you assess the likelihood of them using the company’s confidential information at their new company. Finally, it is worth paying a few hundred dollars to have their computers, iPads, etc., forensically examined to make sure that they have not printed, emailed themselves or otherwise took any of the company’s proprietary information.
9. If You Suspect That an Employee Is Stealing or Has Stolen Your Trade Secrets, Act Quickly. The more time passes between you discovering that your employee has taken or is using your confidential information and your actions, the less likely a court is to find that the information was a “trade secret.” In other words, if you are not trying to prevent other parties from using your information, then why should the court do so? I have previously written about the typical enforcement actions for violation of non-competition agreements by departing employees here. A similar analysis will apply to trade secret misappropriations.
10. Be Proactive, Not Reactive in Protecting The Information That Is at The Heart of Your Business. Many businesses make sure that they protect their tangible assets such as office furniture, equipment, computers, etc., but they often fail to put security measures in place to protect the intangible assets – the information, knowledge, and skills that make their business successful. Do not wait until an unscrupulous employee, a subcontractor, or a business associate decides to take your proprietary information – protect yourself by implementing the above-described measures.
CONCLUSION: While following the above steps does not guarantee that your trade secrets will remain confidential, it does provide two advantages. First, from a business stand point, implementing the measures on this list will make it less likely that your employees or third-parties will be successful in stealing your business’s trade secrets. Second, from the legal standpoint, if you end up in court, proving that misappropriated information was a “trade secret” under the TUTSA will be easier.
This list is general guide. Consider consulting with an attorney to come up with a specific security framework that adequately protects your particular business. For more information regarding trade secret misappropriation claims in Texas and protection against such misappropriation, contact Leiza Dolghih.