In March, millions of workers were told overnight to start working from the comfort of their homes as the result of the COVID-19 pandemic. Since then, companies have been playing catch-up in implementing measures to ensure protection of their confidential information and trade secrets in the new environment where employees are virtually unsupervised and accessing company systems remotely on the daily basis.
Since trade secrets are not registered with the government, like patents or trademarks, companies must take proactive measures to protect them. Those who fail to take reasonable measures, risk finding out down the road (usually in court, when they try to recover stolen trade secrets from a rogue employee) that their information has lost its trade secrets status.
I predict that in the next twelve months we will see more trade secrets cases involving the argument that employers failed to take reasonable measures to protect their trade secrets when employees were allowed to work from home.
So, what additional steps should the companies be taking to protect their trade secrets in the times of #WFH? Here is a suggest list of measures that should be taken:
- Provide company-owned computers. While it may be expensive, it allows employers to track employee activity on their devices, block information transfer, and forensically analyze the devices when employees leave to ensure that all confidential information has been returned.
- Implement “alert” tools. Consider installing applications that will alert you if an employee downloads large files or accesses specific information and will log employees’ activity related to specific sensitive information.
- Make sure security measures and logs of user activity are turned on. Many databases, cloud storage platforms, and software applications now days allow administrators to limit downloads or file transfers and to see user activity. Make sure you are aware of how those features work and that you have them turned on.
- Update confidentiality policies. Add language specifically alerting employees regarding company confidentiality rules that apply to working from home, e.g., that employees are prohibited from downloading company confidential information on external devices and that employer may track employees’ activity.
- Conduct confidentiality training. Now is a good time to remind employees what the company considers confidential, that the same confidentiality rules apply to working from home as working from the office, and the consequences of breaching the confidentiality policy.
- Re-evaluate “need to know” access. Take a closer look at which employees within the company have access to which information and evaluate whether they really need that access in order to do their job. If not, their access should be cut off or limited.
Employers are dealing with a lot of COVID-19-related issues and the trade secrets protection measures tend to take a back seat to other more imminent concerns, but implementing at least one of the measures above will help when a company finds out that a departed employee took its confidential client list or other sensitive information and wants to recover that information or seek damages in court.
Leiza Dolghih is a labor and employment board certified partner at Lewis Brisbois Bisgaard & Smith LLP in Dallas, Texas and a Co-Chair of the firm’s Trade Secrets and Non-Compete Disputes national practice. Her practice includes commercial, intellectual property and employment litigation. You can contact her directly at Leiza.Dolghih@LewisBrisbois.com or (214) 722-7108.