What steps could the former employer have taken to minimize the risk that employees will take confidential files with them, as the majority of mobile employees feel it is acceptable to do? And because the new employer will likely be liable for any trade secret misuse or disclosure by the new hire, what steps can the new employer take to mitigate the risk of expensive IP litigation? And finally, what steps should the mobile employee take to ensure their potential exposure is minimized?
Tips for the employer (old and new)
Organizations fully intent on deterring insider theft should employ a dedicated team of HR, security and legal professionals who collectively create policies, drive training and monitor employees. Employees within these organizations will come to understand, over time, that stealing trade secret information is not only wrong but has serious consequences.
Effective policies and procedures must span the entire employment relationship. During recruiting, companies should ensure that they are not targeting competitor's employees with the hopes of gaining access to competitive IP. Employees conducting interviews should be cognizant not to request trade secret information during the interview, and candidates should be clear that they must refrain from sharing any non-public information from their current employer.
New hire documentation should not only include a standard NDA, but offers of employment themselves can be made contingent on a former employer's promise that he has complied with all lawful obligations to a former employer (including the obligation to return all company property and trade secret information, wherever it may reside).
Given the ease of copying/transferring files enabled by today's technology, some companies are starting to implement policies that strictly limit the use of personal devices (including personal email, smartphones and external storage devices) to conduct company business. For those companies that permit employees to use personal devices for company business, BYOD (bring your own device) policies are necessary to ensure the protection of company IP that becomes intermingled with personal files/devices.
To claim IP protection, the law requires that companies implement reasonable measures to ensure the secrecy of their trade secret data. In addition to strict NDAs, implementing password security measures, limiting access to confidential files on a need-to-know basis, and following physical security measures (visitor sign-in sheets, secure room for storing confidential files, etc.) are advisable procedures.
Just as companies routinely train their employees on their discrimination and harassment policies, so should companies continuously train their employees on the importance of protecting intellectual property. Employees often struggle to determine what information is actually confidential vs. information that is considered general knowledge and skills (which they are free to use after they leave). Training, therefore, should aim to help the employees identify the company's core intellectual property (i.e., a secret manufacturing process, an innovative pricing methodology, a detailed prospect list, etc.).
Sign up for Computerworld eNewsletters.