Trade secrets are being stolen from U.S. companies at an astonishing rate, and the greatest threat is coming from corporate insiders. According to a survey released by Mountain View, Calif.-based Symantec Corp., a national leader in the data-protection business, more than 50% of departing employees carry their employers’ business information with them when they leave. That’s a remarkable rate, and a statement issued earlier this year by the Obama administration reports that the pace of these thefts is increasing. The administration also correctly points out that such theft “threatens American businesses, undermines national security and places the security of the U.S. economy in jeopardy.”
Unfortunately in North Carolina, where manufacturing plants, technology companies, medical centers and research institutes help power the national economy, many businesses are not doing enough to protect their valuable information. Corporate officers and directors must change that. They have a fiduciary responsibility to act in their companies’ best interests. This includes ensuring that business information is protected from corporate insiders who could use it to gain an unfair advantage over competitors.
What is a trade secret?
The first step toward better protecting trade secrets requires that business leaders understand what a trade secret is. Trade secrets are the “secret sauce” that distinguishes one company from another, and any business that believes it has an advantage over its competitors most likely owns information that is a trade secret. The U.S. Commerce Department affirmed this last year when it stated, “Innovation has a positive pervasive effect on the entire economy, and its benefits flow both upstream and downstream to every sector of the U.S. economy. Intellectual property is not just the final product of workers and companies — every job, in some way, produces, supplies, consumes or relies on innovation, creativity and commercial distinctiveness.”
Trade secrets can include, but are not limited to, manufacturing processes, formulas, marketing and business strategies, customer lists, training programs, search algorithms and recipes. The information can be a trade secret as long as it is of a business or technical nature and derives value from not being generally known. North Carolina, like most jurisdictions, also requires that the information cannot be readily ascertainable by independent development or reverse engineering.
Finally, the owner of a trade secret must take steps to protect its confidentiality. Otherwise, it is not likely to be a secret.
Know your trade secrets
The second step is for business leaders to develop a better understanding of their companies’ trade secrets. Company officials must examine their operations from top to bottom, documenting valuable information. As part of the trade-secret audit, companies must determine who has access to the information, where records relating to it are stored and what the historic costs of developing it are. If an employee leaves and is believed to have taken company information, these audits place the company in a much better position to ask the courts to step in. In recent years, North Carolina courts have dismissed a significant number of lawsuits because plaintiffs — those hoping to protect their trade secrets — were unable to describe what their alleged trade secrets actually were. Audits will prevent this.
Culture of confidentiality
After conducting an audit, business leaders must take a third step: create a culture of confidentiality. They can do this by instituting the following measures:
Confidentiality agreements — New employees who are likely to have access to trade secrets should be required to acknowledge — in writing — that they will be entrusted with such information and that they will safeguard it. This makes clear, at the beginning of the relationship, that confidentiality is something the company takes seriously.
Covenants not to compete and nonsolicitation agreements — These agreements are often combined with confidentiality agreements, but they provide additional protections to the employer. After all, what better way to ensure that an ex-employee does not use sensitive information against a former employer than preventing them from working in the same industry for some period of time and cutting off contact with former customers? Employers seeking to use such agreements must be careful. North Carolina law requires that covenants not to compete and nonsolicitation agreements be entered at the beginning of the employment relationship or as part of a change in duties or compensation. They also
must be used to protect legitimate business interests. Courts routinely hold that the protection of trade secrets qualifies as a legitimate business interest.
Training programs — Eighteenth-century English writer Samuel Johnson said, “People need to be reminded more often than they need to be instructed.” When it comes to trade secrets, regular instructions and directives from the front office serve to keep the need for confidentiality in the forefront of employees’ minds.
Computer and physical security — Atlanta-based The Coca-Cola Co. does not leave its secret soft-drink formula on a table in the break room. Instead, it is locked in a place that few people have access to. Companies should take similar measures when it comes to their secret information that competitors would love to have for themselves. Records should be segregated, and computer
files should be restricted to only those with a need for them. Someone in human resources, for
example, should not be able to access files that contain information regarding valuable manufacturing processes. Along these lines, companies should consider implementing computer-security measures that notify management when certain employees attach external devices to their computers or download or upload information. The number of recently filed lawsuits in which an employee, shortly before quitting, uploaded thousands of files to cloud storage or copied them to a flash drive is remarkable.
BYOD policies — Work demands more of employees’ time, so in an effort to provide the best service possible, employees frequently access work email through a web service on their personal device, or they forward work emails to a personal account. “Bring Your Own Device” policies are born from the reality that more employees are conducting business on their personal devices. An employee losing his or her device, however, is a recipe for disaster. Additionally, when employees leave, company information on their phones go with them. Companies should therefore either prohibit employees from
using personal devices for business purposes or mandate that employees submit to certain security measures such as password protection on the device and occasional audits of the device. Violations of these policies can be grounds for termination.
Exit interviews — When an employee who regularly had access to trade-secret information leaves, companies must take time to meet with that employee to remind him of his obligations to safeguard such information, including the duty to honor any confidentiality agreement and covenant not to compete that he signed. Companies must demand the immediate return of all their property, including not only company-issued phones, laptops and other equipment, but work notes and other documents.
The threat against trade secrets is real, and it is growing. Corporate officers and directors who have worked hard to make their companies successful cannot stand by and do nothing about the danger. They must take steps now to reduce the threat. Their companies’ long-term success and the country’s economy depend on it.
Josh Durham, formerly with Poyner Spruill, was the original author of this article.