Companies that rely upon trade secret information must remain diligent with their rights at all time – one inadvertent disclosure could, in theory, kill trade secret protection. As such, companies will need to adapt and revamp their security measures to account for the mass adoption of teleworking in response to the COVID-19 pandemic. The Uniform Trade Secrets Act[1] protects certain information that “[i]s the subject of efforts that are reasonable under the circumstances to maintain its secrecy.” Unfortunately, the applicable statutes do not offer guidance on pandemics, and Courts have not yet had the opportunity to weigh in on what is considered reasonable under these circumstances. Nevertheless, although there is no “one size fits all” approach to protecting trade secrets, here are some practical and simple solutions that may help limit exposure and demonstrate reasonable measures to protect information under the current circumstances:
1. Non-disclosure and confidentiality agreements remain key. It is more important now than ever to clearly delineate how trade secret information will be protected at the front end of a relationship. Trade secret cases often turn on the existence of written confidentiality agreements. COVID-19 is not going to change this. But, it is clear that many companies are making broader and faster concessions to secure work than they otherwise may have in the past. Companies cannot overlook the important protections afforded by simple confidentiality agreements and the confidentiality clauses in contracts.
2. Security measures need to be maintained and/or adapted. As always, access to trade secret information should be limited to those on a need to know basis. Companies often limit access to certain network drives or physical files containing sensitive information. But, this may become difficult to monitor when the majority of employees are working remotely.
Policies should be written, and instructions should be given on how employees are to secure information they access from home. In more sophisticated companies, this may be provided in a specified telework agreement; others may rely on published policies and e-mails that specify how this information should be accessed and used. Common examples of security measures include prohibiting the viewing of information on non-work computers; requiring employees use secured internet connections, such as password protected WiFi and LAN lines to access information on the company network; limiting what documents can be viewed or printed in physical form (and by whom); and instructing employees on how to safeguard information in their possession. Beyond the initial access point, information sent to others should ideally be encrypted and password protected, and companies should continue to monitor the network to ensure that only authorized users have access.
Even if employees are teleworking, closed offices remain a security concern. Lawful access to the office may be prohibited, but that will not stop a determined thief. Traditional security measures (locks, alarms, etc.) should continue to be used to secure offices and access to data.
3. Important information should be marked appropriately. Appropriately designating documents as having confidential or proprietary information is one of the simplest measures a company can take to put both its own employees and all third parties (vendors, customers, etc.) on notice of what the company deems protectable confidential information. A good confidentiality agreement will not require information to be marked as “confidential” to invoke protection, but this does not negate the importance of this step. Likewise, merely marking a document as “Confidential” does not make it so; Companies still need to take other measures to affirmatively protect the information. Notices can be as simple as marking a page “Confidential and Proprietary” to an affirmative statement: “This Document contains confidential and proprietary information belonging to [Company]. This document and its contents shall not be used or disseminated in whole or in part without [Company]’s express written permission.”
4. Limit information provided in sales pitches. A delicate balance must be struck between securing work and securing your trade secrets. Defendants in trade secret litigation always look at sales pitches for leaks in trade secret information. While current conditions may prevent the all-disclosing trade show pitch (my favorite), an improperly trained sales staff is still likely to give away secrets from home. Companies should scrub their marketing materials or any confidential or proprietary information and train their sales staff on what not to say when pitching for work.
Even in this crisis, companies must continue to take measures today to protect their trade secrets for tomorrow. A failure to do so may cause the company to irreparably lose its rights. This article provides some simple, practical measures that can assist a company in safeguarding its rights during this crisis and beyond. But, circumstances are different for every company and for every trade secret (e.g., software, manufacturing processes, and chemical formulae are protected in different manners). As such, this article cannot take the place of specific advice from competent counsel.
********************************************************************************************************************
[1] The Uniform Trade Secrets Act has been adopted by over 47 states and the District of Columbia, and was adapted in creating the Federal Defend Trade Secrets Act.