Data Security in a Technological World

Data Security in a Technological World

Jun 3, 2014

The Uniform Trade Secrets Act, adopted by 47 states including Virginia, Maryland, and the District of Columbia, generally defines protectable trade secrets as information that derives independent economic value from not being generally known or readily ascertainable and that is subject to reasonable efforts to maintain its secrecy. In an age of electronic information storage and immediate communication, and in a world where flash drives, SnapChat and portable electronic devices are common, the business world’s increasing dependence on technology is challenged by the ease of downloading and absconding with essential business information. The Trade Secrets Acts provides a critical tool for avoiding this risk, but security requires careful and proactive monitoring and planning as well as hard-headed practical judgment.

RISKS

In the post-Edward-Snowden world, successful businesses risk trade secret theft from competitors, departing or dissatisfied employees or contractors, and pirating attacks from unrelated opportunists. Leaks can result from careless security efforts or inattention to detail.

TECHNOLOGICAL SAFEGUARDS

Increased security risk is sometimes a direct result of increased ease of functionality. Whether businesses own the electronic equipment employees use on the job, or allow employees to use their own, the employer must maintain control over the content downloaded or accessed through electronics such as cell phones, laptops, iPhones, iPads, flash drives and other devices (“Electronic Devices”). While the trend seems to be toward allowing employees to utilize their own Electronic Devices, employers who make this choice should take several steps to defend against accidental or intentional pirating. Not only must the employer have a strict policy about what may be downloaded, under what circumstances, and how it may be used and treated, but Confidentiality Agreements and Employee Manuals should include language permitting the employer to inspect their personnel’s Electronic Devices at any time to assure compliance with company security policy.

INTERNAL POLICIES

It goes without saying that no employee or contractor should be permitted access to trade secret materials unless and until they have signed binding prohibitions against disclosure (“Confidentiality Agreement”). However, breaches of security are not always the result of malicious acts. Sometimes overlooked in the crush of day-to-day business is the importance of educating contractors and employees on what is confidential, how confidential information should be treated and the importance of maintaining secrecy. Accordingly, orientation of new personnel should include not only the signing of a Confidentiality Agreement, but a clear explanation of what is expected and the consequences of breach. Similarly, the agenda of an exit interview should encompass return and inspection of company-owned Electronic Devices, inspection of the devices owned by the departing personnel, and a restatement of the continuing obligation of non-disclosure. The Employee Manual should also include robust language to this effect. In order to avoid the suggestion that trade secrets aren’t adequately protected, endorsement of your standard Confidentiality Agreement should be a condition of employment and this condition must be enforced.

LEGAL PROTECTIONS

Employees, especially but not limited to departing employees, pose the greatest risk to trade secrets and other intellectual property.

Policies The Employee Manual embodies company policy and is not an enforceable contract. Its purpose is to establish and clearly communicate performance expectations. Make sure the employee knows how to recognize confidential or trade secret material and knows how it is to be treated. Among the policies to be included is a provision permitting inspection of personal electronic devices that are used on the job. If Electronic Devices are issued by the company, personal use should be prohibited, inspection permitted and terms of use clearly stated.

Agreements Because the Employee Manual is not a contract, the employer’s remedies for violation will be limited. While the employee may face job status penalties upon violation, a Confidentiality Agreement can provide for specific contract remedies such as injunction and damages and provide for an award of attorneys’ fees. While such an agreement may be contained in an employment or independent contractor agreement, the better practice is a stand-alone agreement which can be separately enforced.

External Threats In the course of many proposed business transactions, critical business information may be disclosed to third parties. Whether contemplating the sale or acquisition of business assets or equity, entertaining the prospect of obtaining third party investment, or offering an equity interest to a business associate, the disclosure of sensitive material is unavoidable. Be sure that all such disclosure is subject to a strict, fully endorsed Non-Disclosure Agreement which includes a clear definition of the confidential information to be disclosed, an acknowledgment of your ownership, definitive instructions for the return or destruction of the confidential material and effective remedies upon breach. The agreement is only as strong as its contents.

SECURITY The expected first line of defense in any Trade Secret litigation – after “I didn’t take it” – is: “it wasn’t a trade secret.” Remember, by definition information that is not “the subject of efforts that are reasonable under the circumstances to maintain secrecy” does not fall within the definition of a Trade Secret under the Act. This does not mean that loosely protected information may not be protected under the terms of a Confidentiality Agreement, but it does mean that the powerful protections under the Act will likely be lost if the employer fails to adopt a reasonable security plan and vigilantly enforce its terms.

CONCLUSION By definition, Trade Secrets are valuable because they have commercial value and are unknown to competitors. Confidential Information of other sorts may be equally valuable. Whether they are recipes, data bases, computer programs or any other formulation upon which you rely, keeping them secure is a twenty-first century priority.