Best Practices for Protecting Confidential Information and Trade Secrets

Protection of confidential corporate information is essential to a company’s capacity to develop products, provide services, and gain economic advantages. Those who wrongfully acquire, misuse, or disclose confidential company information can cause significant damage by impairing or destroying the value of the information.

Overview of Trade Secrets and Confidential Information

Trade secrets and confidential information both are types of information that are kept secret and are valuable in part because they are not known by others. The key distinction between trade secrets and other sorts of confidential information is that trade secrets enjoy greater legal protections. Information only becomes a trade secret if it meets specific criteria established by either statutory law or common law.

The Uniform Trade Secret Act ("UTSA") defines a trade secret as information, such as a formula, pattern, compilation, program device, method, technique, or process, that is both:

Valuable because of secrecy. It is or potentially could be economically valuable at least in part because it is not known by others, or able to be discerned by others, who otherwise could benefit economically from using or disclosing it.

Protected by efforts to maintain secrecy. It is protected by reasonable efforts to maintain its secrecy from others.

By way of example, trade secret protection has been recognized in a various states for:

 ?         Marketing plans.

?         Commercial drawings.

?         Recipes (such as chocolate chip cookies and pizza dough).

?         Sales data.

?         Manufacturing processes.

?         Chemical formulae (such as insecticides and inks).

?         Detailed information about customers.

Best Practices for Protecting Confidential Information and Trade Secrets

Employers should take the following steps to protect confidential and trade secret information:

1. Limit disclosure to those who need to know. Keep the disclosure of confidential information and trade secrets limited to a discrete group of individuals who need the information to perform their jobs or for other legitimate business functions. Remind employees at meetings or events where confidential information will be disclosed that the information is confidential and that they have a duty to maintain confidentiality.

2. Use appropriate contractual protections. For example:

• use confidentiality agreements and, for confidentiality agreements outside the employment relationship;
• use confidentiality policies with employees that remind employees of their duties to preserve confidentiality;
• ensure that confidentiality agreements and policies comply with the Defend Trade Secret Act notice requirements; and
• use non-compete agreements where permitted by state law.

3. Establish appropriate security measures. For example:

• be consistent in marking documents or materials as confidential or trade secret, as needed, but do not mark materials that are not truly trade secrets or confidential, and do not fail to designate material the company wishes to protect;
• keep sensitive information physically guarded, for example by maintaining single entry into the building, using security personnel, creating sign-in and sign-out procedures, installing security cameras, posting signs limiting general access to areas where sensitive information is stored, and using electronic access controls;
• place strict limits and rules prohibiting employees from removing information from the employer’s premises;
• develop procedures for employee use of company laptops offsite;
• password-protect trade secret and confidential material that is stored electronically, and ensure that only authorized individuals with a need to know the information have access to these passwords;
• set up sufficient firewalls, encryption, anti-hacker initiatives, anti-virus software, and other technical protections;
• disable USB ports or other portable devices or drives on company computers;
• maintain non-electrically stored items in locked cabinets or other secure areas;
• place strict limits and rules on sharing confidential documents with clients, vendors, or other third parties; and
• create rules for visitors, such as requiring that they sign acknowledgments prohibiting disclosure of information viewed or accessed during a visit, preventing them from bringing recording devices (such as cameras, cell phones, PDAs, and USB drives) into restricted areas, and requiring that they be accompanied by employees while in locations where sensitive information might become known.

4. Train employees. Train employees on the importance of confidentiality and define the universe of information that must be protected. As part of that training:

• ask employees to sign documents acknowledging receipt and understanding of confidentiality policies and training; and
• remind employees of their obligations with respect to taking confidential or trade secret information off of the premises and using company laptops remotely.

5. Implement appropriate departing employee procedures. Adopt a departing employee procedure aimed at minimizing risk of misappropriation. For example:

• provide departing employees with copies of any confidentiality agreement they signed during their employment and the company’s policy on confidential information and trade secrets;
• remind departing employees of their continuing obligations to keep information confidential and ask departing employees to sign an acknowledgement of their continuing obligations;
• arrange exit interviews to determine where the employee will be working subsequently and if the employee may be engaging in competitive activity in the future;
• shut off the employee’s access to computer files and other information technology systems immediately on termination;
• review the departing employee’s computer activity, hard drives, email, voicemail, and other communication records for the period before the employee’s termination if there is a high risk of misappropriation;
• ensure that the departing employee surrenders all company documents, files, and other material (including electronic documents) and signs an acknowledgement of having done so;
• ensure that the departing employee returns all company access cards, PDAs, and other electronic devices; and
• change electronic passwords as needed.

6. Ensure that confidential information does not appear in promotional or other public material. Exclude any confidential information and trade secrets from publications, marketing materials, websites, social media, advertisements, and interviews.

7. Adopt a plan for a prompt response to inadvertent disclosure of trade secrets. For example:

• work with information technology professionals to develop a protocol to limit the spread of disclosed information;
• update the protocol as the company’s technology changes;
• ensure that new hires are trained on this protocol;
• remind employees and third parties of the need to maintain confidentiality; and
• adopt a protocol for contacting the individuals to whom inadvertent disclosure was made to alert them of the error, ask them to return or destroy the information, and ask them to sign acknowledgements that they have done so, if appropriate.

The steps and procedures outlined in this article are great starting points for employers to consider in the protection of their company's confidential information.

If you or your company have questions with respect to trade secret protection or otherwise protecting your company's confidential information, feel free to contact me.

About the Author: Matt Jones is an expert in legal issues facing entrepreneurs, startups, growth companies, and private equity firms. He advises businesses all over the United States, most notably in Silicon Valley, New York City, Oklahoma City, Denver, Dallas, and Washington D.C. Matt is the founder and managing director of Verge Law Group, P.C. (vergelaw.com). His personal website is mattjoneslaw.com.