Companies are permitting (or requiring) employees to work remotely right now in response to COVID-19 concerns. This decision, calculated to minimize certain risks, presents new and wide-ranging concerns for the protection of trade secrets. In this “temporary” working remotely environment, employees will have considerable opportunity to access, download, or store sensitive information from company systems and databases. Have you vetted these circumstances or otherwise addressed their use? Think – home printers? Cell phones? Tablets? Personal email accounts? Working in public places such as libraries and coffee shops? Companies may also be inclined to relax otherwise well thought out document management rules or allow for workarounds from the usual security measures in the interest of business continuity. In such an environment, employees may make assumptions that they have wider latitude to email, copy, send, print, or download information, given the circumstances. Compounding these insider risks are a series of unknowns, such as whether your employees’ home networks have security anywhere near on par with in-office network security that could allow outsiders to intrude or access data.
Trade secret litigation has grown exponentially in the United States, in part due to the passage of the Defend Trade Secrets Act (18 U.S.C. § 1836, et seq.) in 2016, and in response to the incredible value embodied in companies’ customer lists, knowhow, processes, formulas, business strategies, salary structures, and numerous other forms of intellectual property. If information is valuable, kept secret, and derives value from its secrecy, then it can be a protectable trade secret — as long as the company puts in place reasonable measures to maintain the secrecy.
Whether your company has a sophisticated trade secret protection plan in place or not, the current work environment will stress policies and procedures. Employees pose the biggest threat to securing a company’s valuable IP, and several remote-working concerns raise long-term policy questions to be addressed over time. But, the action items can’t all wait until a calmer moment. Consider the following immediate steps as your company reacts to recent events.
1. Communicate current obligations and requirements in the remote working environment
If you have a robust work-from-home policy, review it now with a specific focus on maintaining your company’s most valuable secrets. If you do not have such a policy, implement something immediately, even if it is temporary. Set clear expectations on what information the business considers to be confidential or trade secrets and what particular steps employees are required to follow when using or accessing that information. Not only does it make business sense to keep employees on notice of company policies and procedures, but federal case law under the DTSA has made clear that employees can only be held to trade secret obligations where they are specific and clear, such that employees are “on notice” of the trade secrets.