Today is the third installment of our series on actions that employers can take to prevent employee theft or improper disclosure of company data and focuses on creating a “culture of confidentiality.” This means going beyond the written word and establishing a workplace culture that treats confidential information like it is actually confidential and will help prevent inadvertent disclosures, as well as deter intentional ones. A culture of confidentiality is also important when seeking to support a claim for trade secret misappropriation. Where an employer cannot show that it took reasonable steps to maintain the secrecy of its information, it may not be able to establish a claim for misappropriation. For example, in Alpine Glass v. Adams, 2002 Minn. App. LEXIS 1392 (Minn. Ct. App. 2002), an employer failed to provide employees a written policy prohibiting them from taking home confidential information and the company did not appropriately limit dissemination of confidential information. The court, noting that “an employer may not merely intend that materials be confidential,” failed to find that the employer undertook any effort to keep its information confidential. As a result, the employer did not have a protectable interest in its training materials or customer information.
The first part of establishing a culture of confidentiality is to “talk the talk.” This means training employees and managers on how to protect confidential information and why it matters by explaining and giving examples of confidential and trade secret information. Additionally, an employer should establish “dos and don’ts” regarding data security, focusing on both intentional and inadvertent disclosures as well as appropriate and inappropriate use. Employers should also warn employees of the consequences of disclosure, which may include discipline, termination, and legal action. Note that legal action can include criminal prosecution in addition to civil remedies, as in the case of a staff engineer at a medical technology company who was charged with claims under the Economic Espionage Act after allegedly downloading 8,000 files containing trade secret and other proprietary information. The employee was allegedly planning to leave the country with the information. U.S. v. Maniar, No. 2:13-mj-06085 (D.N.J.) (criminal complaint filed June 4, 2013).
The second part of establishing a culture of confidentiality is to “walk the walk.” This means consistently treating confidential information like it is confidential. An employer can waive its protectable interest by placing information in the public domain. For either physical or virtual files, employers should place these files in secure locations. Employers should also ensure that only the employees who need access have access. You may also consider employing other security features from encryption to simple steps such as requiring employees to log out when they step away from their computers. Labels and watermarks reading “CONFIDENTIAL” or “TRADE SECRET” should also be used to identify protected information. Finally, employers should provide confidentiality training sessions to employees with access to protected material as a refresher on their confidentiality obligations and the importance of protecting the company’s protected material. The employer should also give employees periodic reminders regarding their confidentiality obligations, which the employees are then required to acknowledge in writing. Ultimately, these steps will help an employer demonstrate in court that it has taken active steps to protect confidential information.