This article was originally published in the Orange County Business Journal "General Counsel" supplement in October 2017. The article has been reprinted below with permission.

In today’s business environment, greater employee mobility and technological advances underscore the need to protect a company’s confidential information and trade secrets. Stories of employees departing with confidential information or trade secrets and using that information when they join competitors are commonplace. The FBI recently estimated that trade secret theft costs American businesses over $13 billion per year. Although companies cannot prevent all such losses, the use of a strong, enforceable confidentiality agreement can be very effective.

Purpose of Confidentiality Agreements

A well-crafted confidentiality agreement can help protect a company’s proprietary information and trade secrets by documenting in writing that employees cannot use confidential information or trade secrets outside of work. Employees often do not understand what type of company information they cannot use outside of work. Confidentiality agreements solve this riddle by clarifying the scope of restrictions. Most importantly, confidentiality agreements clarify to departing employees the precise information they are prohibited from using after they leave their employment.

Necessary for Any Trade Secrets Claim

If a company ever intends to file a claim under the California Uniform Trade Secrets Act, implementing a confidentiality agreement is critical. Under the CUTSA (and similar statutes in other states), a company seeking to protect its trade secrets must engage in reasonable steps to maintain the secrecy of the information. Pointing to the existence of a confidentiality agreement helps show reasonable steps were taken. This is precisely what Move, Inc. alleged in its $2 billion trade secrets lawsuit against Zillow, Inc. In that case, Move alleged its former executives absconded to Zillow with Move’s trade secrets, which Zillow then used to inform its acquisition of Trulia, one of Move’s competitors. Published reports indicate the matter settled for a staggering $130 million in June 2016, which demonstrates the value of implementing a solid confidentiality agreement, and the cost of breaching one.

Companies Should Define the Types of Confidential Information Protected

Companies should define confidential information or trade secrets with specificity in their confidentiality agreements. A well-defined agreement helps employees understand precisely what information they are prohibited from using after departure from the company. It is helpful to list items that shall remain confidential that are specific to the business. For example, one should consider listing the categories of information that are protected, such as customer names, contact information, sales history and pricing. It should be clear that any use or disclosure of confidential information during employment for any purpose other than employment is prohibited. It should also be clear that employees are to return the information in whatever form, whether in hard copy or digital format.

Policies Should Address Information On Personal Electronic Devices

Today, it is common for employees to use their personal electronic devices for business purposes. Companies should consider having a separate policy that addresses such situations, often referred to as a “Bring Your Own Device” or “BYOD” policy. A well-crafted BYOD policy protects confidential information and trade secrets. Even if a company does not implement a separate BYOD policy, its confidentiality agreement should cover company-related information wherever it resides, including on an employee’s personal electronic device. This is becoming even more critical as companies and their employees use social media to share company information. Thus, companies should craft confidentiality agreements to protect company information used on any social media platform.

Don’t Include Unenforceable Provisions

Most companies know that post-departure non-compete provisions in agreements with employees are unenforceable in California except in limited circumstances. But fewer companies understand that blanket prohibitions against customer solicitation after departure are also unenforceable. However, California courts may enforce an agreement prohibiting an employee from utilizing trade secrets to solicit customers after departure. If companies want to prevent former employees from soliciting customers, they must carefully craft non-solicitation provisions to clearly only prohibit soliciting customers using trade secrets. Otherwise, the non-solicitation provision may be unenforceable.

Challenges to Overbroad Agreements Are On The Rise

A novel argument some litigants are raising is that an overbroad definition of confidential information effectively amounts to an unlawful non-compete agreement, or unfairly restricts an employee’s right to engage in protected activity. For example, in John Doe v. Google, Inc., No. CGC-16-556034 (Cal. Super. Ct. Dec. 20, 2016), which is pending in San Francisco County Superior Court, a former Google employee filed a lawsuit under the California Private Attorneys General Act (“PAGA”) alleging that Google’s confidentiality policies prohibit employees from disclosing unlawful activity to regulators or law enforcement, and unlawfully restrain an employee’s right to work after leaving Google, because they are prohibited from disclosing information regarding their wages or the work they performed at Google. While the case is still in the early stages, it appears to be part of a growing trend of legal challenges to potentially overbroad confidentiality agreements.

DTSA and Other Carve-Outs

The new federal Defend Trade Secrets Act requires particular language in employee confidentiality agreements that governs the use of a trade secret or other confidential information. In addition, government agencies have adopted rules restricting companies from the use of confidentiality agreements in a manner that prevents protected disclosure or activity. For example, the Securities and Exchange Commission has pursued enforcement actions against public companies for use of confidentiality agreements that it claims violate federal securities law by impeding an individual from communicating with the SEC about possible securities laws violations. Other agencies have adopted similar rules addressing overbroad confidentiality provisions, including the Occupational Safety and Health Administration, Equal Employment Opportunity Commission, and National Labor Relations Board. Companies should consider including a carve-out in their confidentiality agreements permitting disclosures that are required by these agencies’ rules.

Make Sure You Are Protected

If companies want to protect their confidential information and trade secrets, they should implement and enforce confidentiality agreements. But companies must carefully review those agreements to ensure they are up to date, do not contain any illegal provisions, and contain the necessary carve-outs to ensure enforceability. Because so much is at stake, companies should consult experienced legal counsel to review existing policies or to craft new policies.