Businesses face increasing threats to valuable trade secrets and other critical business information. To combat those threats, we believe companies should invest in a strong trade secret protection system. This includes development of appropriate policies, procedures, and smart enforcement strategies to help prevent company data theft or disclosure before it happens.
Therefore, to help you start thinking about how to establish a trade secret protection system, we bring you the first installment of a new ten-part series of posts on steps companies can take now to prevent trade secret theft or other disclosure of sensitive company data.
So, let’s get started. The first step employers can take to prevent employee theft or improper disclosure of company data is to make sure relevant employee policies are current and up-to-date. Why does this step matter? Well, for one thing, outdated policies fail to protect your business and they can really backfire.
For example, in Stengart v. Loving Care Agency, Inc., 990 A.2d 650 (N.J. 2010), during the course of litigation with a former employee, a company hired a forensic vendor to obtain all data stored on a company laptop used by that employee. During her employment, the former employee had used her company computer to access a personal, password-protected email account through which she exchanged emails with her attorney. The forensic image captured those personal emails and the company and its attorneys wanted to use those emails in the defense of the lawsuit. Unfortunately, the company’s electronic use policy was found lacking. The company’s policy stated that no emails were considered private or personal, and relayed that the company had the right to review, access, and disclose all matters on the company’s system. Regardless, the court found the company’s policy was too vague to put the employee on notice that a personal email account exchanging attorney-client privileged communications could be accessed and read (as compared to a work email). As a result, the emails had to be returned, could not be used in the litigation and the court contemplated awarding sanctions against the company and its lawyers for failing to return the attorney-client privileged communications. The result may have been different had the computer use policy placed the employee on notice that those emails might be accessed and read, and that she should have no expectation of privacy in any communications exchanged via that work computer.
So if you are taking a look at the status of your company policies, which ones should you update? Key policies to be updated include electronic monitoring policies, IT acceptable use policies, and other policies that address the use of email, internet, and social media, mobile devices (including “bring your own device” policies), confidentiality and trade secret protection policies, and a policy that addresses removable media, such as flash drives.
Lastly, to make sure your policies don’t get become antiquated due to changes in technology, we recommend that you review your policies from time to time (typically annually).
This may not be rocket science, but having the foundation of up-to-date, comprehensive trade secret protection policies is an essential first step.