Companies are increasingly being pressured to defend their data protection programs and make trade secret protection a top priority. This pressure arises from many sources, including, reports of corporate espionage by foreign governments, employees’ increased use of smart phones, tablets and external storage devices, and studies showing that a large percentage of departing employees take confidential company information with them when they leave a company’s employ. As a result, companies must evaluate whether their approach to protecting trade secrets is keeping pace with technological advances and whether they have established internal best practices. So what are some of those best practices? Here are just a few of the recommendations:
- Conduct a Data Protection Audit
Determine what information is confidential or trade secret, who has access to such information, and where it is stored.
- Deploy Security Measures And Policies
Use physical and electronic security measures such as access controls for the building and areas within the building, locked doors and cabinets, password protected files or encryption, ID badges for employees, restricting the location/time/and access to such information, and labeling documents as confidential and trade secret.
- Use Appropriate Contractual Protections
Include confidentiality clauses in employment agreements for those employees who will have access to confidential and trade secret information, and use a non-disclosure agreement with employees or any third parties given access to confidential data is critical for protecting confidential information and trade secrets.
- Implement Clear, Enforceable Policies Relating To Authorized Use Of Company Property
Implement an electronic use policy that alerts employees that computers are company property and remind them that the company reserves the right to monitor employees’ emails, internet, and computer use (i.e., that the employee has no expectation of privacy).
- Implement Procedures For Departing Employees
Conduct exit interviews, eliminate access to computer systems, require return of all company documents and information, and request acknowledgment that employee has complied.