Regardless of where one stands philosophically on the merits of working from a physical office where greater collegiality can be fostered, versus working from home where personal efficiency and convenience can be maximized, the fact is that most companies have some employees who work from home, and nearly all companies have employees who work remotely from time to time, especially with the use of tablets and smart phones. And, in this increasingly mobile world, employers must continuously review policies to protect their confidential business information.
Here are a few tips:
- Published policies help make it clear that the employer’s business information, regardless of where it is located, is confidential and should not be used or disclosed other than for purposes of performing work for the employer. State-of-the-art policies should now address Bring Your Own Device (BYOD) guidelines, use of social media, employee monitoring and protection of private data as was well as standard protection of trade secrets and confidential information. In a BOYD environment, the employer should emphasize that its business information does not lose protection just because it might reside on the employee’s device. Alternatively, certain categories of employees might be instructed to use only company-issued devices for work purposes.
- In addition to general policies, individual non-disclosure agreements addressing the permitted and prohibited use and disclosure of the employer’s business information should be considered for those employees who regularly work out of the office. Working remotely is a privilege which carries with it obligations and responsibilities for the employee which should be memorialized.
- Employees who work remotely often are provided VPN or similar access to files and data on the employer’s otherwise secure server. Protocols should be put in place to make sure that the access is secure and encrypted, if appropriate. Human Resources and in-house counsel need to team with the I.T. department on these issues. The employer should know if an employee is using a company-issued laptop or his or her own computer, or email, and monitor compliance. For example, an employee who regularly sends company files from her g-mail account should be warned about co-mingling work data and personal emails.
- Terminating employees who work from home should be handled with extra care, especially employees who work in another county. Last December, the Second Circuit Court of Appeals reversed the dismissal of a lawsuit for lack of jurisdiction by a MacDermid, Inc., a Connecticut company, against a former employee who worked from her home in Canada. After becoming aware of her pending termination, the employee allegedly accessed company servers in Connecticut and downloaded confidential and proprietary information to her personal email account. MacDermid, Inc. v. Deiter, 702 F.3d 725 (2nd Cir. 2012). The case suggests that in certain circumstances employers might cut off access before terminating an employee and, in most cases, should consider requiring the employee to make an account of company property and sign a document confirming that he has not retained any company data.
Whether or not an employer requires personal appearance in the office, it seems clear that employees will work remotely, at least time to time, and today’s mobile workforce makes protection of trade secrets and company data more challenging than ever.