On February 27, 2014, we kicked off our new “Practical Perspectives” seminar series. Teresa M. Thompson, chair of our Trade Secrets and Non-Competes Groups, moderated a panel presentation titled ”Trade Secret Theft from Prevention to Enforcement.” Panelists included:
-
Timothy C. Rank, Assistant U.S. Attorney, U.S. Department of Justice
-
Tamara L. White, Supervisory Special Agent - Minneapolis Counterintelligence Program, Federal Bureau of Investigations
-
Sten-Erik Hoidal, Attorney, Fredrikson & Byron, P.A.
-
Timothy M. O’Shea, Attorney, Fredrikson & Byron, P.A.
The following are key takeaways and practical perspectives shared by the panel.
TRADE SECRET THEFT – A SIGNIFICANT PROBLEM
The ability to innovate and protect intellectual property drives business growth, development and investment. However, businesses face increasing threats to their valuable trade secrets and other critical business information. Recent estimates suggest that trade secret theft costs U.S. businesses billions of dollars each year. Panelists noted that the problem is exacerbated by the following common business practices and employee perceptions.
-
Business data is stored everywhere, including on employees’ home computers and mobile devices. As a result, the potential for critical business information to walk out the door with an employee is high.
-
Most employees think that storing proprietary business information on personal devices is an acceptable way of doing business.
-
Most IT professionals acknowledge that they do not know what data leaves their company on a daily basis.
COMPANIES SHOULD CONDUCT A DATA PROTECTION AUDIT NOW
The starting place for any successful data protection program is to determine what company information is confidential or a trade secret, who has access to that information and where that information is stored. A civil or criminal action alleging misappropriation of proprietary information must identify with particularity the proprietary information that was taken wrongfully.
Too many companies share information broadly with employees labeling everything as “confidential.” While an open system may facilitate communication and spur creativity, it can have a disastrous effect on a company’s ability to protect their intellectual property down the road. Take the important first step of clearly identifying true trade secrets and other confidential information and be careful to restrict and keep track of who has access to that information.
BEST PRACTICES FOR DATA PROTECTION
Recent trade secret cases demonstrate that a simple trade secret policy or nondisclosure agreement with employees may not be enough. Companies should (1) take proactive steps to secure trade secrets and confidential information against theft and (2) take clear and consistent action to protect and recover data from departing employees. Read our summary of Best Practices for Data Protection.
Panelists highlighted these steps to protect data from employee theft:
-
Create a “culture of protection” by training employees on the importance of confidentiality, clearly defining what that information entails, and addressing how such information must be handled.
-
Use clear, non-ambiguous policies for recovering any and all company property and information from departing employees. Consider limiting access to company information, systems and equipment immediately upon receiving an employee’s notice of departure.
-
Set specific deadlines for return of company information stored on personal devices. Note that words like “promptly” may not be specific enough.
-
Remember that data protection policies should also address the employee intake process. Take steps to avoid potential claims from former employers for theft of their trade secrets. Read our summary (see page 2). A strong process can protect you from claims when employees you hire engage in wrongdoing.
NEED TO EVALUATE AND UPDATE PROTECTIONS IS ONGOING
Good data protection is not a once-then-done process. Panelists recommended the following:
-
Periodically review your practices to ensure that only confidential and trade secret information is being treated as such, that only those employees with a need to know have access to the information, and that the information is secure.
-
Electronic policies (banners) alerting employees to authorized uses of company computers and systems should be updated as new best practices emerge. For example, revising banner language can help companies avail themselves of emerging best practices under the Computer Fraud & Abuse Act.
BENEFITS OF AND BEST PRACTICES FOR WORKING WITH LAW ENFORCEMENT
Panelists stressed the value of having a good working relationship with law enforcement, such as the U.S. Department of Justice and the Federal Bureau of Investigation. The first call to law enforcement should not wait until a company experiences a theft. Rather, companies should establish connections and build relationships now. Panelists also noted that:
-
Companies should contact law enforcement at their first suspicion of theft and not wait until after their civil actions against a former employee have stalled.
-
Federal law enforcement agencies have tools that may quickly resolve an issue before a company experiences any damage. Such tools include the power of law enforcement to “knock and talk” to a suspect and access information through international treaties.
-
The DOJ has developed this this guide for reporting an intellectual property crime. (A checklist for reporting a crime can be found beginning on page 15.)
DOJ AND FBI MAKE ECONOMIC ESPIONAGE A PRIORITY
Intellectual property protection is a high priority for both the DOJ and the FBI, and they have prepared information and training tools to help companies safeguard their trade secrets, proprietary information and research. Panelists shared these key resources:
-
The DOJ and FBI produced this guide to safeguard company trade secrets. The guide notes common theft tactics and insider threats that can help companies stay alert to possible internal and external threats.
-
Business professionals traveling abroad should take precautions to ensure the safety and security of business information. This guide provides specific recommendations for doing so.
For more information, please contact Teresa M. Thompson, Sten-Erik Hoidal or Timothy M. O’Shea.