Protecting Your Information Assets – Part II

more+
less-
more+
less-

Part II:  Taking Additional Precautions

In my last installment, I addressed the importance of an employment agreement or confidentiality agreement as an essential component of a strategy to protect the information assets of a business.  However, a business cannot stop there: proper protection of information assets involves not only implementing certain contractual restrictions with your employees, but also taking a hard look at the practical realities of how to best protect the information from disclosure or misuse in the ordinary course of business.

Put differently, it is essential that the employer whose business depends upon confidential information or trade secrets take steps to preserve the confidentiality of these valuable assets by implementing certain procedures to be used in everyday business transactions.  An employer should begin by noting that a vast array of information can be considered confidential and warrant protection.  Thus, you should reconsider all of your assets in light of their potential competitive value.  For example, pricing information, the names of suppliers, and the relative abilities of key employees may warrant protection along with more common trade secrets such as formulas, ingredients lists and designs.  Once you determine the aspects of your business that should be protected, the following steps should be considered to minimize the danger presented by unscrupulous employees and competitors.

  • Limit access to trade secrets and confidential information.  Access should be given to persons on a need-to-know basis only.  Documents should be kept in a locked filing cabinet or other secure place.  Access to computer databases should be restricted through use of an appropriate security software program.  Consider blocking inadvertent disclosure through metadata attached to electronic documents.
  • Emphasize the importance of your information assets and the need to maintain confidentiality.  Employees should be made aware of the company’s practices that are intended to maintain the confidentiality of its trade secrets and confidential information.  Periodically remind employees of the procedures to be used concerning the dissemination of this information.  In addition, as the nature of the confidential information and trade secrets change, the employees should be made aware of these changes in both the information that the company seeks to protect as well as any related security protocol to combat the inadvertent disclosure.
  • Maintain access logs.  A log or record should be kept of those persons in the company who have access to its confidential information or trade secrets.  Rules regarding check-in and check-out procedures should be established and enforced.
  • Limit access to the company’s copy machine.  For obvious reasons, a copy machine is a thief’s best friend.  Key codes and office devices which restrict a person’s ability to use the machine are good ways to limit unauthorized copying.  At a minimum, consider moving the machine to common areas to deter potential piracy.
  • Conceal confidential components.  Key ingredients or supplies that are essential to your business should be kept under lock and key.  Assuming these ingredients do not represent a danger to human health, you may want to keep these items in containers which are marked by code names only.  This process should begin with the supplier prior to delivery.
  • Use contractual safeguards with third parties.  Contractual safeguards should be employed in protecting trade secrets and confidential information disclosed to third parties such as your company’s suppliers, customers and independent contractors.
  • Perform a security check.  In addition to security guards and burglar alarms, the company should limit visitor access.  Visitors should be escorted and wear tags identifying them as visitors.  Further, visitors should not be given access to trade secrets or confidential information without appropriate contractual safeguards.
  • Clearly identify all protected documents as “confidential.”  Files, drawings and other items which are integral parts of your confidential information or trade secrets should be labeled plainly.  Email should include an automatic signature restricting use to the intended recipient.
  • Identify likely candidates for piracy.  The vast majority of incidents constituting unfair competition begin with disgruntled employees seeking to better their position.  Ensuring that key employees have appropriate benefits and wages may eliminate their motivation to contact a competitor or create a competitive business.  Interactive performance reviews are a good way to measure the morale of your key employees.
  • Conduct exit interviews.  Upon termination of any employee, it is useful to hold an exit interview.  The exit interview serves two purposes: first, it will serve to remind the employee of his or her obligations as set forth in the employment agreement and/or confidentiality agreement, as well as underscore the importance of these obligations; second, it will give you an early opportunity to investigate any activities the employee may have undertaken which might have breached these contractual obligations or otherwise be considered unfair competition.  The employment/confidentiality agreement itself can serve as a guide to the questions to be posed by the interviewer.  Example questions include: “Did you return your notes, drafts, laptop and cell phone?”, “Have you been contacted by any competitor?” and “What are your plans for future employment?”

Although no procedure can absolutely prevent the theft of valuable information, a program for preserving the confidentiality of your assets may greatly reduce the risk of these assets being stolen.  Further, should unlawful competition begin, the above steps can provide the tools necessary to assist your legal counsel in stopping it before any serious damage is inflicted upon your business.