Social distancing, a term which few of us had heard of before this year (despite the fact that it has been used since at least the early 2000s), is stretching into its third month. Notwithstanding some loosening of shelter-in-place advisories, and the fact that some employers are starting to open up offices and invite their workforce back in, a majority of employees are still working from home. This has broad implications for protection of employers’ trade secrets and confidential information—in many cases, a company’s most precious asset.
Maintaining the confidentiality of trade secrets is mission critical. In fact, whether information can be deemed a trade secret deserving of protection under the law is dependent on the measures taken by its owner to protect it from disclosure. The Defend Trade Secrets Act, for example, defines a trade secret as information that “derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information”—but only if its owner has “taken reasonable measures to keep such information secret.” The Uniform Trade Secrets Act, a form of which has been adopted in every state except New York, contains a substantially identical definition of a trade secret. As a result, whether a plaintiff’s efforts to protect the secrecy of its trade secrets were reasonable is often a key issue (if not the key issue) in misappropriation litigation.
Against this backdrop, the previously unimaginable scope of remote working presents unique challenges for employers, as discussed on this blog at the start of the pandemic (see here and here, for starters). Where colleagues may have previously been able to gather in a conference room to discuss sensitive information, those meetings are now migrating to videoconferencing apps such as Zoom, Cisco WebEx, BlueJeans, and Microsoft Teams. While it is hardly new for opportunistic employees to find ways to purloin their employers’ trade secrets, this shift poses new challenges (even with employees who do not intend to misappropriate confidential information).
For example, in an in-person meeting, other participants would likely be able to see if an employee was surreptitiously taking notes or recording audio with a phone. And of course, participants in an in-person meeting are able to see everyone present. With videoconferencing, however, it is much easier for participants to engage in nefarious copying or recording (in fact, many videoconferencing platforms allow participants to record the meeting). Likewise, with a limited range of vision available, there may be eavesdroppers just off-screen. And, of course, we all have heard about “Zoombombing.”
So what’s an employer to do, in light of these challenges? It is often not reasonable or even possible to avoid discussion of a business’s trade secrets. And many employers will not feel comfortable mandating in-person meetings anytime soon, notwithstanding relaxed governmental restrictions. Here are some best practices for businesses to not only prevent misappropriation to begin with, but to put themselves in the best position possible in litigation, should a rogue employee (or Zoombombing stranger) misuse trade secrets:
- Carefully consider which conferencing platform provides the best security. There are numerous apps on the market to facilitate remote conferencing, but each has its unique benefits (and weaknesses). While ease of use may be an important factor to consider for standard meetings that do not including discussion of confidential or otherwise sensitive information, that factor must yield to superior security when a meeting is convened to discuss trade secrets. Oftentimes, apps or features within apps that have better security (such as encryption) are more expensive, and employers may be tempted to avoid additional costs given the current economic climate. But skimping on security would be penny wise and pound foolish, as losing the company’s trade secret protection would be disastrous.
- Some employees may eschew the company’s preferred (or even mandated) platform and schedule meetings using another, less secure app. While there may be no way to completely avoid this, businesses should regularly remind their employees of the company’s requirement that a particular platform be used for company business, and explain the reasons why use of the mandated platform is critical.
- Become familiar with security settings within the company’s chosen platform, and, it should go without saying, use them wisely. Some apps allow—but do not require—a special password to join a meeting. Likewise, some platforms contain settings that would require the meeting host to admit participants into the virtual room, but this setting is optional, not mandatory. Ideally, an employer would be able to implement the highest security measures available as the default setting on an enterprise-wide basis. Even where this is not possible, businesses must advise their employees to take advantage of each security setting available when hosting a meeting to limit risk.
- Instruct employees to implement security measures outside the conferencing app, as well. For example, employees should be advised to use a private room wherever possible, and if finding a private space is not possible, they should use headphones and restrict their screen view.
- Employers should create and distribute written policies regarding best practices for remote conferencing. These policies should be distributed early and often—not only to remind employees of their duties (and hopefully reduce the risk of misappropriation to begin with), but also to best position the company should litigation ensue. A clear record of the company’s efforts to maintain confidentiality and put its employees on notice of company policy will help a trade secret plaintiff demonstrate that it took reasonable measures to safeguard the information at issue, a critical component of proving the existence of a trade secret.
- As always, employees with access to confidential information and trade secrets should be bound by strict non-disclosure agreements, and be reminded frequently of their obligations under those contracts.
- Reminders of the need to protect the confidentiality of the information to be discussed should be given at the start of any meeting in which trade secrets are to be addressed.
- Finally, as employees slowly begin to return to in-office work, they should be instructed to bring in any notes taken during discussions involving trade secrets, for either safekeeping in office files, or professional shredding.
It is difficult, if not impossible, to prevent entirely a wily and motivated employee from misappropriating the company’s trade secrets, even in the best of times. In these unprecedented times, it is even harder. However, by taking steps that are reasonable under the circumstances, businesses can best position themselves to prevent nefarious conduct and/or ensure that a court will deem sensitive information to be trade secrets subject to legal protection.