Safeguarding Trade Secrets in the Information Age: Sample Communications Policy
There are no easy solutions to the problem of protecting trade secrets in the information age. But there are definite steps the employer can take, and these include monitoring business equipment and promulgating unambiguous policies.
In the age of instantaneous communication, it is getting harder and harder to keep anything a secret. Every company needs to safeguard its trade secrets and its business equipment as well. The only way to do this is through specific policies which address use and monitoring of business equipment and maintenance of company trade secrets. Such policies, included in the employee handbook, should be signed by each employee. The company should conduct an orientation at the outset of employment, specifically informing each employee of company policies relating to use of business equipment, monitoring, confidentiality, as well as appropriate behavior in the workplace. This article will discuss notices and training, clearly communicating the employer's intent, expectation of privacy on behalf of the employee, and ways to protect the company's trade secrets.
BALANCING THE INTERESTS Â• What is the extent of an employee's privacy rights in the workplace and what legitimate right does an employer have to monitor employees in the workplace?
As workplaces have integrated electronic communication and high technology in day-today business, and these technologies continue to advance, an employer's ability to monitor its employees has increased. While employers have legitimate reasons to monitor employees, employees increasingly are asserting claims for invasion of privacy in litigation. Federal and state statutes, as well as the common law, provide guidance to employers electing to monitor employees' workplace activities.
Expectations of Privacy:
Government vs. Private Employees
The Fourth Amendment of the U.S. Constitution protects citizens from unreasonable searches and seizures. Not specifically referring to the right of privacy, the Fourth Amendment provides in pertinent part that, "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated." U.S. Const. Amend. IV. The Supreme Court, however, has consistently interpreted it as preserving the right to privacy. Katz v. United States, 389 U.S. 347, 350, 359, (1967) (holding that the Fourth Amendment "protects people, not places"); Griswold v. Connecticut, 381 U.S. 479, 484-85 (1965).
An expectation of privacy in one's place of work is "based upon societal expectations that have deep roots in the history of the [Fourth] Amendment." O'Connor v. Ortega, 480 U.S. 709, 716 (1987). Searches and seizures by government employers of the private property of their employees are subject to Fourth Amendment restraint. Id. at 715. What is a reasonable search depends on the context with which the search takes place, and requires balancing the employee's legitimate expectation of privacy against the government's need for supervision, control, and the efficient operation of the workplace Â– judged by the standard of reasonableness under all the circumstances. Id. at 725-26.
Noting that some government offices may be so public that no expectation of privacy is reasonable and that the question must be addressed on a case-by-case basis, the O'Connor Court recalled Katz, quoting: "What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection." Id. at 718 (quoting Katz, 389 U.S. at 351). Further, a governmental employee's expectation of privacy depends in large part upon the nature of his or her employment and whether it poses a potential threat to public safety. National Treasury Employees v. Von Raab, 489 U.S. 656 (1989).
Employees of private companies do not have a high expectation of privacy. The Fourth Amendment restrains the conduct of governmental agents only, and thus, although it provides privacy protection to public employees, the endorsement of individual privacy rights under the Fourth Amendment does not extend to the employees of private companies. An employer may monitor the workplace for a variety of legitimate business reasons, including maintaining "due diligence" records in regulated industries, assuring a workplace free of discrimination, improving job performance, assuring productivity, and protecting valuable proprietary corporate information.
Although employees assert they have a privacy right in e-mail sent and received on company equipment, the courts have concluded to the contrary.
There is no reasonable expectation of privacy in electronic mail ("e-mail") sent, stored or received at work. Smyth v. The Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996). The computer hardware and software belong to the employer, and so does all the information stored on it. Id. at 101. The Smyth court noted that the e-mail communications were made voluntarily over the company e-mail system and that the company was not requiring the employee to disclose any personal information about himself. Id. Notwithstanding any assurances by the employer that such communications would not be intercepted, no reasonable expectation of privacy could be found. Id. Moreover, the court held that the company's interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have had in comments made over e-mail. Id.
Private employers must inform its employees about policies restricting sending or receiving proprietary or trade secret information over e-mail. If the employer fails to take protective measures, it may lose its legal ability to protect its trade secrets. Employers must instruct employees regarding the types of information the employer deems to be confidential. The employer must forbid the communication of such information over e-mail. Security measures should be in place, such as passwords and user identification information. Employees should be informed that unauthorized use of or access to trade secrets or breach of security measures will result in appropriate discipline. For a more detailed discussion on trade secrets, see the discussion below.
Privacy Rights: a Balancing Test
Privacy rights of employees in private companies have evolved through federal and state statutes, common law and contracts. When considering the issue of privacy rights in the workplace, one needs to balance the employee's right to privacy against the employer's legitimate business interests. The inquiry is formulated as whether the employee had a "reasonable expectation of privacy" under the circumstances. See O'Connor v. Ortega, supra, 480 U.S. at 711-12.
The Electronic Communications
Privacy Act of 1986 The Electronic Communications Privacy Act of 1986, as amended, 18 U.S.C. §§2510-22 ("ECPA"), prohibits the intentional and nonconsensual interception of any wire, oral or electronic communication, the unauthorized access of stored communications, or the disclosure or use of any information from an illegally intercepted communication. 18 U.S.C. §2511. The principal purpose of the ECPA amendments to the federal wiretap law was to extend the prohibitions on unauthorized interceptions to electronic communications, which is broadly defined to include e-mail, pager communication and computer data. Brown v. Waddell, 50 F.3d 285 (4th Cir. 1995). Penalties for violating the ECPAcan include criminal penalties, the greater of actual damages plus profits or statutory damages, injunctive and declaratory relief, punitive damages, attorneys' fees and costs.
The ECPA provides three exceptions which permit employers to monitor employees' telephone and electronic communications under certain circumstances: the business extension exception, the consent exception and the service provider exception. The business extension exception excludes from coverage telephone equipment provided by the telephone company and used in the ordinary course of business. Thus, generally, employers can monitor business-related phone calls. Once an employer understands a phone call is personal, however, monitoring must cease. The consent exception requires that there be consent to the interception. Employers must inform employees that their telephone calls will be monitored, not that they may be. Prudence would require the employer to receive written consent from employees. The service provider exception applies to employer-provided phone and e-mail systems and is effective only when the system in question is provided by the employer and that the employer's monitoring activities are to protect the employer's property rights. In sum, the exceptions permit employers to monitor business-related phone calls, to monitor communications when there has been employee consent, and to access stored e-mail transmissions. If any one of these exceptions applies, monitoring can take place.
The Employee Polygraph Protections Act
The Employee Polygraph Protection Act of 1988, 29 U.S.C. §§2001-2009 (1988), prohibits private employers from requiring or requesting employees or job applicants to submit to a lie detector test. A professionally administered polygraph test may be used, however, in the context of an investigation of employee misconduct, where there is a reasonable suspicion of theft or other illegal conduct. The public sector is exempt from coverage under this Act. 29 U.S.C. § 2006.
Pending Federal Legislation
The Notice of Electronic Monitoring Act ("NEMA"), legislation which would regulate an employer's ability to monitor the electronic communications of its employees, was introduced simultaneously by the House and Senate in July, 2000. S. 2898; H.R. 4908. NEMA requires employer disclosure of electronic monitoring of employee communications and computer usage in the workplace, and provides a cause of action for violations, including civil and punitive damages. This legislation was never marked up and has not been reintroduced to date.
State Constitutions: Declarations of Privacy
Some states in their state constitution explicitly recognize a right to privacy, for example, Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, South Carolina, and Washington. See Appendix 1 for the pertinent sections of these state constitutions.
Various states have enacted statutes which make it unlawful for an employer to intercept or record any private communication by telephone, or electronic communication, without consent. Only if the state law is less protective will the ECPA preempt state law. Some states, Missouri and Vermont for example, have not enacted any legislation which includes electronic communication as protected communications. Nebraska, interestingly, has specifically exempted employers from wiretapping restrictions. See Neb. Rev. Stat. 86-702(2)(a).
The following states have enacted legislation which provides employees with broader protection than available under the ECPA, for example, requiring prior consent by all parties before a communication can be intercepted: Connecticut; California; Delaware; Florida; Hawaii; Illinois; Louisiana; Maryland; Massachusetts; Montana; New Hampshire; Pennsylvania; Washington. See Appendix 2 for citations to these state statutes.
Using the ECPA as a model, the following states have incorporated the statute's exemption provisions such as prior consent and the business extension exemptions: Arizona; Colorado; Delaware; Florida; Georgia; Hawaii; Idaho; Illinois; Iowa; Kansas; Louisiana; Maryland; Minnesota; Mississippi; Missouri; Nebraska; Nevada; New Hampshire; New Jersey; New Mexico; New York; North Dakota; Ohio; Oklahoma; Oregon; Pennsylvania; Rhode Island; South Dakota; Texas; Utah; Virginia; West Virginia; Wisconsin; Wyoming. See Appendix 3 for citations to these statutes.
Common Law Causes of Action
In addition to bringing claims under the ECPA and state interception statutes, challenging employer monitoring, employees have asserted causes of action for invasion of privacy (also know as "intrusion upon seclusion"), defamation, employment discrimination, intentional infliction of emotional distress, false imprisonment, and violations of the National Labor Relations Act.
The tort of "intrusion upon seclusion" is defined as follows: "One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person." Restatement (Second) of Torts §652B. Liability only attaches when the "intrusion is substantial and would be highly offensive to the 'ordinary reasonable person.'" Smyth supra, at 100 (quoting Borse v. Piece Goods Shop, Inc., 963 F.2d 611, 621 (3d Cir. 1992)).
Generally, most states recognize a cause of action for invasion of privacy under their common law. North Dakota, however, does not. Hovet v. Hebron Public School Dist., et al., 419 N.W. 2d 189 (1988). No recent cases addressing the issue have been reported in Wyoming or Nevada.
PROTECTING COMPANY TRADE SECRETS Â• A trade secret must involve information that is not generally known and is not readily ascertainable through proper means. The owner of the information also must take reasonable measures to protect its secrecy. To determine whether a trade secret exists, a variety of factors must be examined. Three sources are particularly important to determine what the factors are and how they should be applied: the Restatement (First) of Torts, the Uniform Trade Secrets Act, and the Restatement (Third) of Unfair Competition.
Definition in the Restatement (First) of Torts
The most widely quoted definition of a trade secret, prior to the adoption of the Uniform Trade Secrets Act ("UTSA"), was that of the Restatement (First) of Torts:
"A trade secret may consist of any formula, pattern, device or compilation of information which is used in one's business and which gives him an opportunity to obtain an advantage over competitors who do not know or use it. It may be a formula for a chemical compound, a process of manufacturing, treating or preserving materials, a pattern for a machine or other device, or a list of customers....Generally, it relates to the production of goods, as, for example, a machine or formula for the production of an article. It may, however, relate to the sale of goods or to other operations within the business, such as a code for determining discounts, rebates or other concessions in a price list or catalogue, or a list of specialized customers or a method of bookkeeping or other office management."
Restatement (First) of Torts, §757, comment b (1939) (emphasis added). The definition was adopted by a number of states and has been applied in numerous state and federal cases. The definition is illustrative of the types of information and materials that possibly qualify as trade secrets.
Uniform Trade Secrets Act Definition
The Uniform Trade Secrets Act ("UTSA") defines a trade secret as:
"[I]nformation, including a formula, pattern, compilation, program, device, method, technique, or process, that: (1) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (2) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy."
Uniform Trade Secrets Act, §1(4). The vast majority of states have adopted the UTSA.
Definition in the Restatement (Third) of Unfair Competition
The Restatement (Third) of Unfair Competition defines a trade secret as:
"A trade secret is any information that can be used in the operation of a business or other enterprise that is sufficiently valuable and secret to afford an actual or potential economic advantage over others."
Restatement (Third) of Unfair Competition (1995). The definition is intended to be consistent with the UTSA. Comment b, Restatement (Third) of Unfair Competition. The comments to the Restatement (Third) of Unfair Competition note:
"A trade secret may consist of a formula, pattern, compilation of data, computer program, device, method, technique, process, or other form or embodiment of economically valuable information. Atrade secret may relate to technical matters such as the composition or design of a product, a method of manufacture, or the know-how necessary to perform a particular operation or service. Atrade secret may also relate to other aspects of business operations such as pricing and marketing techniques or the identity or requirements of customers."
Comment d, Restatement (Third) of Unfair Competition, §39.
Trade Secret Criteria The criteria adopted by the Restatement (First) of Torts for determining whether a trade secret exists are:
Â• The extent to which the information is known outside of the business;
Â• The extent to which it is known by employees and others involved in the business;
Â• The extent of measures taken to guard the secrecy of the information;
Â• The value of the information to the business and to competitors;
Â• The amount of effort or money expended in developing the information;
Â• The ease or difficulty with which the information could be properly acquired or duplicated by others.
Restatement (First) of Torts, §757, comment b.
The "Secrecy" Requirement
The subject matter of a trade secret must be secret. Furr's Inc. v. United States Advertising Co., 385 S.W. 2d 456 (Tex. Civ. App.1964), cert. denied, 382 U.S. 824 (1964); Thermotics, Inc. v. Bat-Jac Tool Co., Inc., 541 S.W. 2d 255 (Tex. Civ. App. 1976). Trade secret protection, however, is not lost if the secret is discovered through "improper means." The UTSA defines "improper means" as "theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means." The Restatement (Third) of Unfair Competition simply requires that the information be "secret." The comments state: "The rule stated in this Section  requires only secrecy sufficient to confer an actual or potential economic advantage upon one who possesses the information. Thus, the requirement of secrecy is satisfied if it would be difficult or costly for others who could exploit the information to acquire it without resort to the wrongful conduct proscribed under § 40." Comment f, Restatement (Third) of Unfair Competition, §39 (1995).
The Duty To Protect Trade Secrets
The trade secret owner is under a duty to take reasonable steps to preserve the secrecy of the trade secret. E.I. duPont deNemours & Co., Inc. v Christopher, 431 F.2d 1012 (5th Cir. 1970), cert. denied, 400 U.S. 1024 (1971). If the owner of a trade secret is subsequently found to have inadequately protected the secret, protection will be denied. The property is deemed to have been forfeited. One of the principal precautions taken to protect trade secrets is the use of employee non-disclosure or confidentiality agreements. Surgidev Corp. v. Eye Technology, Inc., 828 F.2d 452 (8th Cir. 1987) (requiring employees to sign nondisclosure agreements, restricting visitor access to sales and administrative areas, keeping customer information in locked files, and distributing customer information on a "need-to-know" basis was sufficient to meet the "reasonable precaution" test). The requirement to take reasonable steps to preserve the secrecy of the trade secret varies with the circumstances of each case, and simply having each employee sign confidentiality agreements may not be adequate to preserve trade secret protection if the other precautions taken are not sufficient. See Electro-Craft Corp. v. Controlled Motion, Inc., 332 N.W. 2d 890 (Minn. 1983); see also Junkunc v. S.J. Advanced Technology and Manufacturing Corp., 498 N.E. 2d 1179 (Ill. App. Ct. 1986).
Provisions for Employment Contracts to Protect Trade Secrets
In an effort to protect its assets, an employer, through employment contracts, can extract promises of nondisclosure of trade secrets from employees. Employment contracts can include a covenant not to compete, a nondisclosure agreement, incorporating by reference the Economic Espionage Act (18 U.S.C. §1832), and a covenant not to solicit. Such employment contracts also should require that employees return all company property upon separation, including any paper or electronic copies of company documents or other information. The employment agreement should require employees to submit to an exit interview. Furthermore, the employer should require employees to participate in a confidential information awareness orientation. If the employee does not know that the employer desires secrecy, the employee may not be held to have a confidential relationship with the employer, and the trade secret will be unprotected. The employment agreement, even if the relationship remains "at will," should require the employee to assign to the employer any trade secrets that were created by the employee in the course of employment. Otherwise, the employee may claim an interest in the trade secret. Finally, the employer may elect to include an arbitration clause in the employment agreements. These clauses require the employer and employee to waive their right to trial and to submit any disputes to binding arbitration. At the same time, these clauses should be drafted to exclude a claim for an injunction for violation of a non-compete, non-disclosure or non-solicitation agreement, thereby permitting the employer to seek emergency relief from a court for an injunction enjoining the conduct.
Practical Considerations To Protect Trade Secrets
Although the courts continually caution that the circumstances of each case will vary, several basic requirements for protecting trade secrets can be gleaned from the cases:
Â• Reasonable precautions against industrial espionage;
Â• Marking plans and documents "confidential;"
Â• Use of "confidentiality" legends, warnings and agreements;
Â• Restricting visitors and similar types of plant security;
Â• Locking up or otherwise securing sensitive information;
Â• Taking technical precautions, such as dividing the system into steps handled by different individuals or departments;
Â• Copy protection and embedded codes to trace copies; and
Â• Employee exit interviews.
In the event of litigation, it should be clear that the employer has done everything reasonable within its power to protect its trade secrets. See Schalk v. State, 823 S.W. 2d 633 (Tex. Cr. App. 1991) (evaluating what constitutes requisite 'measures' to protect trade secret status), cert. denied, 503 U.S. 1006 (1992). "Vigilance in the area of trade secrets is required, particularly because once a trade secret is made public, all ownership is lost." Computer Associates Intern. v. Altai, Inc., 918 S.W. 2d 453, 457 (Tex. 1994).
The general rule is that the employer should make sure that its confidential information is accessible only to those with a "need to know" it. For a list of practical considerations to protect trade secrets see Appendix 4.
EMPLOYEE TRAINING, MONITORING, AND POLICIES Â• At the outset of employment, each employee should undergo an orientation which includes carefully reviewing the employee handbook and acknowledging by signing the requisite policies, and careful discussion about the employer's business equipment and confidentiality procedures.
An employer may monitor the workplace for a variety of legitimate business reasons: to detect or disprove sexual harassment, racial discrimination or hostile work environment claims; to prevent abuse of e-mail or Internet use; to prevent theft or misappropriation of confidential business information; to assure quality performance and customer service; to deter workplace violence; or to maintain employee safety. An employer may want to take into account employee morale when deciding to what extent to monitor employee activity.
Policies Relating to the Use of Company Property
To avoid any ambiguity in the interpretation of the federal or state statutes, or case law, employers must articulate in writing and enforce their policies relating to the use of all business equipment, including telephones, computers, email, software, and policies of confidentiality. The policies should be contained in an employee manual which is distributed to each employee. There should be signature blocks on the pages of pertinent policies where each employee can sign, acknowledging receipt, notification and acceptance.
The policies should provide that the employee does not have any personal privacy right in any matter created on, received by or sent from the employer's computer or e-mail system. The policies should reserve the right to the employer to monitor employee e-mail messages. The employer should advise employees at the outset of employment that it will monitor business calls, and should also advise customers, as well.
Examples of pertinent policies a company may implement and incorporate into its employee handbook to instruct employees of the company's position with respect to its business equipment, electronic and/or telephonic monitoring and confidential information are found at Appendix 4. Such policies notify employees that they do not have a great expectation of privacy in the workplace. See Appendix 5 for sample company policies.
CONCLUSION Â• Although there are no guarantees that trade secrets won't be revealed, there are steps the employer can take to make it less likely to happen. Monitoring the equipment and having communications policies in place will put employees on notice that the employer is serious about protecting its proprietary information. Additionally, these policies will help to position the employer to vindicate its rights in the event of unauthorized disclosure.
Michael J. Killeen, Employment in Washington (4th ed. 1998 & Supp. 2001).
Robert Ellis Smith, Compilation of State & Federal Privacy Laws (1992).
Donald W. Schroeder, The Information Superhighway: Avoiding Workplace Nightmares, 45 B.B.J. 8 (2001).
Teresa Cheek, Privacy in the Workplace, 18 Delaware Lawyer 27 (Summer 2000).
Paul F. Gerhart, Employee Privacy Rights in the United States, 17 Comp. Lab. L. 175 (1995).
Kenneth A. Jenero & Lynne D. Mapes-Riordan, Electronic Monitoring of Employees and the Elusive "Right to Privacy," 18 Employee Rel. L.J. 71 (1992).
Eric J. Sinrod, E-Legal: Electronic Monitoring of Employees by Employers, law.com (2001).
Alexander I. Rodriguez, Comment: All Bark, No Byte: Employee E-Mail Privacy Rights in the Private Sector Workplace, 47 Emory L.J. 1439 (1998).
Winn Carter and Richard T. Stillwell, Artificial Intelligence: (N) The Knowledge Your Competitors Gain From the Trade Secrets Disclosed by your Former Employees (2002).
Privacy Rights: State Constitutions
Alaska: "The right of the people to privacy is recognized and shall not be infringed upon."
Arizona: "No person shall be disturbed in his private affairs, or his home invaded, without authority of law."
California: "All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring safety, happiness, and privacy."
Florida: "Every natural person has the right to be free from governmental intrusion into his private life except as otherwise provided herein."
Hawaii: "The right of the people to privacy is recognized and shall not be infringed without the showing of a compelling state interest. The legislature shall take affirmative steps to implement this right."
Illinois: "The people shall have the right to be secure in their persons, houses, papers and other possessions against unreasonable searches, seizures, invasions of privacy or interceptions of communications by eavesdropping devices or other means."
Louisiana: "Every person shall be secure in his person, property, communications, houses, papers, and effects against unreasonable searches, seizures, or invasions of privacy."
Montana: "The right of individual privacy is essential to the well-being of a free society and shall not be infringed without the showing of a compelling state interest."
South Carolina: "The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures and unreasonable invasions of privacy shall not be violated. ..."
Washington: "No person shall be disturbed in his private affairs, or his home invaded, without authority of law."
State Electronic Monitoring Statutes Broader than ECPA: Prior Consent by Both Parties
Â• Conn. Gen. Stat. Ann. §53a-187
Â• Cal. Pen. Code §§631, 637
Â• 11 Del. C. §2402
Â• Fla. Stat. Ann. §934.03
Â• Haw. Rev. Stat. §711-1111
Â• 720 ILCS 5/14-1
Â• La. Rev. Stat. Ann. 15-1303, 14-322
Â• Md. Cts. & Jud. Proc. Code Ann. §10-402
Â• Mass. Gen. L. Ann. 272-99
Â• Mont. Code Ann. §45-8-213
Â• N.H. Rev. Stat. Ann. §570-A:1
Â• 18 Pa. Cons. Stat. Ann. §5701
State Electronic Monitoring Statutes: Prior Consent and Business Use Exceptions
Â• Ariz. Rev. Stat. Ann. §13-3012
Â• Colo. Rev. Stat. §18-9-305
Â• 11 Del. C. §1336
Â• Fla. Stat. Ann. §934.03
Â• Ga. Code Ann. §16-11-66
Â• Haw. Rev. Stat. §803-42
Â• Idaho Code 18-6702; 18-6720
Â• 70 ILCS 5/14-3
Â• Iowa Code Ann. 8082.B
Â• Kan. Stat. Ann. 21-4001; 22-2514
Â• La. Rev. Stat. Ann. 15:1303
Â• Md. Cts. & Jud. Proc. Code Ann. §10-402
Â• Minn. Stat. Ann. 626A.02
Â• Miss. Code Ann. 41-29-531
Â• Mo. Ann. Stat. 542.402
Â• Neb. Rev. Stat. 86-702
Â• Nev. Rev. Stat. Ann. §200.620
Â• N.H. Rev. Stat. Ann. 570-A-B
Â• N.J. Rev. Stat. 2A:156A-4
Â• N.M. Stat. Ann. 30-12-1
Â• N.Y. Crim. Proc. Law §700.05
Â• N.D. Cent. Code §12.1-15-02
Â• Ohio Rev. Code Ann. 2933.52
Â• Okla. Stat. Ann. §13-176.4
Â• Or. Rev. Stat. 165.543
Â• 18 Pa. C. S. §5704
Â• R.I. Gen. Laws. 11-35-21
Â• S.D. Codified Laws Ann. §23A-35A-1
Â• Tex. Penal Code 16.02
Â• Utah Code Ann. 77-23a-4
Â• Va. Code Ann. 19.2-62
Â• W. Va. Code 62-1D-3
Â• Wis. Stat. 968.31
Â• Wyo. Stat. Ann. 7-3-702
Practical Considerations To Protect Trade Secrets
The general rule is that the employer should make sure that its confidential information is accessible only to those with a "need to know" it. To do this, an employer should do the following.
- Have employees sign employment contracts (even if the employees remain "at-will").
- Include a nondisclosure agreement to protect the employer's trade secrets.
- Consider including a covenant not to compete (if included remember to add promises by the employer to act as separate consideration for an "otherwise enforceable agreement).
- Consider a non-solicitation covenant.
- Consider a non-recruitment covenant.
- Include a covenant that the employee promises to return all trade secret and confidential information at the end of the employment.
- Limit access to trade secrets to only those employees who "need to know" the trade secrets, and maintain detailed records of who has access to the trade secrets and when they have access to such information.
- Use computer security measures to protect electronic confidential information.
- Implement restrictive security codes and passwords.
- Limit remote access to information stored in computer files.
- Consider installing auto-callback functions.
- Maintain Firewalls between the computer system and the Internet.
- Examine the computer hard drives and systems of any leaving employee. Look for deleted information or copied information.
- Have systems in place to retain control over documents that contain trade secret information.
- Keep document control logs to protect sensitive documents.
- Where multiple copies of a document that contains trade secrets exist, number the copies and prohibit any further copying of the document.
- Utilize consistent document control policies that consider which documents to retain and which documents to destroy.
- Clearly identify the company's trade secrets.
- Stamp trade secret documents "Confidential" or "Trade Secret."
- Visibly label areas of the workplace that contain trade secrets with signs or labels indicating the same.
- Physically lock the areas in the company where trade secrets reside.
- Consider implementing written policies regarding the non-disclosure of the company's trade secrets
- Create and circulate a trade secret policies and procedures manual to employees.
- Require employees to certify that they have read and that they understand the company's trade secret policies and procedures.
- Circulate refresher memoranda periodically to remind the employees of the policies and procedures in place to protect the company's trade secrets.
- Consider building security measures to protect trade secrets.
- Require personnel to carry identification badges.
- Allow limited access to sensitive areas.
- Monitor sensitive areas with closed-circuit television.
- Hire security guards.
- Post a fence around the premises.
- Follow proper discharge procedures when employees leave the company:
- Always conduct exit interviews with departing employees.
- Remind exiting employees what information is considered trade secret information by the company.
- Collect from departing employees all confidential documents, security passes, keys, and property of the employer, and in connection with this task, have the employee sign a certification that all confidential and trade secret material has been returned.
- Remind exiting employees of their contractual and common law obligations to continue to hold the company's trade secret information secret.
- Keep records of items returned by departing employees and matters discussed with them.
- Obtain details about the departing employees' new employment.
- Determine whether a departing employee's responsibilities in his or her new position may be so similar to his or her responsibilities with the company, that the new position is likely to threaten the inevitable or probable disclosure of the company's trade secrets.
- Require departing employees to execute an exit letter or affidavit in which the employees acknowledge their obligations not to disclose the company's trade secrets or recruit the employees remaining behind.
- Require third parties to execute confidentiality agreements before they receive confidential information.
Sample Company Policies
COMPUTERS AND SOFTWARE
___________ has implemented the following policy governing the acquisition, installation and use of third party commercial computer programs (software) within ___________ effective immediately. ___________ has adopted this policy in order to minimize the risk that a computer virus could attack our networks, to control the ordering, installation, copying, and use of software and to ensure that no one infringes software copyrights or violates license agreements with any of ___________'s software suppliers. All _____________ members and employees are expected to comply with both the letter and spirit of the procedures outlined below.
1. Registration. Everyone within ___________ that has or is using a copy of any commercial software must register that software with the Information Systems Manager by providing the title of the software, version, serial number and any other applicable identifying information. Forms for this purpose are available from the Information Systems Manager. Each person must also indicate how many copies of this software exist (floppy disks and hard disk) and the source of the copies.
2. Discovery of Illegal Copies. Unauthorized or illegal use of commercial software will not be allowed on computers owned by or used upon firm premises and any and all copies of such software will be removed and/or destroyed.
3. Copying of Software. No person shall make any copy of any commercial software without the express permission of and under the supervision of the Information Systems Manager except to install an authorized copy of software on a hard disk or to back up authorized hard disk copies. All back up hard disk copies must be visibly designated as such.
4. Personal Software. No person shall utilize on _________ computers or on computers used on ___________ premises any software not owned by ___________ unless that software shall have been registered with the Information Systems Manager.
5. Removal of Firm Software. No person shall make any copy of software owned or licensed by ___________ for personal or other use without the consent of the Information Systems Manager.
6. Questions. Any questions regarding the status or use of commercial software should be referred to the Information Systems Manager.
ELECTRONIC INFORMATION AND COMMUNICATION
Because technology is changing rapidly, this policy does not attempt to list each and every element of the ___________ policy on electronic information and communication usage. Rather, it is merely a reference tool, outlining ___________'s philosophy and general principles and prohibitions to be applied when using company-owned or provided equipment. If you have any doubts on a particular issue or use, check with management first. ___________ has the right to modify and/or interpret this policy at any time in its sole discretion.
The telephone system, facsimile machines, voice mail system, electronic mail system (e-mail), computers, computer network system, the Internet, any other electronic communication system, and the equipment and data stored on these systems ("___________'s Electronic Information and Communication Systems") are firm property and remain so at all times. All messages and transmissions composed, sent, stored or received on ___________'s Electronic Information and Communication Systems are and remain the exclusive property of ___________ and are not to be considered private property of any employee. As firm property, all messages on ___________'s Electronic Information and Communications Systems are subject to disclosure to law enforcement or government officials, or to other parties through subpoena or its equivalent, as well as for other business purposes except as such communications may be subject to the attorney-client privilege, the work product doctrine or some other protection which is recognized by the law.
All users of ___________'s systems must comply with all software licenses, copyright and intellectual property laws, as well as all other state, federal or local laws. Because of the potential that the Electronic Information and Communications Systems of ___________ may be subject to disclosure, the Electronic Information and Communications Systems of ___________ are to be used primarily for business purposes.
Although many of the computers in the office are owned by individual attorneys, attorneys and staff cannot expect privacy rights to extend to the use of firm-owned or provided equipment or supplies. From time to time, such as when an employee is ill, on vacation, a business trip or a leave of absence, when it is suspected that a regulation or policy is being violated, if it is suspected that company property is being used improperly, or simply to monitor job performance or performance of the equipment or for other business or legal needs, a firm representative may gain access to your voice mail or e-mail messages, your computer files, or any other firm property. For these reasons, you should not expect messages left on your voice mail, e-mail or other communication device or those which you send to be private. In fact, you should consider this information accessible like any other shared business file.
Although employees have individual passwords, encryption keys or access codes to their voice mail, e-mail and computer network systems, communications created, stored, sent or retrieved on such systems are not confidential, as these systems are accessible at all times by ___________. Even when a communication is erased or deleted, it may still be stored and thus can be retrieved and reviewed if and when business purposes require ___________ to review, audit, intercept, monitor, access, print and disclose all messages created, received, stored or sent over ___________'s Electronic Information and Communication Systems, with or without notice.
Everyone is restricted from using passwords or access codes of other employees to gain access to another employee's e-mail, voice mail, or other stored communication without prior approval from the other employee or from management. Except where necessary for business purposes and where prior approval has been obtained, attorneys are prohibited from "hacking" into other systems or "cracking" other passwords or access codes. No electronic communication may be created, transmitted or stored which attempts to hide the true identity of the creator or sender.
Everyone is prohibited from using ___________'s Electronic Information and Communication Systems in any way that may be deemed illegal, fraudulent, embarrassing, intimidating, disruptive or offensive to others, which includes but is not limited to the transmission of sexually explicit messages, cartoons, ethnic or racial slurs, gender specific comments, or any other comment or message that offensively addresses someone's age, sexual orientation, religious or political beliefs, national origin, disability, veterans status, or anything else that may be construed as harassing, discriminating or disparaging to or of others. Users encountering or receiving such material should immediately report the incident to management. Use of ___________'s information and communication systems in violation of a firm policy, or that will damage the reputation of ___________ is prohibited.
Users may not install software into any firm owned computers or the network without first receiving prior approval from management. See Section 4.30 on Computers and Software.
Everyone is prohibited from disclosing any proprietary or confidential information of ___________ without first receiving approval from appropriate members of management. When authorized, employees are expected to exercise significant caution when transmitting proprietary and confidential information over an electronic communication system because of the abilities of others to "crack" the system. Any such message containing proprietary and confidential information should begin with a warning declaring that such information is confidential and proprietary to ___________.
Employees are prohibited from recording a voice mail greeting or leaving an e-mail message that indicates that any message left on the system is confidential or private.
Inappropriate use of ___________'s Electronic Information and Communication Systems will subject any individual who has engaged in such inappropriate use to sanctions as deemed appropriate by management.
EXTERNAL E-MAIL COMMUNICATIONS
E-mail sent to clients should be labeled "confidential and subject to the attorney-client communication privilege." All e-mail should include a disclaimer for mail inadvertently sent to the wrong address or received by an unintended reader. Refer to the firm's standard form of fax cover sheet for preferred language accomplishing these objectives. The firm's e-mail system can automatically generate this message. For assistance with this, call the IS help desk at extension 5995.
E-mail communication, especially from clients, is to be treated like phone calls, i.e., a response should be made the day the communication is received but in no event later than 24 hours after receipt. If you are traveling or otherwise out of the office, compliance might be difficult, but you should make every attempt to comply. E-mail senders, like phone callers, have the expectation of an immediate response. Good client relations require us to satisfy our clients' expectations whenever possible.
Every incoming e-mail from and every outgoing e-mail to a client must be forwarded to your secretary to be printed out in hard copy and put in the file. The same policy applies to e-mail with opposing counsel, co-counsel and counsel for co-defendants in multiple party cases. E-mail should be treated as any other communication which you would save if it were in hard copy.
To purchase the online version of this article and editable versions of its forms, go to www.ali-aba.org and click on "Articles and Forms Online"