Many thanks to Samantha Strauss for her contributions to this article.
Whether you are running a startup or leading an established corporation, trade secrets can provide a competitive edge under US law—if handled properly.
Unfortunately, that edge can be whittled away, or vanish immediately, if you or your team makes one of the critical errors discussed below. You may not need a beefed-up compliance team to protect your information, but you do want to take reasonable measures, and aim to avoid these all-too common mistakes.
As a first step, if you’re not sure what constitutes a trade secret, click here. Now, here are the Top Ten pitfalls so you can steer clear:
1. Do Not Assume You Have No Trade Secrets
Startups often assume they do not have information that necessitates protection. Setting aside time to think through what information you have that could constitute a trade secret is a critical first step. You may not need to keep an itemized list of your trade secrets. Indeed, it can be risky to enumerate them because you will likely miss some and create an inference that the unlisted information is not a trade secret. Still, having a sense of what confidential information matters to the company can help you decide what precautions to take to (a) prevent theft, and (b) put yourself in the best possible position in case litigation arises.
2. Do Not Forget the Confidentiality Provision
Most companies are not solo acts—they are team efforts that flourish through the hard work of many people. It’s great to work with others but when others have access to your information, you do want to install protections. For example, when you hire a new employee, engage a contractor, or partner with another business, you should include a confidentiality provision in the contract that sets forth an ongoing obligation not to use or disclose any of your confidential information (or, in some situations, sign a separate NDA with the party).
Click here for guidance on onboarding employees to early-stage companies, here to learn what terms to include in contractor agreements, and here to learn more about NDAs.
3. Do Not Onboard Personnel Without Proper Caution
Making a new hire is exciting. You’re growing. But you can miss the opportunity to set employee expectations of confidentiality if you do not discuss the company’s policy and practices upfront with new hires. Ideally, the policy should accompany any offer letters, and should make clear that the company does not need or want any other company’s confidential information. Then, during the onboarding process, company leaders should make sure that new employees understand they cannot use confidential information from prior employers. And of course, the message should be clear that if they leave the company, they cannot take with them the company’s proprietary information.
Executing these steps early in the relationship sends the right message, protects the company’s information, and helps insulate the company from potential lawsuits brought by the old employers of your new hires.
4. Do Not Say Goodbye Without an Exit Interview
Everyone is busy, and no one likes to go through the rigamarole of saying goodbye and reminding the departing employee of her ongoing obligations. Still it is essential to conduct an exit interview, even if remote, where you remind departing employees of their obligations to keep your information confidential. Companies should document their efforts, provide the employee with a copy of any NDA or restrictive covenant the employee entered, and discuss ongoing obligations. Reminding departing employees that the company can use forensics to track any downloading, uploading or printing of proprietary information can markedly improve the rate of return on company property.
For tips on exiting employees from early-stage companies, take a look at this article.
5. Do Not Wait to Terminate Access or Collect Property
Allowing a trusted employee to keep her computer for a few weeks or forgetting to disable network access at the time of departure invites trouble. Even though there is some upfront cost, you should arrange for logistics by paying for a courier or arranging a delivery service to collect any company property (i.e. laptops, external storage devices, hard copy files, or any other company devices). That protects your information and supports your claim that you took reasonable steps to do so. Having an employee certify that she has returned all company property can serve to remind the employee of the company’s commitment to confidentiality and helps to document the company’s reasonable measures in the event of litigation.
6. Do Not Allow Unlimited Access to Confidential Information
Not everyone at the company needs access to every piece of information. While it takes discipline, you should impose barriers—physical and electronic—so that information goes only to those with a need to know. The “secret sauce” belongs in a safe, not out on the table in the office kitchen.
7. Do Not Repurpose Equipment Without Preserving Evidence
Electronics are expensive and it can be tempting to quickly repurpose a departing employee’s devices for another use—but wiping them without taking steps to preserve data can leave you exposed. If an employee had access to confidential information, and especially if that employee left for a direct competitor, you should work with IT or a specialist to collect and analyze data in case of litigation. And, if you suspect misappropriation, consider forensic imaging that will provide you with a replica of the device and its metadata.
8. Do Not Blend Your IP With Another Party’s IP
Likewise, companies can run into trouble with claims of ownership if they fail to keep third-party data separate from their own intellectual property. If you have a partnership where you are receiving another party’s confidential information, to the extent possible strive to (a) use that information only for approved purposes, (b) keep that information segregated from your own, and (c) maintain a wall between personnel working on that joint project and any internal, independent development of related products or materials. This is not always easy because people working on similar projects are naturally inclined to communicate, but if the partnership falters, maintaining segregation and documentation of independent development will offer you a potential defense from allegations that you misappropriated the other party’s confidential information.
9. Understand the Risks of Remote Working
When employees work remotely, companies have multiple new points of information leakage. Employees may be more likely to use unsecured networks, mix information on their work vs. personal devices, or inadvertently expose company information to family members or roommates. Depending on your business, it may be necessary to take renewed steps to encrypt critical data, require employees to install security software, and to remind employees to perform work on a company-owned device through a secure connection. Collaborating with an IT department or specialist can help you determine the cost and benefits of implementing security measures.
10. Do Not Create a Policy You Cannot Follow
Many companies set themselves up for failure by adopting written policies that they cannot adhere to. For example, as mentioned above, if you claim to catalog all your trade secrets, you will have a tough time if someone steals an item that is confidential and valuable but is not on your list. Similarly, if your written policy says that you mark all such documents “Confidential,” you risk losing protection of documents that people fail to mark. If you do adopt trade secret policies, they should be practical, and should contain proper caveats to maintain flexibility as issues arise.