Business Law Checklists Compliance/Best Practices Employment Law Intellectual Property Legal Topics

Protecting Company Secrets: Checklist for Making a Plan

186300420If you represent businesses, you know how important it is to protect their trade secrets. A crucial part of that effort is developing and implementing a trade secret protection plan. Specific company needs may vary, and plans have to be crafted with those needs in mind, but some elements should be included in any trade secret protection plan.

A trade secret protection plan should encompass written policies that are made available to all employees and consultants and are discussed with all parties who may have access to the company’s trade secrets.

The plan needs to be broad enough to provide protection, yet not be so demanding that employees and consultants are unable or unwilling to comply.

Here’s a checklist of 16 ideas to consider when drafting a trade secrets protection plan:

1. __  Have each employee sign a nondisclosure/confidentiality agreement. This agreement acknowledges that the employee has been or will be exposed to certain company trade secrets and other confidential and proprietary information.

2. __  Ensure that the nondisclosure/confidentiality agreement contains a nonsolicitation provision. A nonsolicitation provision prohibits a departing employee from directly or indirectly soliciting the company’s customers or clients through the use of confidential or trade secret information, regardless of where they’re located, to do business with the employee. Note that there has been a material change in the law on nonsolicitation provisions. Previously, such provisions were viewed as enforceable, even if they didn’t specify that solicitation was prohibited only if such solicitation involved the use of trade secrets or confidential information. Now, it appears that California case law requires that nonsolicitation provisions be limited to prohibiting solicitation of customers solely when such solicitation involves the use of confidential information or trade secrets. See Retirement Group v Galante (2009) 176 CA4th 1226; Dowell v Biosense Webster, Inc. (2009) 179 CA4th 564.

3. __  Although typically not enforceable with respect to California-domiciled employees, if legally enforceable (as in situations in which the employee is also an owner of the business), have employees sign noncompetition agreements. A noncompetition agreement prohibits a departing employee from working for a competitor or otherwise providing competitive goods or services for a certain period of time and within a certain territory or in regard to specific customers.

4. __  Restrict access to servers, routers, and other network technology to those whose job responsibilities require access.

5. __  Keep wire closets, server rooms, phone closets, and other locations containing sensitive equipment locked at all times.

6. __  Place locks on computer cases to prevent hardware tampering.

7. __  Lock file cabinets and offices that store sensitive information. Consider having sign-in/out sheets for files to establish a traceable chain of custody for files that shows who had the files last before any alleged misappropriation.

8. __  Designate all documents containing trade secrets or confidential information as “confidential,” and implement procedures to help ensure that all documents deserving the “confidential” designation are appropriately marked when initially created.

9. __  Implement password protocols for all employees for access to all critical system resources. Don’t let employees pick their own passwords; instead, assign passwords that are a series of random letters and numbers (there’s software to create these), and change these passwords at regular intervals.

10. __  Have a policy that permits the employer to monitor and log employees’ Internet actions.

11. __  Keep audit logs of all access requests to critical systems and sensitive information.

12. __  If the company’s network is on the Internet, use a firewall, audit the servers for security holes on a regular basis, and make sure that the system has all of the latest security patches and fixes installed. (To claim trade secret protection, employer must show that it made reasonable efforts to maintain the secrecy of its information.)

13. __  Back up all workstations and servers at least weekly and store backups off-site.

14. __  Periodically test the backup system to ensure the ability to restore data if necessary.

15. __  Train employees not to discuss the company’s trade secrets or confidential information around third parties.

16. __  Utilize confidentiality provisions in contracts with any third parties (such as vendors and customers) that the employer permits to see its confidential information or trade secrets.

This handy checklist comes from CEB’s Drafting Employment Documents for California Employers, Chapter 7 —an excellent resource for practical advice for employers and sample employee policies. For in-depth coverage of issues relating to trade secrets, turn to CEB’s Trade Secrets Practice in California.

Other CEB blog posts you may find useful:

© The Regents of the University of California, 2014. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.

16 replies on “Protecting Company Secrets: Checklist for Making a Plan”

Woah! Re: Item 2, do NOT put a non-solicitation provision in a California contract. Under B&PC §16600, limitations on an employee’s ability to solicit customers after leaving your employ is going to be struck down: ILLEGAL. See Edwards v. Arthur Andersen, LLP, 44 Cal.4th 937 (2008). I just won two trials on this issue and know the area very well. The old saw that there is somehow a carveout for “trade secret protection” is much narrower than it appears on the surface. Just put a “employee will not disclose trade secrets” clause into your contract and leave it at that. Anything else is going to set you up for a shark feeding and big attorney’s fee bill to some labor law attorney. Before Edwards, non-solicitations were worth a fight. After Edwards, stay away from them.

Add your comment to the blog post

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s