By Stephen Allred and Brian Barger,
Helms Mulliss & Wicker, PLLC
“Whoever wishes to keep a secret must hide the fact that he possesses one.”
Johann Wolfgang von Goethe
This advice holds true for companies attempting to protect their intellectual property and trade secrets. It is also clear that the challenge employers face in protecting such assets has never been greater given the volatile mix of rising employee turnover and decreasing employer ability to maintain control over business materials in the information age.
Where to Begin?
Not all information and ideas deserve or receive the same legal protection. Before designing tailored practices to meet particular business needs, employers should conduct a self-assessment to determine the extent to which they have and want to safeguard the following types of property:
Patentable inventions;
Copyrightable works, including software programs, website designs, marketing brochures, or customer manuals;
Trade secrets, including customer identities and preferences, marketing strategies, product pricing, or manufacturing processes; or
Other confidential information.
Some of the property listed above receives protection only if an owner or author takes certain formal steps to establish a particular legal status (e.g., patents for unique ideas, inventions and designs). Other property rights attach with far less procedural effort. For example, information may automatically rise to the level of a legally protected “trade secret” if it generally (a) derives economic value from not being known to others; and (b) is the subject of “reasonable efforts” to maintain its secrecy.
Regardless of whether a corporate asset is widely known and open to the public (such as certain copyrighted material) or is protected only when an employer takes “reasonable efforts” to treat and keep it confidential, companies have an interest in making sure that their property is not taken or used without proper authorization or compensation.
Strategies for Protecting and Keeping What’s Yours
In addition to making an assessment of the type and scope of intellectual property and trade secrets that you possess, employers should consider the following practical tips for protecting these assets:
Develop Policies and Train Employees About Them. For example, employers may wish to implement policies and procedures regarding confidentiality, conflicts of interest, inventions / intellectual property, restrictions on use of company equipment or company data, return of records, and electronic communications.
Don’t Rely on Policies Alone
Depending on applicable state and federal law, a policy alone may not be sufficient to solidify and protect an employer’s interest in particular property. Policies also often do not address key provisions such as assignment of ownership, what happens in the event of a breach and other terms that are helpful to an employer. Thus, employers should consider requiring executives and other key employees to sign separate confidentiality agreements, and when appropriate, non-compete and non-solicitation agreements.
Expressly Claim and Assign Ownership of Intellectual Property
For example, as part of the new hire process, employees should be required to sign a disclosure statement regarding any prior patents or other inventions that they have conceived or reduced to practice before their current employment. This helps provide a defense in the event the new hire later attempts to claim that a particular idea or invention developed at the company was his or her own prior concept for which he or she deserves compensation. Likewise, employees should be required to sign agreements which confirm that anything produced, developed or created by him or her on company time, on company property and/or using company confidential or other information is the exclusive property of the employer.
Limit External Access
For example, access to sales and production areas of a company’s facility should be strictly controlled. Visitors should also be required to “sign-in and sign-up” (e.g., use a visitor log that includes an express confidentiality agreement; issue security badges for non-employees).
Limit Internal Access
For example, access to information and records should be limited only to those employees with a business need-to-know. In addition, employers should consider implementing such measures as asset tagging, electronic property tracers, locked cabinets, security zones, employee badges, and other basic security precautions.
Monitor and Limit Access to Electronic Assets
For example, employers should consider granting access to categories or tiers of data with different levels of confidentiality assigned to each category / tier depending on the sensitivity of the material to be maintained. In addition, employers should consider using (a) password protection or encryption when emailing confidential information to third parties, and (b) general password controls on employee laptops, PDAs and other electronic devices containing confidential information.
Don’t Just Focus on Electronic Information
Many times employers spend a great deal of energy and effort on data security, but ignore basic blocking and tackling required to secure physical assets that can easily walk out of a company’s front door. Employers should consider implementing rudimentary procedures such as labeling confidential documents and files and keeping them under lock and key. Employees also should be required to sign a return of records and company property agreement at the time of their separation from employment with a company (if not before).
Don’t Just Focus on Employees.
For example, consider including confidentiality provisions or non-disclosure and return of records requirements in agreements with vendors, suppliers, independent contractors and business partners, where appropriate.
Beware of Inadvertent Disclosures
For example, information or product data posted on your company’s website may contain proprietary software codes or other confidential information. Information to be disclosed by employees in lectures, trade articles and/or corporate advertising should also be carefully reviewed for content.
Establish Policies / Procedures to Detect and Address Breaches
For example, employees should be required to acknowledge their receipt and understanding of the company’s electronic communications policy, which should clearly explain that: (a) employees have no expectation of privacy with respect to a company’s email and other electronic data systems, and (b) the company reserves the right to search and evaluate such information at any time. Companies should also consider installing monitoring software that tracks and records document access, copying, downloading, and other activity.
Helms Mulliss & Wicker: The firm’s 130 lawyers in North Carolina focus on serving clients in three practice groups: litigation, finance and corporate. Within our practice groups are a number of specialty practices including government relations, securities, mergers & acquisitions, employer services, private equity and others.
On the Web: www.hmw.com.
© 2007, TechJournal South. All rights reserved.
