Remote work presents risks to proprietary information
With millions of workers shifting to a remote-work arrangement, employers must be mindful of the risks to proprietary information.
Legal protection of trade secrets under both the Uniform Trade Secrets Act (UTSA) and the federal Defense of Trade Secrets Act (DTSA) depends on whether a company takes “reasonable measures” to safeguard the secrecy of the information. Many companies satisfy this obligation by implementing policies, controlled access to where such information is used and stored and IT security measures.
Related: Cybersecurity fears keeping CEOs up at night
With millions of American workers hastily shifting to a remote-work arrangement during the pandemic, employers must be mindful of the risks to proprietary information presented by this changed work environment.
Revisit policies
Policies and protocols that were drafted premised on restricted use of trade secret information on the employer’s premises will need to be reviewed and revised. Without revisions, an employer could be perceived to be negligent or selective in its enforcement of safeguards. If employees are being permitted to perform work from personal computers or firewalls have been disabled to permit remote work, employers should consider prohibiting sending or storing of company confidential information on personal email accounts, portable storage devices or personal cloud accounts.
Guard the home office
Reminding the workforce that their contractual obligation to ensure that confidential information remains confidential applies equally at their remote worksite. Employers may want to provide employees with guidance or directives about where work involving trade secret information can be performed. Depending on the sensitivity of the information, employers could require all work to be done in a room in which only the employee has access or that all information be locked away.
With the new popularity of videoconference meetings, employees should be mindful of trade secret information in the background that may be visible to outsiders. This risk is amplified if a spouse or partner also shares the workspace and is not aware of what is or is not considered to be confidential. Employers might also recommend that hard copies of documents that employees took home or printed while at home be shredded or disposed of properly when the employee returns to office.
Be mindful of departing employees
Traditionally, a large percentage of trade secret misappropriation involve a departing employee that takes proprietary information with them. The exit interview of a departing employee was the best opportunity to recover all company property, to remind the employee of their ongoing confidentiality and other contractual obligations, and to ensure that the employee had taken adequate steps to search for and return all company information in their possession.
With a large influx of employees being furloughed or laid off in the weeks following the enactment of the stay-home orders, exit interviews were excused or became cursory. The challenges of terminating an employee who is remote, including the return of company property, must be fully considered. While laptops can be shipped back, it is critical to take steps to ensure that the employee has returned or destroyed hard copies of materials and has searched for deleted confidential information on personal devices or in cloud storage accounts.
In this chaotic environment, employers may forget to disable the workers access to company systems, shared drives or outside account access to databases such as Salesforce.
Work with IT to strengthen safeguards
It has been reported widely that phishing and related cyberattacks have increased when the remote work arrangements commenced. With the assistance of IT professionals, companies may wish to implement additional protocols to ensure that trade secret information is not unwittingly compromised:
- Changing settings of company-issued or personal computers to lock the screen after a short period of non-use.
- Requiring all work to be done on the company’s secured network, like a VPN.
- Requiring employees to password-protect their home WiFi system.
- Prohibiting transmission of confidential or trade secret information and instead using shared drives or cloud accounts that the employer sets up with access rights limited to a need-to-access basis.
- Increasing training and reminders to employees about malicious emails and other security compromising tactics.
- Implementing remote lock-out and wipe capabilities to company devices should they be misplaced or stolen.
Each company must assess what practices suggested above are “reasonable under the circumstances” to maintain the integrity of its trade secrets taking into account how work is performed. There are some suggestions that might be stifling to productivity and others that may be cost prohibitive. What may be reasonable to one business may not be reasonable for another. Instead, the recommendation is to think about many of the safeguards that are in place at the office and how the remote work environment has rendered those safeguards less effective.
Even in jurisdictions that are reopening, employers should consider the issues presented above and formulate a plan to ensure that confidential information and materials follow the employees from home back into the office.
Read more: