On April 16, 2020, the White House issued its “Guidelines for Opening Up America Again,” and several states have begun a slow process of emerging from the shutdown. But even the most optimistic scenarios are fraught with uncertainty. Nobody can predict when the economy will fully reopen, or what that even means in the post-COVID-19 business world. Will increased remote work become the “new normal”? Will business meetings, pitches, and conferences, continue to take place by videoconference or other remote means? What about investigations, depositions, mediations, and court proceedings? And how long will all of that last? We also do not know when the next pandemic will strike, or even if COVID-19 will rear its ugly head again in the near future.
Amid all of these uncertainties, one thing is certain: At some point, either the business world will return to its pre-pandemic “normal” or a new post-pandemic “normal” will emerge. In either case, protecting trade secrets will remain vital for businesses that want to maintain their competitive edge. With that in mind, we turn our focus to ways in which business can protect their trade secrets as the country and economy get back to “normal” and companies develop a return to work action plan.
Focus on and enhance technical infrastructure
Many corporate IT departments have been stretched to capacity (and beyond) as they support a newly-remote workforce, effectively working triage for several months without the time, resources, or mandate to focus on big-picture, long-term, strategic issues. As emergency work levels off, internal IT departments, working together with management, can pivot their focus to shoring up their technical infrastructure in a thoughtful manner, including:
- Researching and determining which data storage and transfer, videoconferencing, communications, presentation, and monitoring software and platforms are both secure and user-friendly (so that employees actually utilize them and don’t look for more convenient workarounds).
- Implementing administrative safeguards on existing systems and databases, such as multi-tier password protection, to ensure access is only granted to those employees who truly need such access, and setting up reminders that pop up every time an employee logs into the company’s systems, or into a particular database or program, of their obligation to maintain confidentiality.
- Maintaining and regularly checking logs monitoring access to sensitive data for unauthorized access, perhaps even setting up alerts for activities that raise red flags.
- Providing and requiring the use of company-issued computers and devices, or at the very least personal computers and devices that meet certain security standards and have protocols that permit the employer to lock and/or remotely wipe company data and have built in protections against hacking or other cyberthreats.
- Reinstituting or strengthening any security measures that were relaxed during COVID-19 in the name of convenience or efficiency.
- Taking the time to perform a thorough trade secret audit to identify trade secrets, detect weaknesses in security, and implement effective technical protections, as well as policies and protocols for storing, accessing, using, and transferring data in a secure manner.
Shore up agreements, policies, and procedures
In addition to focusing on technical infrastructure, companies should take the opportunity to review and strengthen agreements, policies, and procedures concerning the protection of confidential information and trade secrets—or implement such agreements, policies, and procedures if none currently exists—to account for a more remote workforce. This can include:
- Enhancing or creating new remote work policies and procedures governing confidentiality, computer use, social media, cybersecurity, bring-your-own-device (BYOD), even home security and the like.
- Marking confidential materials clearly, so that if they are removed from a secure network it remains obvious that they are confidential and must be treated as such.
- Making sure that employees and business partners are only given access to sensitive information on a “need-to-know” basis.
- Reviewing and strengthening agreements with employees and business partners to ensure that they (i) are compliant with state law, include all necessary provisions (including, for instance, DTSA whistleblower immunity language); (ii) set forth detailed information deletion and/or return protocols upon termination of the relationship; and (iii) are otherwise as protective as possible.
- Discussing and building a consensus with business leaders around the circumstances under which post-employment restrictive covenants will be enforced and/or emergency injunctive relief sought in the event of a breach or misappropriation.
Training, training, training
As we previously discussed, an employer can have all of the policies in the world, but if employees are not properly trained and reminded of these policies, the policies may not be worth the paper they are written on. Trade secret-focused training should be part of any employer’s culture and conducted at least annually, and should include a section on permissible uses of sensitive information. Such trainings can be conducted remotely by videoconference or phone (on your secure system!).
Enforce your rights!
Finally, if any employees, business partners, or other bad actors have taken advantage of this unprecedented situation to misappropriate your company’s trade secrets or to brazenly ignore their contractual obligations, consider taking legal action to enforce your rights. More courts are reopening their doors to non-emergency matters each day, and that trend will continue. Even some courts that are only hearing emergency matters are including trade secret and restrictive covenant matters as emergencies. And, if the cost of litigation is untenable because of liquidity issues or due to an interest in keeping expenses down, litigation finance remains a valuable option where there is a potential to recover substantial damages. As we previously posted, you can and should prepare for litigation to protect your trade secrets even while shutdowns remain in effect.