Best Practices for Protecting Confidential Information
Employers have legal options if their trade secrets are stolen, thanks to the federal Defend Trade Secrets Act (“DTSA”). The DTSA is paralleled by the Uniform Trade Secrets Act (“UTSA”), which has been enacted by the majority of states. Trade secrets are defined as information that derives economic value by not being generally known. If employer trade secrets weren’t properly protected, whether they were illegally accessed by hackers or stolen by workers, there is no legal redress for the theft under the DTSA. An employer must take reasonable measures to preserve its trade secrets in order to claim damages under the DTSA and comparable state laws. However, each case’s specific circumstances will determine what “reasonable measures” are.
Protecting Trade Secrets & Confidential Information from Employees
The term “trade secret” does not apply to all confidential information. Experts, therefore, advise using strict employment contracts and confidentiality agreements to prevent employees from misusing sensitive employer information. Employers are advised to include the following provisions in their employment agreements:
- A clear definition of the information that qualifies as confidential or a trade secret;
- A clear delimitation of an employee’s right, or lack thereof, to access that information;
- Detailed requirements of actions that employees must take to protect confidential information and trade secrets; and
- A provision defining the employee’s duty of confidentiality post-employment.
- Contracts alone aren’t enough to support a claim under the DTSA, but employers may seek damages from employees and related third parties through breach of contract litigation.
Electronic and Physical Safeguards
In order to determine whether private trade secrets are sufficiently protected under the DTSA, courts typically take into account two factors:
These must be in line with the type and location of your trade secrets. For instance, a confidential recipe, program, or business strategy may be safest in a locked vault where it cannot be accessed online. However, the protection of electronic trade secrets should include encryption, passwords, restricted networks, security software, and expert security monitoring. Storing trade secrets on cloud-based software that is accessible by the program host or employees is one of the most common mistakes that new businesses make.
Limiting access to trade secrets with Need-to-know Disclosure is also crucial. Documents should only be accessible to essential staff. It’s good training to only allow employees to access the data they need to do their jobs. Trade secrets should rarely be accessible to employees remotely, and two-step authentication should always be used to avoid password sharing and unintended access.
It’s important to disable USB ports, disc drives, and the ability to copy and share protected information.