Time To Review How Secure Your Company’s Confidential Information Is

Contributed by Steve Jados

A recent online Wall Street Journal article on employee theft of company information included the statistic that 50 percent of the people surveyed admitted taking confidential information when they left a former employer.  Other statistics in the article made clear that most employers do not take adequate steps to guard against such theft.

Employers face a constant risk that departing employees may inflict substantial economic damage by taking trade secrets and other proprietary, sensitive, or otherwise confidential information and using it against the former employer.  In light of that risk, it is imperative that employers promptly review and strengthen their efforts to protect the information most critical to their continued success.     

Companies that use confidentiality agreements (or other more restrictive employment contracts) in an effort to safeguard confidential information must recognize that those agreements cannot, by themselves, adequately protect a company’s confidential information.  Those agreements are just the beginning of the process of securing confidential information.

The reality is that confidentiality agreements must be backed up by strong, strictly-enforced policies that restrict employee access to and use of confidential information.  The most basic of these policies require unique passwords to access company computers, networks, and electronic files.  Those passwords should be more complicated than “password,” and should be given only to those employees who must have access to the confidential information.  Companies should also consider policies that bar the copying or transferring of computer files to any computer, storage device, or e-mail account not owned by the company.

Other basic policies require that paper copies of client lists, marketing research, formulas, or anything else considered non-public and valuable to the business be kept (literally) under lock and key in locked drawers or file cabinets.  Again, only employees who need the confidential information should have copies of the keys.

Companies should also disseminate written policies that define, in detail, the steps employees are expected to take to keep confidential information secure.  Such policies should also require the prompt return of all company property, including confidential information, upon resignation or termination. 

The critical component with respect to confidential information is the enforcement of company policies.  When considering whether to enforce confidentiality agreements, courts typically evaluate the steps the employer took to protect its confidential information.  Courts generally will not extend their protection where the company has not made its own significant efforts to protect itself.  As such, businesses must undertake a critical review of their confidentiality practices to ensure that all security gaps are closed, and that there are no lapses in the enforcement of security policies.