Establishing a Security Policy
Managing a company’s tangible assets (such as cash, property, and product inventory) is a traditional business responsibility that rightfully receives a lot of attention from business leaders. Unfortunately, managing the company’s intellectual assets (such as trade secrets, employee know-how, and competitive practices) is less understood and, all too often, neglected.
Intellectual asset (IA) security involves planning for protection of intellectual assets, and instituting information security procedures and routine training in those procedures to limit the risk of employees inadvertently or intentionally disclosing business-critical information and know-how to competitors. Here are a few tips on establishing an IA security policy.
Businesses put a lot of time and effort into identifying employment candidates, planning and conducting candidate interviews, and orienting hires to their new positions. Your IA security policy should include documentation and training that contains guidelines for addressing IA at every employment candidate interview. Such guidelines should guard against an employment candidate exposing the business to accusations by the candidate’s previous employer(s) of infringement or misappropriation.
Each pre-hire interview should start with the first interviewer explaining to the candidate that the hiring company has strict policies against improperly acquiring another company’s trade secrets and infringing on another company’s exclusive rights. The interviewer may ask the candidate to list the trade secrets the candidate knows (without revealing protected detail). The interviewer also could ask the candidate to confirm their belief that they can perform the duties of the job for which they are being interviewed, knowing what they know, without using any previous employer’s trade secrets.
Before immersing a new hire into the position for which they are hired, the hiring company should take an inventory of the trade secrets the employee knows from past employment. The hiring company should review any agreements signed by the new hire when they left their previous employment (e.g., confidentiality, non-compete, non-solicitation, and/or invention agreements). Upon completion of the IA inventory, the new hire should be put on formal notice that they are forbidden from bringing any of the inventoried work product onto company premises. The hiring company may elect to require certification in writing that all protected material listed in the inventory has been returned to the previous employer.
New hire orientation should include formal training on the company’s IA security policy, as well as presentation of a written copy of the policy to the employee. The hiring company should require signed acknowledgement by the new employee that the documented policy was received and explained, and that they understand and will comply with the policy as a condition of employment. The hiring company may elect to transmit a letter to the previous employer informing them of the hiring event and of the strict IA security policy that is in place for the employee.
Finally, the hiring company must notify the new employee of their responsibility to protect intellectual assets related to their new position. The new hire should be required to execute a written non-disclosure agreement that lists as specifically as possible the existing and planned IA to which they will be privy. Specificity in such agreements is key.
On The Job
Frequent and routine training in the company’s IA security policy should be conducted (and documented) for each employee. When new secrets are disclosed to an employee, non-disclosure agreements in place should be updated to record that disclosure. Doing so may help the employer defeat later claims by the employee that a particular disclosure was not included in the agreement or was not understood by the employee to be secret.
The employer should establish policies to restrict access to business secrets on a need-to-know basis. Data protection mechanisms and procedures should be put in place for office automation systems. Physical security should also be addressed, including document management actions such as marking, dissemination and destruction.
When an employee is leaving the company, an exit interview may be a useful tool in safeguarding business secrets. The exit interview should be used as an opportunity to reiterate the IA security policy to the terminated individual. The company should collect written acknowledgement by the terminated individual of their responsibilities in keeping with all agreements executed during his or her employment. The employer should also request written acknowledgement that the terminated individual has returned all protected materials and tools to the employer.
Your intellectual assets are the primary value-driver in your business, so protect them with all the discipline you employ with your tangible assets.
Bill Harding is an attorney with Widerman Malek, PL, a Melbourne, Fla. firm practicing in intellectual property including, patent, trademark, copyright, and trade secret law. He may be contacted at WHarding@USLegalTeam.com