News about cyberattacks often focuses on the risk to consumers’ personal information. But what about the damaging effects to companies’ confidential information and trade secrets? And what can companies do to protect themselves?
Rachael Lee Zichella, a partner at Taylor English, explored this important topic for general counsel in a recent edition of Today’s General Counsel.
While hackers interested in selling valuable, proprietary information to companies abroad can be responsible for such cyberattacks, a company’s employees are more likely responsible. According to Zichella, creating a “culture of confidentiality” is essential for a company’s legal standing in the future.
“In the event of legal action, it is key to demonstrating in court that the data is entitled to legal protection as either confidential information or a trade secret.”
Zichella offers several ways that general counsel can help lead this effort.
A company’s human resources and IT departments can no longer afford to work in their respective “silos.” These departments must carry out a common, integrated strategy of protecting the company’s propriety information through both technological and non-technological means, such as password requirements and non-disclosure agreements.
One would think that the stressing of confidentiality begins on day one of employment. Zichella asserts that this should begin well before, in the interview, as well as in the offer letter. In particular, HR should underscore confidentiality to candidates in sales, engineering or design positions.
Also of note: whether a company has a Bring Your Own Device (BYOD) policy. Zichella explains that it’s worth weighing whether this is beneficial for the company’s protection of sensitive information. While BYOD policies typically save a company money, they do cause a company to lose control over important and sensitive data.
Another area of prevention that Zichella recommends is NDAs and other covenants.
“Where state law allows, companies should also consider including narrowly tailored covenants restricting solicitation, recruitment and competition.”
A company’s employee handbook or compliance manual should always include data security, technology usage and confidentiality policies. Training programs around the treatment of proprietary technology should be an essential part of the onboarding too.
Furthermore, management plays a vital role in that they should review employee presentations and other materials to prevent the disclosure of propriety information.
Not only are precautions necessary prior to and during employment, but also when an employee is departing. Zichella also offers sound recommendations here.
“Have a return policy that requires that employees return all tangible and electronic information, and certify in writing that he or she has not retained any company property.”
Management should closely review the return of tangible and electronic property and make a detailed report.
Most important, concludes Zichella, prior to the termination of an employee or right after the employee quits without notice, IT should disable that employee’s access, including remote, to the company’s computer systems.