"Post DTSA, How Should Companies Protect Their IP?" InsideCounsel
Post DTSA, How Should Companies Protect Their IP?
Here, we address the internal company policies that should be undertaken to ensure that critical IP assets are protected, especially in view of the recent passage of the Defend Trade Secrets Act of 2016 (DTSA).
In our first column, we emphasized that companies must continually identify all of the critical intellectual property assets created, owned and utilized for revenue generation in order to better allocate capital resources and ensure the long-term protection of proprietary company materials. In our second column, we discussed the benefits of such an IP evaluation as a risk management strategy when hiring new employees. Specifically, we discussed the risks associated with hiring experienced employees from competitors.
In this column, we address the internal company policies that should be undertaken to ensure that critical IP assets are protected, especially in view of the recent passage of the Defend Trade Secrets Act of 2016 (DTSA).
Of key interest to companies, the DTSA provides uniform definitions for “trade secrets” and “misappropriation.” In general, the form of the information qualifying as a trade secret under the DTSA is extremely broad, and includes information of any form and of any type so long as the information is actually secret. (A "trade secret" is neither known to, nor readily ascertainable by, another person who can obtain economic value from the disclosure or use of the information, independent economic value is derived from that secrecy, and the owner has taken “reasonable measures” to maintain the secrecy.)
While most companies can generally identify critical IP assets upon reflection, many fail to take reasonable measures to maintain the secrecy of those assets. It is not enough to simply say, “We have trade secrets;” the company is required to also do the hard, capital intensive work that’s required to effect a trade secret policy.
A successful strategy requires that all employees participate in protecting the assets, and that management unambiguously and explicitly expound a trade secret culture. You can’t just name a few employees as a trade secret protection group or install some new security product while the rest of your employees continue business as usual; you must enlist the support of every company employee to work toward a culture of full trade secret awareness.
Under the DTSA, either the acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means, or the disclosure or use of a trade secret of another without express or implied consent can constitute as misappropriation. When the alleged misappropriation is based on disclosure or use, the person who disclosed the information must have used improper means to acquire knowledge of the trade secret, and must have had knowledge that the trade secret was acquired under circumstances giving rise to a duty to maintain the secrecy of the trade secret or limit the use of the trade secret.
In this context, any conduct that falls below the generally accepted standards of commercial morality and reasonable conduct may be considered “improper means.”
Ultimately, the definitions for “trade secrets” and “misappropriation” require a company to act prospectively to avoid losing valuable IP or become subject to suit for misappropriation. At a minimum, companies should review their internal policies to ensure that they are meeting the required standards for due diligence, disclosures, confidentiality notices and employee obligations.
For due diligence, companies should regularly assess all company information to determine what information should be maintained as trade secrets and take appropriate steps to maintain the secrecy of such information. Companies should identify all of the individual company stakeholders and ensure that they have the authority and responsibility to conduct the critical intellectual property assets, and instruct them to always err on the side of maintaining the secrecy of company information.
Only employees who need to know a trade secret for purposes of carrying out their employment duties should have access to such trade secret information. The company should ensure that trade secrets are accessible only to employees on a need to know basis, and only to the extent necessary for those employees to carry out their duties.
Disclosures of trade secrets should ideally be conducted after the parties have executed a non-disclosure agreement that provides that verbal, or other non-written disclosures, shall be treated as secret, and that any disclosures must be memorialized either before or after disclosure.
To aid in the maintenance of internal trade secrets, it should become common procedure to mark any documents or media containing trade secrets with a notice of confidentiality, or be marked or designated as confidential information.
For example, a notice on the first or main title page of all trade secret communications should state:
This communication contains trade secrets or otherwise confidential information owned by the Company. Access to and use of this information is strictly limited and controlled by the Company. This communication may not be copied, distributed, or otherwise disclosed outside of the Company's facilities except under appropriate precautions to maintain the confidentiality hereof, and may not be used in any way not expressly authorized by the Company.
Similarly, physical facilities containing or constituting trade secrets may be designated as confidential by posting appropriate confidentiality signs or placing confidentiality labels on appropriately visible equipment or facility surfaces. Further, the company should control access to those physical facilities to avoid inadvertent exposure of trade secrets to third parties or employees without permitted access.
With respect to employee obligations, all employees should be required to sign a confidential information employment agreement setting forth their obligations with respect to the company's trade secrets and other matters as a condition of initial or continued employment. The confidential information employment agreement should be separate from the company’s employment agreement and have executable portions directed to both intake and departure of the employee.
The company’s confidential information employment agreement should provide notice of civil and criminal immunity under federal and state trade secret laws for any disclosures made to a governmental agency for the purpose of reporting or investigating a legal violation in order to comply with the DTSA.
A failure to comply with this notice requirement prohibits the recovery for exemplary damages and attorneys' fees under the DTSA.
Upon hiring of an employee, human resources should meet with any employee that will be exposed to, or will otherwise have access to, company confidential or trade secret materials to explain the company's trade secret policy, and provide the employee with a copy of the policy. In order to properly prepare such a confidential information employment agreement, the employee should be asked:
Have they retained any information, documents, or physical objects from their prior employer(s) after leaving employment?
Have they signed a confidentiality agreement with any prior employers?
What was the general nature and subject matter areas of the work performed for prior employers?
If they possess any independently derived confidential materials and/or inventive concepts?
If the employee has signed a confidentiality agreement with a former employer, the company should also review such agreement unless the terms of the agreement itself are confidential. Based on the supplied information and any information that may be provide by former employers directly, the confidential information employment agreement can be drafted for execution by the employee.
Upon the departure of an employee, human resources should meet with the individual and review the continuing and ongoing obligations of the individual with respect to the protection of company trade secrets. The departing employee should be informed that that the company may take legal action against the employee and/or his/her future employers, without prior notice, for disclosing or using information considered to be proprietary that was learned or obtained from the company.
The departing employee should also be asked about the nature and subject matter areas of the work expected to be performed for their next employer in order to determine if it is advisable to inform the next employer of the confidentiality obligations owed to the company. Upon the conclusion of the exit meeting, the departing employee should be required to sign the exit portion of the confidential information employment agreement affirmatively acknowledging the survival of their trade secrets and confidentiality obligations to the company.
Ultimately, corporate management is responsible for the success or failure of any confidential information or trade secret policy. And communication that management’s efforts to protect the company’s trade secrets are efforts to protect the employees’ jobs, their stock options and their pensions is the key to a successful critical information protection policy.
Responsible managers and stakeholders need to work to make sure employees understand what the company’s confidential information or trade secrets are, and what their responsibilities are for protecting the critical information. They need to know that risks to the company’s critical information are risks to its revenues, earnings and share price, and ultimately to their own jobs.
The employees must be mindful that their actions or inactions with respect to a company’s critical information can have significant and adverse effects to the company.
Reprinted with permission from the August 3, 2016, edition of InsideCounsel © 2016 ALM Media Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877.257.3382 or firstname.lastname@example.org.