Checklist for Protecting Company Trade Secrets
A crucial part of protecting a company’s “crown jewels” or trade secrets is developing and implementing a trade secret protection plan. A trade secret protection plan should encompass written policies that are made available to all employees and consultants and are discussed with all parties who may have access to the company’s trade secrets.
The plan needs to be broad enough to provide protection, yet not be so demanding that employees and consultants are unable or unwilling to comply.
While each company’s needs will vary, there are some basic elements should be included in any trade secret protection plan. Here’s a checklist of ideas to consider when drafting a trade secrets protection plan:
- Have each employee sign a non-disclosure/confidentiality agreement. This agreement acknowledges that the employee has been or will be exposed to certain company trade secrets and other confidential and proprietary information.
- Ensure that the non-disclosure/confidentiality agreement contains a non-solicitation provision. A non-solicitation provision prohibits a departing employee from directly or indirectly soliciting the company’s customers or clients through the use of confidential or trade secret information, regardless of where they’re located, to do business with the employee.
- Although typically not enforceable with respect to California-domiciled employees, if legally enforceable (as in situations in which the employee is also an owner of the business), have employees sign non-competition agreements. A non-competition agreement prohibits a departing employee from working for a competitor or otherwise providing competitive goods or services for a certain period of time and within a certain territory or in regard to specific customers.
- Restrict access to servers, routers, and other network technology to those whose job responsibilities require access.
- Keep wire closets, server rooms, phone closets, and other locations containing sensitive equipment locked at all times. Place locks on computer cases to prevent hardware tampering.
- Lock file cabinets and offices that store sensitive information. Consider having sign-in/out sheets for files to establish a traceable chain of custody for files that shows who had the files last before any alleged misappropriation.
- Designate all documents containing trade secrets or confidential information as “confidential,” and implement procedures to help ensure that all documents deserving the “confidential” designation are appropriately marked when initially created.
- Implement password protocols for all employees for access to all critical system resources. Don’t let employees pick their own passwords; instead, assign passwords that are a series of random letters and numbers (there’s software to create these), and change these passwords at regular intervals.
- Have a policy that permits the employer to monitor and log employees’ Internet actions.
- Keep audit logs of all access requests to critical systems and sensitive information.
- If the company’s network is on the Internet, use a firewall, audit the servers for security holes on a regular basis, and make sure that the system has all of the latest security patches and fixes installed. (To claim trade secret protection, employer must show that it made reasonable efforts to maintain the secrecy of its information.)
- Back up all workstations and servers at least weekly and store backups off-site. Periodically test the backup system to ensure the ability to restore data if necessary.
- Train employees not to discuss the company’s trade secrets or confidential information around third parties.
- Utilize confidentiality provisions in contracts with any third parties (such as vendors and customers) that the employer permits to see its confidential information or trade secrets.
Please contact my office at email@example.com or 530-802-0640 if you would like us to help you draft or update your trade secret protection plan.
Virginia Ryan provides business law and estate planning services to clients in Northern California, including Auburn, Grass Valley, Nevada City and Truckee.