Minimize Risks to Trade Secrets in Remote Workspace Environments
Trade Secrets Alert 03/25/20 Johanna Wilbert
As many employees settle into a new normal of working from home, the law has not changed and still requires companies to take reasonable steps to maintain the secrecy of trade secret information. Below are some tips to help companies and employees work together to protect important company assets in today's new normal:
- Educate Employees About Cyber Attacks and Phishing: Unfortunately, many see COVID-19 as an opportunity to gain access to confidential financial information, password information, and sensitive data. To help guard against such attacks, it is important to remind and educate employees about such phishing attempts and provide guidance about how legitimate formal requests for such information will now be made and handled in the context of working remotely.
- Remind Employees of Relevant Policies and Affirmatively Update Policies as Needed: To the extent current policies regarding the handling of confidential information and trade secrets remain relevant and appropriate, send a reminder to employees about such policies so employees have a clear understanding of the procedures and policies that apply. Specifically, in the current work environment, a reminder about policies for taking files or company property home and safeguards in working with those files and property is recommended.
- Document and Communicate Relevant New Policies: To the extent old policies are no longer appropriate for the new work environment, or need to be expanded, document changes and communicate the new policies, procedures, and expectations in writing. It is better to document changes to old policies than to have it appear that the policies are being violated and no longer relevant.
- Address Thumb Drives and Remote Storage: Provide clear guidance to employees regarding expectations for handling confidential data. For example, what, if any, restrictions does the company have regarding use of thumb drives, external hard drives, use of privately-owned computers, use of private printers, use of personal e-mail, etc. For transfer of critical data, consider providing company-owned methods of transfer, such as company-controlled file transfer sites or company-owned hard drives.
- Identify Trade Secret and Confidential Information: With many different types of employees now working remotely, even if you have a general policy, financial information may need to be addressed differently than design drawings. Encourage those responsible for key trade secrets and confidential information to provide more specific instructions to relevant employees related to how the policies apply to different types of data. Often the first step in taking reasonable measures to protect trade secrets is to identify the trade secrets clearly and concisely so those working with the data know what restrictions apply to that data.
- Continue Efforts to Limit Access Both Virtually and At Home: As you would in a physical office, continue to limit access to key information. Not every employee working remotely will need to access every file or every software program. By limiting access with virtual access limits, a company can continue to maintain secrecy while having those that need to know the information have access to it. At the same time, provide employees reminders and instructions on how to limit physical access by only printing trade secrets when absolutely necessary, generally restricting access to such documents, and using a shredder or other secure method to dispose of such documents when they are no longer needed.
- Work with IT to Monitor Unusual Access: Work with your IT professionals to monitor key servers for unusual access patterns, whether from internal employees or external sources.
Smart Home Assistant Devices: Provide instructions to employees regarding whether home listening devices such as Google Home™ should be deactivated. Depending on the circumstances and the nature of the confidential information being discussed, it could be reasonable to request that such devices are either disabled when having conversations or that conversations are held in a location where the devices cannot hear you.
Find Answers to COVID-19 Issues, Impacts and Recommendations from Quarles & Brady.
For more information about how to best protect IP assets in remote workspace environments, please contact your local Quarles & Brady attorney or
- Johanna Wilbert: (414) 277-5495 / [email protected]