Protecting your company’s confidential information isn’t rocket science. It does, however, require proactive safeguards and sustained diligence.
Every business and professional practice needs a plan for the protection of its confidential information. Today’s employees can easily become tomorrow’s competitors. Vendors or other third parties may have no scruples about using your confidential information competitively.
How can you protect your confidences affordably?
The first thing to consider is whether your company has trade secrets to protect. A trade secret may consist of any formula, pattern, device or compilation of information that has value to the business and which gives the business a competitive advantage because it is not generally known. It may be a formula for a chemical compound, for example. Or it may be a customer (or patient) list or a business plan for targeting a specific market or the physical plant where proprietary equipment is used or proprietary source code. The test is whether the business derives independent economic value from the information because the information is not generally known to, and not readily accessible by, others—if the information is, in fact, protected by steps that are reasonable under the circumstances.
There are limits, of course, to what is protected by trade secret law. A manufactured item, for example, loses its protection (absent a patent) once it is sold or shown publicly. Likewise information disclosed in publications or possessed in the general knowledge of the trade or profession is ineligible for protection. An abstract idea may only receive protection, no matter how valuable, if it is novel.
If you do have a trade secret, you must take reasonable measures to protect it. An important element in such protection is a strong confidentiality agreement, one that may be recycled as the company takes on new employees or customers. It is also important that the company have in place internal security measures to prevent against inadvertent disclosure or intentional disclosure to third parties. This may be as simple as having multilayered password protection on your computer network and reasonable control over employee emails relating to the protectable information.
It is important to remember, however, that your company may protect confidential information even if that information does not strictly qualify as a trade secret. This may include valuable know-how and other confidential information that your business seeks to protect from misappropriation by former employees, consultants or independent contractors. The best way to protect such information is to require that every employee and independent contractor your company hires, even those who are not under a non-compete agreement, sign a confidentiality agreement. A confidentiality agreement will typically recite that the employee (or contractor) acknowledges that he or she has confidential information as a result of the relationship and agrees that the company is entitled to protect that confidential information in specified ways.
Merely obtaining a promise of secrecy from an employee (or contractor) may not be enough to protect the information, however. So a wise business will, in addition, provide specific notice in writing of important information that the company regards as confidential, and will demonstrate vigilance in protecting that information from any inadvertent disclosure or misappropriation. Ideally, if you have a protectable interest at risk, you should supplement such a confidentiality agreement with a covenant not to compete against the business for a reasonable period of time.
When you must disclose confidential information to other parties, you should do so only by nondisclosure agreements—for which there are many useful forms on the Internet—reciting that the recipient of the information agrees to maintain it in confidence. Ideally, you should also make it clear in writing to the recipient that you are imparting specific categories of information that your business regards as confidential and proprietary.
Confidentiality should be created at the time of the disclosure to a third party, rather than afterward, when everyone has raced to the courthouse. As in the case of trade secrets, the difficulty in protecting confidential information is in drawing the line between the protectable and the unprotectable. The only standard in this area is that if the information is easy to ascertain on the Internet or in other literature, or is known throughout the industry, it is not protectable. The more difficult it is to capture the information through reverse engineering or other means, the greater the likelihood the court will consider it confidential. Despite the lack of certainty in this area, what you can, and should do, is to clearly specify in your employment agreements and nondisclosure agreements the information you regard as confidential and protectable. This will not only deter misappropriation but increase your chances of protection if you have to go to court.