When employees leave, they can carry precious company secrets with them. Here, trade secret expert James Pooley provides a few tips on information security that could help protect you from losing your share of modern business’s most valuable currency: information.
Silicon Valley, CA (July 2015)—In today’s competitive global market, managers know that employees (including really valuable ones) are likely to change jobs every few years or so. Like it or not, employee mobility has just become a fact of life. But even worse than the cost of recruiting someone new to fill the vacancy when a key employee leaves, there’s one big, looming worry that’s sure to ratchet your anxiety up to critical levels: "She knows everything!"
The fear of an ex-employee sharing your vital secrets with her new employer is, indeed, a well-founded one. In the hands of the competition, information about your products, processes, strategies, and client base can dull your competitive edge and hurt profitability at a time when every penny counts. Sometimes, James Pooley says, it can even bring down a company.
"For employers whose main capital base is intangibles like goodwill or know-how, the thought of losing employees who have access to information assets is an absolute nightmare," agrees Pooley, author of Secrets: Managing Information Assets in the Age of Cyberespionage (Verus Press, 2015, ISBN: 978-0-9963910-0-9, $24.97). "After all, HR can get back a departing employee’s keys and laptop—but they can do nothing to remove the valuable knowledge in his or her head.
"At the extreme end, situations like this can threaten a corporate empire," he adds. "For example, when an executive with knowledge of the Thomas’ English Muffins ‘nooks and crannies’ recipe left to join a competitor, he was stopped by a court. Every business, whether or not it has a ‘secret recipe’ or highly specialized technology, almost certainly has information that gives it a competitive advantage, and it usually has to be shared with employees who may not be around tomorrow. The good news is there are ways to mitigate the risk."
Having recently completed a five-year term as deputy director general at the World Intellectual Property Organization in Geneva, where he was responsible for management of the international patent system (PCT), Pooley is an expert in the fields of intellectual property, trade secrets, and data security. Secrets, which explains how to recognize and mitigate the risk of information loss that’s so prevalent in our hyperconnected world, is a must-have guide for executives and managers, knowledge workers, consultants, security professionals, entrepreneurs, investors, lawyers, and accountants—anyone and everyone who works with information.
Here, Pooley shares nine ways for employers to minimize the risk associated with departing employees:
Realize that no one––not even your protégés––will stay forever. One mistake leaders often make is assuming that, because of either loyalty or gratitude, the employees they’ve trained and closely mentored will stick around indefinitely. But the truth is that all employees—even protégés—come and go. And if care isn’t taken to prevent it, they can leave with sensitive information.
"Many years ago, a client complained to me about an employee who left his company after he ‘taught him everything he knew,’" Pooley recalls. "My client was caught off guard—he expected that the employee’s gratitude for teaching him the business would fuel a permanent loyalty. In the real world, and especially the business world, it rarely works out that way."
Know what the law does—and doesn’t––protect. The law protects only trade secrets, not employee skill or general knowledge—but what’s the difference? The skill a worker acquires practicing her craft over time is hers to keep. The same thing may also apply to techniques and information she has learned over the course of her employment. However, if any of those techniques or pieces of information give her employer a competitive advantage, are not generally known, and are safeguarded to a reasonable degree by the company, they are likely to be considered trade secrets.
"If that explanation sounds confusing or open to interpretation, that’s because it is," says Pooley. "Trade secrets can range from unique processes for creating goods—such as the legendary Coca-Cola formula—to seemingly inconsequential details, such as a key client’s favorite wine. There simply is no hard-and-fast distinction between these types of assets. However, if a piece of information—no matter how minute—is privately held and gives your particular company an edge over the competition, chances are the law will treat it as a trade secret."
Clearly convey your expectations to job seekers. Applicants probably aren’t thinking much about trade secrets, but it’s still a good idea to be clear about your expectation that they will not bring with them information that could get you in trouble. A pre-employment interview agreement that spells out what prospective employees can and can’t use or disclose from their previous jobs is an indispensable precaution against inadvertent information theft.
"Make it abundantly clear to new recruits that their previous employers’ private information must stay private," Pooley recommends. "Promoting a culture of respect for others’ information rights reduces the chances of becoming involved in costly legal battles. Remind workers that there are no advantages to bringing competitors’ trade secrets with them, only risks."
Proactively re-recruit your best knowledge workers. Of course, the best information retention strategy is also an employee retention strategy: Hold on to your key people whenever possible. Proactively incentivize them to stay with your company by ensuring that they remain happy, appreciated, and well compensated. Yet also keep in mind that money usually isn’t the primary driver for loyalty.
"Happily for business owners, research has consistently shown that creative employees are driven by factors other than money," Pooley confirms. "The motivation to innovate—and to stay put while doing so—can come from a desire for personal recognition, intellectual curiosity, and even the wish to advance the interests of the company or the industry. If an employee produces a valuable idea or invention, make it known. Focusing on ways to keep the talent happy will almost always lead to better outcomes for your business."
Take advantage of nondisclosure agreements. As their name suggests, these documents legally bind employees not to share certain information assets (often trade secrets). Employees are less likely to compromise confidential information when they know it’s of such importance that the company has tied it to a document. Likewise, competitors are less likely to encourage new employees to divulge information acquired from previous employers if a nondisclosure agreement exists.
"Anyone who might have access to your trade secrets should sign an NDA at the beginning of the relationship," Pooley advises. "For new employees, the best practice is to provide a copy of the agreement to review and sign before the first day of work. This will eliminate any question of whether the agreement was signed voluntarily, and whether adequate ‘consideration’ was given in return for the employee’s promise."
Use noncompete agreements with care. Increasingly unpopular with judges (not to mention employees), noncompete agreements can be expensive to enforce and sometimes backfire. The terms of this kind of agreement can range from compensating workers for not seeking employment with any competitor to simply prohibiting competing for a certain period of time within a particular geographical area. (This is in contrast to nondisclosure agreements, which allow ex-employees to continue working in the field so long as the confidentiality of their former employer’s trade secrets is respected.)
"Noncompete agreements are controversial in comparison with NDAs," Pooley comments. "Some suggest that they interfere with the advancement of industry, because certain levels of growth and innovation are impossible to reach when employees are restricted from moving freely between jobs. Judges sometimes hesitate to enforce noncompetes because they impinge on the free movement of labor. On top of all this, workers can easily perceive them as roadblocks to the advancement of their careers, hurting company morale. In general, it’s best to find a balance between caution and fairness to employees."
Be sure to directly address the digital risk. While departing employees have always been able to take secrets with them, the chances of this happening have increased dramatically for many companies in the digital age. It’s critical for employers to be aware of the particular risks posed by employee-owned devices, the Cloud, file sharing, and more.
"It’s likely that a ‘social media mindset’ is present in most of your staff, meaning that they see information sharing as positive and normal," Pooley comments. "But what’s acceptable in their personal lives can be very dangerous in a business context. Technical controls like MDM (mobile device management) and NBA (network behavior analysis) software do help, but aren’t sufficient on their own. The best way to mitigate the digital risk is good old-fashioned people management. In addition to the other tactics listed here, technology-specific training and messaging, as well as enforcement that’s visible, will reduce problems."
Take potential security breaches seriously. If you think one of your staff may have violated your confidence, don’t hesitate to determine what trade secret information he regularly had access to and whether there is any evidence of unauthorized access. Investigate whether the employee has exhibited any unusual behavior such as excessive copying, downloading, emailing, or erasing of records.
If permitted by company policy and law, make a copy of the employee’s hard drive. Review his files, emails, and telephone records to determine what (if any) company information has been disclosed outside and, if so, to whom. Only after gathering this information and consulting with legal counsel should you confront the employee.
"Your main focus at this point should be discovering where the information has gone, not prosecuting the worker," says Pooley. "The most important thing is retrieving the property and preventing it from further distribution. After that, legal counsel will advise you on how to proceed with the employee issue."
Never skip the exit interview. Even with voluntary departures, it’s important to share your concerns and learn about the employee’s plans. The potential for harm isn’t limited to "stolen" data—simple misunderstandings can also lead to distracting, expensive litigation. If there is no reason to believe that the departing employee has any intent to breach company confidentiality, simply arrange a meeting to learn more about her decision to leave and to reinforce your concerns and determination to protect the organization’s interests.
"It’s possible that others may be involved, and a group departure is inevitable," adds Pooley. "If this is the case, you should seek legal advice as soon as possible to investigate and properly react to the threat a mass exodus could represent."
"Profitable secrets falling into the wrong hands really can spell doom for a company—especially in a time when the vast majority of information is shared across the global network of the Internet," Pooley concludes. "It’s essential for any organization that deals in information to actively protect its intangible assets from the watchful eyes of competitors. Fortunately, with responsible practices, secrecy is still possible in the online age."
About the Author:
James Pooley is the author of Secrets: Managing Information Assets in the Age of Cyberespionage. He provides international strategic and management advice in patent and trade secret matters, performs pre-litigation investigation and analysis, and consults on information security programs.
Mr. Pooley recently completed a five-year term as deputy director general at the World Intellectual Property Organization in Geneva, where he was responsible for management of the international patent system (PCT). Before his service at WIPO, Mr. Pooley was a successful trial lawyer in Silicon Valley for over 35 years, representing clients in patent, trade secret, and technology litigation. He has also taught trade secret law at the University of California, Berkeley, and has served as president of the American Intellectual Property Law Association and of the National Inventors Hall of Fame, where he currently serves as chairman of the board.
Mr. Pooley is an author or coauthor of several major works in the IP field, including his treatise Trade Secrets (Law Journal Press) and the Patent Case Management Judicial Guide (Federal Judicial Center). He graduated from Columbia University Law School as a Harlan Fiske Stone Scholar in 1973 and holds a bachelor of arts, with honors, from Lafayette College.
About the Book:
Secrets: Managing Information Assets in the Age of Cyberespionage (Verus Press, 2015, ISBN: 978-0-9963910-0-9, $24.97) is available at bookstores nationwide and on Amazon.
For further information, please visit www.veruspress.com.