Best Practices: How to Protect Trade Secrets From Loss Through Departing Employees

1. Introduction

We start with the assumption that your company has already laid the foundation for IP protection, including the creation of a rock-solid trade secrets program (for more on this topic, see the Fish Trade Secrets: Protection & Defense webinar).

• All employees who have access to trade secrets executed well-crafted NDAs/confidentiality agreements when hired, where they promised to abide by the company's confidentiality policy both during and after their period of employment.
• During the time of their employment, these employees received regular training about the reasons for the Confidentiality Policy and the importance of observing it.
• Your company never failed to take adequate precautions to protect its Confidential Information, such as by limiting access to that information only to those with a "need to know" about it, storing the information in secure locations in your office or on your computer network, and marking confidential documents with prominent notices of their confidential nature and taking reasonable measures to prevent their being copied or distributed.
• And, of course, your company's trade secrets must actually merit "trade secret" status that is, they amount to information that isn't readily available or easily ascertainable and that has value to your company because they give you a competitive advantage over others in the marketplace.

What follows can help you to build an employee departure checklist to make sure valuable trade secrets aren't lost.

2. Best Practices For Dealing With Departing Employees

Best Practice No. 1: Conduct a Thorough Exit Interview

Every departing employee who had access to your company's confidential/trade secret information (whether directly or indirectly through co-workers) should undergo a thorough exit interview conducted by someone who has been trained to conduct such an inquiry. During the interview process, be sure to:

• Give the employee a copy of the most recent Confidentiality Agreement/NDA she signed, determine that she understands its terms, and explain that she continues to be bound by it after she leaves the company. Give her an extra copy to take with her and advise her to supply a copy of it to her next employer (or, alternatively, let her know that the company may communicate directly with her new employer about her being contractually bound to preserve the confidentiality of company information).
• Question the employee about what specific confidential information she accessed during her employment and whether any of that may still be accessible on her company-owned computer or other company-owned device (mobile phone, laptop, tablet), on any personal device (cellphone, home computer/tablet), any thumb drive, external hard drive, on any kind of cloud-based storage or service, or as a paper copy that might be found in her office, home, car, etc.
• Ask about the employee's post-departure plans. Has she accepted employment elsewhere, and if so with whom and to do what sort of work? If not, what are her plans for finding another job?
• If the employee has also executed a Non-Solicitation Agreement committing not to seek to persuade other company employees to resign their positions and join the employee's new employer or venture, then make sure the employee understands the terms of the agreement and has not done (and will not do) anything to violate its terms. [Note that even in a jurisdiction like California, which refuses to enforce non-competition agreements, will enforce a non-solicitation agreement if necessary to protect the employer's trade secrets.]
• Before the exit interview is concluded, ask the employee to execute a certification attesting that she understands her obligations respecting confidential information, has complied with them, and will continue to do so.
• Take possession of the employee's office keys, badges, access cards, laptop, mobile phone (if company-owned), and other company-owned devices. For devices and files of any kind, make sure that you will be able to access them after the employee departs, either through an administrative password or by getting all access information from the employee and testing it with the employee present.
• Make certain that the employee's passwords, PINs, and/or other means of accessing the company's computer system, any cloud-based systems, and any email or messaging accounts, are disabled as soon as the employee departs.

After conducting the exit interview, the interviewer should assess the employee's credibility and make recommendations about whether further investigation is warranted. Also, as with any exit interview, it is best to have more than one person on the company side of the interview as a witness. Remember that severance payments that are not already mandatory can be made contingent upon good faith compliance with efforts to secure trade secrets.

Best Practice No. 2: Recover All Copies of Confidential Information

Before the employee's departure, ensure that all company Confidential Information has been accounted for and recovered.

• If need be, accompany the employee to her office or workspace and sort through any company papers, files, thumb drives, etc., that may be found there to ensure that any company confidential information found there is accounted for and safely retrieved.
• If you determine the employee has company Confidential Information stored offsite, such as in files on a home computer or a personal mobile device or in the employee's car, then seek to arrange to have someone accompany the employee to the offsite location to observe the removal of the Confidential Information from the employee's control.

Best Practice No. 3: Preserve the Employee's Hard Drive (or a forensic copy of it)

All too often, employers routinely wipe a departed employee's computer hard drive clean and then return it to service, only to discover, months later, that the employee may have helped herself to vital company trade secrets before walking out the door. If an employee who had access to important confidential information leaves the company, preserving the employee's hard drive for some reasonable period of time is vitally important (and, after all, hard drives aren't all that expensive). Alternatively, the employer can, for a reasonable sum, have a forensic copy made of the hard drive (i.e., a bit-for-bit copy of the hard drive that will capture every "1" or "0" and even slack or blank spaces and deleted files and file fragments). Note, however, that a forensic image is different from a simple copy that most IT personnel will make, and one can only guess how much evidence has been destroyed by IT personnel who made a copy and quickly wiped a drive in an effort to manage what are ultimately trivial costs in comparison to even the first day of a lawsuit.

• Forensic examination can show, for example, when USB drives were inserted and what the directories on the drives were named. They can also show when items were viewed and copied and can give access to deleted emails and other messages.
• Calendar entries again, even ones that were subsequently deleted may show meetings were being scheduled with the company's customers before the employee submitted his resignation.
• Mobile devices, such as the departing employee's company-provided mobile phone, should also be preserved and may be sources of valuable forensic evidence, including evidence regarding chats, photographs taken, and contacts stored or copied.

Best Practice No. 4: If in Any Doubt, Thoroughly Investigate the Employee's Activities Before/After Departure

If at any point before or during the exit process, a concern arises that the departing employee may attempt to use company trade secrets or other confidential information in violation of her contractual commitment, then the employer, acting with the assistance of counsel, should promptly take steps to launch a thorough investigation.

• If the employee has not yet undergone the exit interview process and is still at work, consider covertly utilizing keystroke logging functionality to capture the employee's computer activity in real-time. This will reveal, for example, what files the employee is accessing, what searches she is conducting, what messages she is sending (and when and to whom). Ideally, the paperwork signed by the employee upon hiring will expressly acknowledge this level of employer access.
• Track the employee's telephone activity, tracking calls to and from her extension in the office or on a company-owned mobile phone, to determine who she's communicating with by phone.
• Monitor the employee's calendar, expense reports, and other sources of information about her activity.
• Consider contacting loyal customers with whom the employee deals to determine whether she's been in touch with them about transferring their business elsewhere.
• Interview the employee's co-workers (at least ones whom you can trust to be discreet) about whether she's discussed her plans with them or sought to have them join her in transferring to employment elsewhere or starting a new venture.
• Monitor the employee's public social media activity (being careful not to violate any privacy laws in doing so).
• Again, when suspicions of trade secret theft are significant, you are best off engaging outside counsel and potentially a forensic investigation firm to help you to perform the inspection in a safe, legal manner, without damaging or tainting any valuable evidence. At a minimum, such an investigation should be conducted by or with the assistance of in-house counsel.

For more information and frequent updates on trade secrets law, both state and federal, please visit Fish’s Trade Secret Litigation page.

More questions? Contact the authors or visitFish's Intellectual Property Law Essentials.