In light of the COVID-19 pandemic, companies have made changes to their core business operations and instituted new practices and procedures in the blink of an eye. These changes have, perhaps unknowingly, created risks that could jeopardize the protection of valuable trade secrets. A trade secret, as defined under the Uniform Trade Secrets Act, is information that derives independent economic value from not being generally known or readily ascertainable by others and that is the subject of reasonable efforts under the circumstances to maintain its secrecy.
Below are five ways that the COVID-19 pandemic and its effects could threaten trade secret protection.
1. COVID-19 innovation
In the wake of the pandemic, many companies deployed know-how and manufacturing capabilities in new and different ways. From automotive companies manufacturing ventilators to an outdoor goods company making face shields, the pandemic drove light-speed innovation. This innovation included the use of existing trade secrets, and likely the creation of new ones. Much of this activity was accelerated given the public health crisis and may not have been accompanied by the typical steps to ensure trade secret protection. For example, it is possible that trade secrets were disclosed to new business partners or customers without an appropriate non-disclosure agreement in place. Alternatively, new technology may have been developed in collaboration with others, without clear contractual delineation of who owns the resulting intellectual property. As the flurry of this activity wanes, it may be prudent to inventory COVID-19 innovation activities to identify any potential holes in existing trade secret protection and any steps that may be necessary to protect newly developed trade secrets.
2. Information security
One key component to protecting trade secrets is information security. These fundamentals include, for example, using secure servers to save and communicate regarding sensitive company data, requiring user names and passwords to access information, implementing a shredding policy for confidential information, limiting facility access to those with approved credentials, and so on. Once put in place, these measures are often taken for granted, operating in the background. But when COVID-19 drove an unprecedented number of companies to a virtual model, any number of these measures may no longer be functioning as intended.
For example, employees are likely accessing and using trade secrets in new environments. An employee’s home internet may not be as secure as the company’s network, exposing sensitive company information to hackers or other unwanted intrusions. Similar concerns exist if employees, often facing overloaded remote server access, used shortcuts like personal email accounts or texting to communicate about sensitive business matters. Employees are sharing office space with their housemates, which could inadvertently expose company information beyond the appropriate audience. Communications that used to occur face-to-face now often occur over unsecure videoconferencing platforms that are vulnerable to hacking. Similarly, “smart home” devices may be “overhearing” confidential conversations. As the emergency of remote working fades into a new normal where at least some employees continue remote working and face-to-face communication continues to be the exception, businesses should ensure that their information security measures are adapted to the virtual environment.
Training employees on how to treat trade secret information is always a critical component of trade secret protection. Strong policies and robust training are even more important now. As a threshold matter, companies should ensure that annual or other routine trainings are not being skipped just because of remote working. The method of delivery may have to change, but trainings should not be deferred.
Moreover, the training modules, policies, and guidelines may need to be revamped or updated to account for remote or socially distant work environments. In addition to the usual reminders of ongoing obligations that exist in non-compete agreements or existing company policies, employees should also be reminded on how to encrypt sensitive information sent electronically, how to implement security features for videoconferencing, and how to limit access to printed or downloaded information when sharing work space with housemates. Companies should also train employees on how to recognize scams or phishing schemes targeting company data and devices. Finally, HR policies and procedures should be revisited to ensure a clear process for exit interviews and collection of company devices and information, even while working remotely.
4. Employee mobility
Nearly 40 million Americans have lost their jobs in the last several months, and millions more have been furloughed with their return to employment uncertain. In addition to the devastating immediate personal and financial consequences, this unprecedented volume of employee movement jeopardizes trade secrets. Individuals who had (and may still have) access to a company’s most valuable trade secrets could already be using them — through employment with a competitor, use in a new business venture or through more nefarious means, such as selling them to a generate a quick profit. For employees who have already been terminated, companies should consider invoking employment agreement provisions or company policies to insist upon the return of any trade secrets or confidential business information that remains in a former employee’s possession. In addition, sending a letter reminding a former employee of restrictions on use or disclosure of trade secrets could have a deterrent effect. While monitoring where each former employee lands may not be practical (or warranted), focusing on those who had access to critical information is another prudent step. If a former employee who had access to key trade secrets is hired by a competitor, more vigilance and enforcement efforts will be necessary. Finally, for future layoffs, companies should revisit existing agreements and policies, including provisions related to non-competition and non-disclosure of confidential and trade secret information, to bolster rights with respect to any additional employee departures.
5. Potential delays in enforcement
Acting quickly in cases of suspected trade secret misappropriation is always critical. Data needs to be preserved, often forensically, and lawyers need to be engaged to seek swift relief to prevent theft or improper distribution and use of trade secret information. The pandemic makes those timing issues even more important. For example, a company’s ability to investigate and preserve data on company devices may be compromised when employees are not located on site. Working quickly can help prevent key evidence from being lost. Courts are also moving at a slower pace. Lawyers are seeking and getting extensions; judges and court staff are also dealing with remote work, often juggling work with personal responsibilities at home. Most courts are still closed to in-person hearings in light of social distancing obligations. All of these factors will likely make it harder to get on a court’s calendar, even in “emergency” scenarios. Likewise, any expedited discovery timetables may be more protracted than normal. Having an action plan in place to both identify potential misappropriation quickly and act expeditiously on that information may help mitigate some of the other unavoidable sluggishness in the system.
* * *
As businesses scrambled to deal with the impacts of the pandemic, it is possible trade secret protection risks and solutions were lost in the shuffle. Acting quickly to assess potential exposure and adjust policies, procedures, contracts and information technology environments could have a tremendous impact on the preservation of a company’s most valuable assets.
Faegre Drinker’s Coronavirus Resource Center is available to help you understand and assess the legal, regulatory and commercial implications of COVID-19.