Customer Lists Part 2: How to Maintain Secrecy and Confidentiality

One of the primary reasons for using a restrictive covenant agreement is to protect a company’s confidential information and trade secrets. By implementing certain policies and procedures, a company can significantly enhance its chances of winning trade secret and/or confidentiality disputes. These policies and procedures are focused on ensuring that the company takes reasonable steps to maintain the secrecy of its confidential information. It is critical that these policies are put into actual practice and not simply written and stored in a file cabinet somewhere. Actual practice wins the day, not good intentions.

In most states, for something to be a trade secret, it has to be, among other things, sufficiently regarded and maintained as a secret. It must be subject of overt efforts that are reasonable under the circumstances to maintain its secrecy or confidentiality. What does this mean? What steps can a company take to enhance its ability to enforce nondisclosure agreements and claims under trade secrets laws?

  • identify the confidential information to be protected by using legends and notices on documents and files (e.g. mark with a “confidential” stamp);
  • inform and remind employees of their confidentiality obligations at hire through policies, policy acknowledgements, and agreements, and during employment through periodic training and reminders;
  • have technology policies that prevent use of confidential information, access to company databases for improper or competitive purposes, and prevent file copying to portable media or uploading to the personal sites of employees;
  • physically secure documents in locked file cabinets and rooms or where security staff monitors and records access;
  • limit access to documents both electronically and physically, and create a record keeping system that records access by anyone;
  • use layered security codes, computer passwords, and other routine electronic file and data protection strategies;
  • require confidentiality agreements before sharing information with vendors, consultants, or contractors, including with temporary staffing agencies and workers, before allowing on-site temporary workers access to the information; and
  • make sure the confidential information sought to be protected is not publicly available, i.e., on websites, sales brochures, and public filings, etc.
  • Use exit interviews and written separation documents to remind employees of the company’s confidentiality and computer use and access policies, agreements, and any other obligations the employee may have to the company. The exit interview is also an opportunity to identify and collect all company property (computers, smart phones, copies of documents) and perform a forensic exit audit of personal computers, storage media, laptops, server files, and cloud storage to ensure compliance with the destruction of confidential information and determine an employee’s intentions after they leave.
  • If there is a non-compete or confidentiality agreement at issue, be very specific and ask each employee where they are going and if it is to a competitor. Remind the exiting employee to notify the new employer of his/her continuing obligations to the company.
  • Check and secure the employee’s computer, smartphone, email, social media, and voice mail records. Have a policy that preserves all electronically stored information on the employee’s computer, flash drives, and smartphones for a period of time (i.e., do not simply put them back into use and keep them in a secure location).
  • Provide notice to the new employer of the employee’s obligations, along with a copy of the employee’s agreement.
  • If there is any suspicion of wrongful competition or threatened wrongful competition, collaborate with your attorneys immediately to implement the best strategies to preserve and collect evidence to support the company’s case. It is critical to minimize damage by seeking injunctive relief as quickly as possible.

In our next article, we will explore more policies and procedures a company can implement to protect its confidential information.