Richard D. Alaniz

One trillion dollars. Remember when that used to seem like a lot of money? I don’t either. But it is still a lot of money. And losing a trillion dollars is definitely going to cause people to sit up and take notice.

Presenting at the World Economic Forum in Davos, Switzerland, software security company McAfee reported that total losses from the theft of company trade secrets topped one trillion dollars in 2008.

It’s easy to attribute such a number to organized groups of cyber gangsters performing 21st century versions of the Great Train Robbery with their laptops. Unfortunately, the truth hits a little bit closer to home. A recentBusinessWeeksurvey found that 58 percent of employees admitted to stealing company resources for personal use. The survey found that a substantial number admitted to stealing confidential employer information. Surprisingly, small employers with less than 100 employees were the most vulnerable.

With so much at stake, now is an excellent time to review your trade-secret protection policies and bring them up to date. Your proprietary information is vital and there are a number of steps you can take to greatly reduce your risk of theft.

WHAT EXACTLY ARE OUR SECRETS?

One of the most common reasons why employers don’t have trade-secret protection policies is that they never really thought they had any trade secrets. The Uniform Trade Secrets Act defines a trade secret as “a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.” That’s a mouthful.

Put another way, a trade secret is information that you don’t want your competitors getting hold of, because they don’t have it and their possession of it could hurt your business’s prospects or bottom line.

Easy examples of this are customer lists and pricing information. Suppose your company is one of five air conditioning repair companies in the city. Your company has a pricing structure that you use to determine how much to charge customers for various repair jobs. You also have private agreements with suppliers of the different materials you need in order to perform your labors (copper coils, etc.). What would happen if your biggest rival suddenly obtained a list of your pricing structure and copies of every private agreement with each of your suppliers? They’d put you out of business. Needless to say, could you imagine a scenario were one of your disgruntled former employees sells all of that information to your competitor. Worst of all, how long would it be before you even knew he did it, if ever?

Trade secrets can be a lot more than just the obvious. Your company might have a unique way of repairing air conditioners or you might recycle the copper coil or some other valuable component. Either way, you have a unique procedure that you use to increase your profit margin. If your competitor became aware of that procedure, you would lose your competitive advantage.

A key point in recognizing trade secrets is making sure the information is actually secret. Pricing information found on your Website is not a trade secret. The clever recycling program you gave a presentation on at last month’s industry trade show is also no longer a trade secret. But once you have identified what is a secret, the next step is protecting it.

MAKE A POLICY WORTH MORE THAN THE PAPER IT'S PRINTED ON

Do you have an official policy regarding disclosure of trade secrets? If you answered no, you need one. If you answered yes, when was the last time your employees saw it? Hopefully you didn’t say, “The last time they looked at the employee manual.”

The first thing to remember about a trade secret is that it’s sort of like a genie in a bottle. Once it’s out, it’s out! You may be able to sue the employee for violating your contract but you’ll never make your trade secret a secret again. And the employee probably doesn’t have enough money to even come close to making up for the loss of your secret.

Deterrence needs to be the goal of your policy. Deterrence starts with educating your employees that the policy exists. Having an employee sign a copy of the trade secret policy will go a long way in proving that the employee understood the policy and that he knew how seriously your company takes protection of its trade secrets.

A good policy should specify what information is considered a trade secret. It should stress that an employee is prohibited from using that information for any personal purpose such as starting a side business or attempting to aid your competitor. The policy should state that upon termination of the employment relationship, the employee is required to return all company property including laptops, BlackBerrys, and pen drives. Don’t forget the pen drives! You can put a lot of information on a 2 gigabyte pen drive.

SECRETS - WHO REALLY NEEDS TO KNOW?

Another effective way to protect your secrets is to be selective about who has access to them. Just like in junior high, the fewer people who know your secret, the better the chances it will actually remain a secret. Tell the wrong person and it’s going to be posted on the door to the cafeteria.

Consider using background checks on employees you are considering sharing trade-secret information with. Important caveat, under the Fair Credit Reporting Act, you need to obtain their written permission before you perform a background check. But background checks can give you a good indication of the person’s character. A credit report will tell you whether or not they are responsible.

Don’t leave your trade-secret information lying in the break room. If your information is stored electronically, keep it in a separate database. Require a password to access the database and make sure your network logs every attempted access of the database. Key tip: make sure your employees understand that they are responsible for their own passwords and they are not to share it with anyone else. You can also require that passwords be changed regularly so that as employees leave the office or no longer have a need to access the information, they are no longer able to do so.

Hard-copy documents should also be treated with care. Mark all of the documents as “Confidential” and store them in a secure location. For small companies, a sturdy file cabinet or safe in the CEO’s office may be sufficient. Mid-size companies should use storage rooms with a secure key lock that records entry and exit or even consider off-site storage. These sites should always remain locked and access should be limited to your most trusted employees and even then only when necessary.

MAKING SURE THE DEPARTING EMPLOYEE DOESN'T TAKE MORE THAN JUST PENS

Trade secrets can be at particular risk when employees leave - voluntarily or involuntarily. Some employees may feel entitled to more than a couple of pens when they walk out the door for the last time. This is particularly true when employees are fired or laid off.

Layoffs and terminations are never easy on anyone, which is why planning ahead is crucial. Have a procedure in place. Are employees going to be immediately escorted off the premises by security personnel? Balance the desire to do this against the ill will and resentment it will create among your employees who remain and who watched their co-worker treated in such a fashion. But sometimes it is necessary.

As soon as the employee quits or is let go, the company should immediately disable their passwords and cut off access to all computer files. If possible, a company should also review the employee’s recent network activity and e-mail records before they leave in order to see what sensitive information the employee has recently had access to.

The exit interview is an excellent opportunity to remind employees about their obligations towards the company. Provide the employee with a fresh copy of the trade-secret policy with their signature on it. Ask them to hand over any company property at this point, if they haven’t done so already.

FINAL THOUGHTS

Stewart Brand, a famous author, once said that “Information wants to be free.” He couldn’t have been more right. Unfortunately, keeping information locked up is essential for modern companies. Trade secrets are the lifeblood of companies and the time to realize that was yesterday.

No amount of security is foolproof. The United States government couldn’t keep its atomic bomb a trade secret from the Russians. But a well-thought out policy and common sense precautions will give companies a much better chance of keeping their secrets out of the wrong hands.

Publication date:02/16/2009