[BreachExchange] Keys to the Kingdom: How Confidentiality Agreements Are Key to Keeping Business Information Secret

Audrey McNeil audrey at riskbasedsecurity.com
Tue Oct 24 18:12:49 EDT 2017


https://www.lexology.com/library/detail.aspx?g=458d948b-c05b-43ca-b177-
73984008fdda

In today’s business environment, greater employee mobility and
technological advances underscore the need to protect a company’s
confidential information and trade secrets. Stories of employees departing
with confidential information or trade secrets and using that information
when they join competitors are commonplace. The FBI recently estimated that
trade secret theft costs American businesses over $13 billion per year.
Although companies cannot prevent all such losses, the use of a strong,
enforceable confidentiality agreement can be very effective.

Purpose of Confidentiality Agreements

A well-crafted confidentiality agreement can help protect a company’s
proprietary information and trade secrets by documenting in writing that
employees cannot use confidential information or trade secrets outside of
work. Employees often do not understand what type of company information
they cannot use outside of work. Confidentiality agreements solve this
riddle by clarifying the scope of restrictions. Most importantly,
confidentiality agreements clarify to departing employees the precise
information they are prohibited from using after they leave their
employment.

Necessary for Any Trade Secrets Claim

If a company ever intends to file a claim under the California Uniform
Trade Secrets Act, implementing a confidentiality agreement is critical.
Under the CUTSA (and similar statutes in other states), a company seeking
to protect its trade secrets must engage in reasonable steps to maintain
the secrecy of the information. Pointing to the existence of a
confidentiality agreement helps show reasonable steps were taken. This is
precisely what Move, Inc. alleged in its $2 billion trade secrets lawsuit
against Zillow, Inc. In that case, Move alleged its former executives
absconded to Zillow with Move’s trade secrets, which Zillow then used to
inform its acquisition of Trulia, one of Move’s competitors. Published
reports indicate the matter settled for a staggering $130 million in June
2016, which demonstrates the value of implementing a solid confidentiality
agreement, and the cost of breaching one.

Companies Should Define the Types of Confidential Information Protected

Companies should define confidential information or trade secrets with
specificity in their confidentiality agreements. A well-defined agreement
helps employees understand precisely what information they are prohibited
from using after departure from the company. It is helpful to list items
that shall remain confidential that are specific to the business. For
example, one should consider listing the categories of information that are
protected, such as customer names, contact information, sales history and
pricing. It should be clear that any use or disclosure of confidential
information during employment for any purpose other than employment is
prohibited. It should also be clear that employees are to return the
information in whatever form, whether in hard copy or digital format.

Policies Should Address Information On Personal Electronic Devices

Today, it is common for employees to use their personal electronic devices
for business purposes. Companies should consider having a separate policy
that addresses such situations, often referred to as a “Bring Your Own
Device” or “BYOD” policy. A well-crafted BYOD policy protects confidential
information and trade secrets. Even if a company does not implement a
separate BYOD policy, its confidentiality agreement should cover
company-related information wherever it resides, including on an employee’s
personal electronic device. This is becoming even more critical as
companies and their employees use social media to share company
information. Thus, companies should craft confidentiality agreements to
protect company information used on any social media platform.

Don’t Include Unenforceable Provisions

Most companies know that post-departure non-compete provisions in
agreements with employees are unenforceable in California except in limited
circumstances. But fewer companies understand that blanket prohibitions
against customer solicitation after departure are also unenforceable.
However, California courts may enforce an agreement prohibiting an employee
from utilizing trade secrets to solicit customers after departure. If
companies want to prevent former employees from soliciting customers, they
must carefully craft non-solicitation provisions to clearly only prohibit
soliciting customers using trade secrets. Otherwise, the non-solicitation
provision may be unenforceable.

Challenges to Overbroad Agreements Are On The Rise

A novel argument some litigants are raising is that an overbroad definition
of confidential information effectively amounts to an unlawful non-compete
agreement, or unfairly restricts an employee’s right to engage in protected
activity. For example, in John Doe v. Google, Inc., No. CGC-16-556034 (Cal.
Super. Ct. Dec. 20, 2016), which is pending in San Francisco County
Superior Court, a former Google employee filed a lawsuit under the
California Private Attorneys General Act (“PAGA”) alleging that Google’s
confidentiality policies prohibit employees from disclosing unlawful
activity to regulators or law enforcement, and unlawfully restrain an
employee’s right to work after leaving Google, because they are prohibited
from disclosing information regarding their wages or the work they
performed at Google. While the case is still in the early stages, it
appears to be part of a growing trend of legal challenges to potentially
overbroad confidentiality agreements.

DTSA and Other Carve-Outs

The new federal Defend Trade Secrets Act requires particular language in
employee confidentiality agreements that governs the use of a trade secret
or other confidential information. In addition, government agencies have
adopted rules restricting companies from the use of confidentiality
agreements in a manner that prevents protected disclosure or activity. For
example, the Securities and Exchange Commission has pursued enforcement
actions against public companies for use of confidentiality agreements that
it claims violate federal securities law by impeding an individual from
communicating with the SEC about possible securities laws violations. Other
agencies have adopted similar rules addressing overbroad confidentiality
provisions, including the Occupational Safety and Health Administration,
Equal Employment Opportunity Commission, and National Labor Relations
Board. Companies should consider including a carve-out in their
confidentiality agreements permitting disclosures that are required by
these agencies’ rules.

Make Sure You Are Protected

If companies want to protect their confidential information and trade
secrets, they should implement and enforce confidentiality agreements. But
companies must carefully review those agreements to ensure they are up to
date, do not contain any illegal provisions, and contain the necessary
carve-outs to ensure enforceability. Because so much is at stake, companies
should consult experienced legal counsel to review existing policies or to
craft new policies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171024/564c00e8/attachment.html>


More information about the BreachExchange mailing list