Law360 (May 1, 2020, 4:34 PM EDT) -- The coronavirus pandemic has exposed businesses' trade secrets to sky-high theft risk, but it's not too late for employers to plug leaks and strengthen their legal footing ahead of an expected surge in litigation.
While sudden layoffs and the abrupt shift to telework have disrupted many employers' protocols for protecting their prized information, there are several steps they can take now to limit exposure. And the flexibility of state and federal trade secrets law means courts may cut businesses some slack should they have to claw back their property.
"People have to do the best they can do, and that means don't give up now simply because you didn't do it a couple weeks ago," said Robert Yonowitz, co-leader of Fisher Phillips' employee defections and trade secrets practice group. "Go do it now."
In ordinary circumstances, businesses with trade secrets often have several measures in place to protect them. For example, they may make certain technical information available on-site to certain people, with password protections. When workers leave, businesses may probe what secrets they have and take back company devices during rigorous exit interviews.
"So much of it is about keeping your information within your company environment," Yonowitz said. But after businesses across the country shifted to telework overnight, much of that information is now on personal laptops or flash drives.
Not only have many workers taken secrets home, but the sudden move from secure offices to kitchen tables has put company secrets at heightened risk of theft by cyberattacks, veteran intellectual property litigator James Gale told Law360.
"When you're home, you're on your own Wi-Fi, and your own Wi-Fi can be hacked a whole lot more easily than a firm or company Wi-Fi," said Gale, who co-leads Cozen O'Connor's intellectual property litigation group.
The layoffs and furloughs many businesses implemented last month have likewise left secrets vulnerable to theft.
Jennifer Baldocchi, the chair of Paul Hastings LLP's international employee mobility and trade secrets practice, said hacking and other forms of corporate espionage account for relatively little theft. Rather, most leaks occur because workers take secrets to new jobs. Because businesses may have abbreviated or even skipped exit interviews as they cut so many workers loose, they may not have secured their data.
"It is extremely easy — easier than it ever has been — to take information, to save it on a flash drive," Baldocchi said.
This situation has created "the perfect storm for a company trying to protect trade secrets," Baldocchi said. Relatively few workers are leaving for competitors at the height of the pandemic. But as it wanes, many who have lost work may find new jobs — and take with them the trade secrets they've brought home.
If they do, employers may turn to litigation. The federal Defend Trade Secrets Act and similar laws in most states let employers seek injunctions for the return of certain business information if three things are true: the information is actually secret, the business has taken "reasonable measures" to keep it so and the information has "independent economic value" because it's unknown to others who could profit from it.
These cases often turn on what an employer did to protect its alleged secret. If security was tight, it stands a good chance at getting an injunction; if it was lax, it'll likely lose.
That would seem to bode poorly for employers that abandoned protocol during the mid-March scramble. But "reason" is contextual, attorneys say.
"If there's a fire and you grab your document and you run out the door, and you don't lock anything, that's not unreasonable that there could have been a loss of information," Baldocchi said. That may hold true for a pandemic, too.
Still, courts may only excuse early lapses if employers tighten security once they catch their breath. There are several ways they can do so.
Employers that have shifted to telework can no longer lean on some measures they may have used in the office, such as making data available only on certain secure devices. But they can hold exit interviews via teleconference.
Employers should ask the same questions they ordinarily would in person, including what information the worker has, how many copies they have and where they're stored, Baldocchi said.
"Then companies should really look at using DocuSign or some other electronic signature application in order to get an employee to ... certify that this is an accurate representation of everything they have," Baldocchi said. The company should demand that the worker delete the files, or have a forensics expert delete the data remotely.
Employers whose workers are accessing company servers remotely can minimize their risk of a breach by setting up a virtual private network, or VPN, Gale said. VPNs are private, often encrypted channels that let workers more securely access files on their company's network.
"All of our secretaries and paralegals are now working from home ... so we've given them the ability to work through VPNs," Gale said.
Employers can also use VPNs to more closely monitor workers by creating access logs that track who accessed what, and how they used it.
If employers formally designated certain information secret or had workers sign confidentiality agreements promising not to share it, they should remind workers, Yonowitz said. Employers may also want to make their most sensitive data read-only, which means workers can view it, but can't download it. This won't stop workers from taking pictures of their screens or taking down the information by hand, but it's another check on theft.
"That's another good measure, which ... doesn't cost anything," Yonowitz said. "It's just about security settings."
--Editing by Kelly Duncan and Marygrace Murphy.
For a reprint of this article, please contact email@example.com.