Tags

Great Resignation trend raises risk of trade secret thefts
08/10/2021
Main image
Trade secrets
Authors
Image
John VDLD
John van der Luit-Drummond is editor of International Employment Lawyer

Largely driven by dissatisfaction with their employers, the so-called “Great Resignation” – or “Big Quit” – is a growing trend among millennial and Gen Z workers worldwide. An often-quoted Microsoft study found that 41% of the global workforce is considering leaving their employer this year, while a further study found 36% of workers in the US and Canada have plans to quit. While employers’ immediate concern may be replacing and retaining talent amid a competitive jobs market, thought should also be given to protecting their most valuable assets.

“The Great Resignation presents the need for employers to step up their efforts to safeguard trade secrets and confidential information,” says Steven J Pearlman, co-head of Proskauer Rose’s whistleblowing and retaliation group. “With more individuals now working remotely or in hybrid arrangements, more trade secrets and confidential information is being accessed outside the confines of the traditional office workplace. What’s more, greater ‘employee mobility’ – specifically more employees resigning and joining competitor organisations – heightens the risk that employees will take trade secrets and confidential information to their new job.”

Employee loyalty

It may be too early to tell if the Great Resignation will result in a substantial uptick in trade secret theft, but Chris Semerjian, a partner in Fasken’s litigation and dispute resolution practice, says he would not be surprised to see a rise in such disputes over the coming months thanks, in part, to our changing working environments.

“Working remotely can increase the number of these cases for a couple of reasons,” he says. “First, there is the human component of it. Some employees, when working remotely, have a lesser sense of belonging because they don’t have regular access to their colleagues. They might meet on Teams and talk on the phone, but not having that in-person interaction could make people feel more isolated and, unfortunately, lower their sense of loyalty towards their employer. When the sense of belonging and loyalty is skewed, employees can make wrong decisions.”

Fearful of leaving obvious email trails, office-based employees are often wary of sending sensitive company information directly to their personal email accounts, Semerjian suggests. However, seemingly safe from prying eyes at home, outgoing staff may feel more secure downloading reams of data to their home computers.

Beyond sending information to a personal email account, employers also need to appreciate the new and evolving ways employees may surreptitiously access and siphon off data remotely, says Lloyd B Chinn, co-head of Proskauer Rose’s whistleblowing and retaliation group.

“In olden days – which really aren’t that long ago! – employers were more concerned with employees walking out the door with a briefcase full of sensitive hard copies of documents,” he says. “Consider how often confidential information is shared during a Zoom meeting or a WebEx session, and the rather obvious fact that employees can still plug flash drives into their personal laptops at home.”

How to detect breaches

In our ever-increasing digital world, organisations must restrict access to sensitive information on a need-to-know basis. “A company should not have a one-size-fits-all approach as to which information is available to its employees,” says Semerjian. “Obviously the higher you go up an organisation, the more access an employee would have. But for entry- or mid-level employees, you should tailor what information they have access to. It is always important to contain these situations because you can’t completely prevent them, but you can implement measures limiting the risk.”

Strong IT departments are, of course, a business necessity, but employers are increasingly advised to invest in software that can detect, in real-time, large downloads of information or insertion of external devices capable of accessing and storing reams of sensitive information. “Usually when an employee leaves with information, they don’t download one or two documents, they download thousands. So, with this software, employers can automatically see what is happening,” explains Semerjian.

Regardless of whether an employee resigns on good terms or bad, employers should immediately inspect the worker’s computer to determine whether emails have been deleted or if the employee has sent information to their personal email accounts. Subject to local workplace privacy legislation, Semerjian advises employers to spend time reviewing the former employee’s electronic activities to ensure they didn’t leave with information. “Once you have received it, you definitely should not just wipe the computer and provide it to a new employee,” he says.

As a final best practice safeguard, employers should automatically require that departing staff sign an offboarding document that confirms the return of all company information and property before they leave. “An employees lying when signing such an attestation would constitute a very strong indication of bad faith which can help the company to take the best legal measures to rectify the situation and retrieve its information,” says Semerjian.

 

Steps to safeguard sensitive data
Employers have a pressing need to protect trade secrets and confidential information. Consider the following best practice advice from Proskauer Rose’s Steven J Pearlman, Lloyd B Chinn, and Steven D Hurd:
– Routinely require employees to execute reasonably broad confidentiality agreements.
– Conduct exit interviews, stressing the need to identify and return all company devices and confidential information and trade secrets.
– Prepare a plan for prompt collection of company materials and devices when an employee’s relationship with the company is terminated.
– Where appropriate, conduct forensic analyses of employees’ computers, smartphones, and other electronic devices. This could easily show, for example, that employees emailed files to their personal accounts and plugged-in flash drives.
– Require employees to certify that they have thoroughly searched for, returned, and destroyed copies of confidential information and trade secrets. This need is particularly acute where higher-level employees are exiting, as they are apt to have access to more sensitive and valuable trade secret and confidential information that could be used to a competitive detriment against the company by a future employer.
– Provide training to employees of all levels regarding the need to safeguard trade secrets and advise employees that the company will enforce confidentiality agreements and pursue breaches through all appropriate means.
– Restrict employee access to company documents, files, and information unless necessary, and prohibit employees from accessing company data on their personal devices.
– Discourage employees from printing or storing confidential company documents unless necessary and provide detailed instructions for the destruction of and secure ways to store company documents.
– Institute basic security requirements for employee’s company devices, and monitor company networks for unauthorised or suspicious activity by employees.

 

Enforcement tools

Where an employee does depart with company property, the employer should consider prompt enforcement of its confidentiality agreements to retrieve the information and prevent its use. Steven D Hurd, co-head of Proskauer Rose’s employment litigation and arbitration practice, says US employers have a range of options in this regard, including sending a cease-and-desist letter; seeking a temporary restraining order or a preliminary injunction; filing court claims under a range of statutes, such as the Uniform Trade Secrets Act, the Computer Fraud and Abuse Act, the Stored Communications Act, and the Defend Trade Secrets Act. 

“In contrast to situations where employees ‘automatically’ have access to confidential information, claims under the foregoing statutes are often appropriate where an employee abuses their access to an employers’ computer systems and surreptitiously obtains protected information,” he adds. “However, that is not to downplay the relief that may be available to an employer where an employee with automatic access takes it without permission in connection with their resignation.”

Employers in Commonwealth countries may also consider using an Anton Piller order – a “more extreme measure”, as Semerjian explains. “It is an extraordinary form of injunctive relief which compels a defendant to permit a complainant to enter their property or domicile to search for and seize evidence and records, including electronic data and equipment.

“This highly intrusive remedy allows a party to obtain, on an ex parte basis, an order to seize and preserve evidence that might otherwise be destroyed if the former employee was forewarned of impending litigation. There might have been a breach in the company but you can contain that breach by knowing exactly what transpired. It is a very costly, intrusive measure that needs to be taken by the most capable of hands.”

The reasonable new employer

Trade secret and IP theft by outgoing employees also present real risks to their new employers. “They may be accused of derivative trade secret misappropriation and related claims,” explains Pearlman. “Employers should consider maintaining policies preventing employees from taking, or relying on, their former employer’s or any other third party’s trade secrets; expressly including such prohibitions in offer letters; and requesting certifications that employees are abiding by such restrictions. 

“If an employer learns that an employee has engaged in such prohibited conduct, it should consider terminating the individual’s employment and forensic scans to ensure the individual did not add such information to its computer systems.”

Amid the dangers of legal liability, bad press, and reputational damage, any reasonable employers will want to quickly distance themselves from any suggestion they have facilitated in the exploitation of stolen property. However, Semerjian warns against any knee-jerk reaction to unsubstantiated claims. “I have seen some former employers cry wolf when there are reasonable explanations, or to depict a situation that does not exist in the hopes of convincing the new employer to terminate the employment of the concerned individual,” he explains.

“The first thing I would recommend in such cases is to meet with the new employee and allow them to share their side of the story. If they brag about having confidential information, that is a red flag and you should consider terminating that employee. Also, if they did it once they could do it twice. If the employee has a reasonable explanation that makes the company believe there is no breach, then the company can adapt the situation.”

Despite the obvious risks to businesses, employers should not have an overly heightened sense of paranoia around the misappropriation of trade secrets, says Semerjian. “It’s always been part of the legal landscape, unfortunately. In a sense, although the use of electronic devices may have facilitated the misappropriation of confidential information and trade secrets, it has also facilitated – with the proper measures, software, and safeguards in place – the monitoring of such activities. That being said, we need to be careful and monitor activities as diligently as possible. By acting diligently and promptly, with the appropriate safeguards in place before reaching out to counsel, employers can preserve their rights.”