Seven Guidelines for Protecting Information in the Digital Age
Susan H. Hargrove
Email, smartphones and electronic storage have increased company efficiencies and production. They have also expanded the ways that confidential information that is key to a company’s success can fall into the hands of competitors. There are seven guidelines companies should follow to help protect their company:
- Require a non-compete agreement: Upon employment, require each employee who will have access to sensitive information or the opportunity to develop relationships with customers or clients to execute an agreement not to compete with the company for a reasonable period after the termination of employment. To be enforceable, the agreement must be tailored to the company’s reasonable business interests. (For a discussion about what makes a non-compete agreement enforceable, see When Is an Agreement Not an Agreement? by Susan Hargrove).
- Keep your secrets a secret: A company cannot prohibit a former employee from sharing or using information that the company itself has disclosed. If the company promotes itself by sharing who their customers are, the customer lists will not be considered confidential.
- Recognize a proprietary “value add”: The nature of a company's business may mean that the identities of their customers and potential customers are widely known. However, documents with additional useful information (e.g. identities and contact information of key personnel, descriptions of purchasing patterns and requirements) may be protected.
- Limit access: Companies should identify employees whose job requires access to confidential documents and limit access to those employees. The tighter the internal controls, the more likely a court will agree that information is proprietary and its theft actionable.
- Keep documents in house: Companies must enforce policies explicitly prohibiting email of documents to personal email addresses or downloading of documents onto non-company computers. This may help trigger statutory protections.
- Define authorization: Companies must be specific that an employee is only authorized to access the company’s documents for use in the course and scope of employment and in furtherance of the company’s interests.
- Enforce your policies: Upon separation, a company should be vigilant to recover company electronic property (computer, tablet, cell phone) and change access passwords. They should also remind employees in writing of their post-employment obligations regarding competition and confidential information.