Video Blog: Start-Up Trade Secrets

TRANSCRIPT & LINKS:

Welcome to Protecting Trade Secrets. I’m Eric Ostroff. I’m a partner at Meland Russin & Budwick and I’m coming to you from my office in Miami Florida. I’m doing something new here on the Protecting Trade Secrets blog. Obviously, I’m on video right now, and I’ll be using video to create blog posts for at least some of the blog posts in the future. I’ll also go ahead and post a transcript of the video down below.

Today I want to talk about issues facing start-up companies who are looking to protect their proprietary information and trade secrets. I recently read an article on inc.com and I’ll go ahead and post a link to the article in the transcript below.

This article told the story of a company called HIDEit Mounts. They had a product that mounted video game consoles and camouflaged them so you didn’t have wires and things sticking out all over your living room.

When this company started out, it was a husband-and-wife team. They didn’t have any experience with product development, product design, or manufacturing, so they did with a lot of startup companies do; they partnered with a manufacturing company and worked with that company to design a prototype and then manufacture these products.

Things were going great. They were selling a lot of products; there were no direct competitors, and the company seemed like it was going to be successful. But then they hit a problem. Another company all of a sudden started selling very similar products, except they were actually a little bit better. And the HIDEit company thought that they might have to go out of business.

They did some research and were able to figure out that it was actually their manufacturer who was behind this competing company. Now thankfully for HIDEit, they went ahead and had their manufacturers sign a nondisclosure agreement early in the relationship. And they were able to use that contract to protect their IP rights and to protect their business. But a lot of startup companies just either ignore, try and use self-help, or don’t give enough thought to potential ways that having a lawyer or using legal solutions can protect against major problems down the road. A lot of companies will use forms off the internet or just won’t use lawyers at all.

The reality is that an extremely modest investment on the front end for a startup company in a competent lawyer who can can create agreements and give advice about ways that this company can protect its proprietary information can go a tremendous way to mitigate against and to deter really serious issues in the future.

So the lesson from this inc.com article for start-up companies is: Don’t think that you’re too early or you don’t have enough money to hire a lawyer. Speak with a lawyer early on in the process. Doing that can solve a lot of really terrible problems in the future.

That’s all for today. I appreciate your time.

 

One Simple Step in Outlook to Protect Your Trade Secrets

If you and your employees use Outlook, you can take one simple step now to dramatically reduce the risk of inadvertent sharing of confidential information: Disable email-address auto fill.

Everyone loves this feature. You type the first few letters of someone’s name, and Outlook fills in an email address. But the increased efficiency comes at a cost, as everyone occasionally sends an email to the wrong person whose name is similar to the intended recipient.

If that email contains confidential info, you’ve just compromised it. Hopefully, you sent it to someone friendly who will comply with your embarrassed request to delete the email. Even if there’s no confidential information, the recipients may question your ability to exercise discretion when necessary. (Also, imagine later trying to prosecute a trade-secrets action and having to produce in discovery an email sending the info at issue to some random guy.)

So I strongly recommend that you disable this feature. And have your IT department disable it for all employees. The relatively minor loss of efficiency is outweighed by the reduced risk of unwanted disclosure. And there’s an added benefit: not having to send sheepish apology emails to the mistaken recipients (and sometimes to the other intended recipients who now have an interloper privy to the discussion).

Here’s how you disable this feature:

File –> Options –> Mail –> Send Messages –> Deselect the radio button for “Use Auto-Complete List to suggest names when typing in the To, CC, and Bcc lines”

Alley-Oops: The Orlando Magic Tweeted a Picture Showing Team Trade Secrets

Sometimes companies forget about even the most obvious protections for their trade secrets. For example, “don’t tweet out a picture of your secret business strategies.” The Orlando Magic recently did just that.

Earlier this month, a player’s agent tweeted a picture of the player signing a new contract with the Magic. But the picture also showed a dry-erase board listing the Magic’s off-season free-agent targets and trade possibilities. Now there are reports that the Magic’s general manager, who has since been fired, took the picture.

It goes without saying that the Magic don’t want the rest of the league knowing about their off-season personnel plans, which are arguably trade secrets if appropriately protected. But for some reason, they left those plans on a dry-erase board and then let an agent—who could potentially benefit from knowing that information—into the room. And then they allowed the contents of the board to be shared with the rest of the world. Not particularly savvy.

The lesson here is simple, and seemingly obvious: trade secrets need to be secret. They shouldn’t be left up on a dry-erase board. Or in papers on someone’s desk. This episode shows that even intelligent people can have a lapse of judgment. If you implement and enforce a trade-secrets policy that only allows storage of trade secrets in secure media, and limits disclosure of trade secrets to those who need them to do their jobs, you can minimize the “human error” element that led to this embarrassing gaffe.

The Cybersecurity Article that Every Executive Should Read Immediately

I love this article, titled Why America’s Current Approach to Cybersecurity Is So Dangerous. It should be required reading for all executives at companies at risk of a cyber attack — in other words, all companies. While the whole article is great, its core message can be reduced to a single sentence: People, not technology, are the key to reducing the risk of cyberattacks. I could not agree more, as I’ve written about before. Every company needs to ask: what can we do to create a culture of protection?

The article starts by identifying the problem:

We should be concerned that, as a society, our minds go mushy when it comes to “digital literacy,” “information security,” “online safety,” or whichever name we choose. In fact, that mushiness is a major reason why America’s current approach to cybersecurity is so dangerous. We’re ignoring the behaviors of the overwhelming majority of actual users, and therefore leaving the largest attack surface undefended. . . . To the extent we are all part of the contest in cyberspace, we’re essentially deploying our troops without armor, our submarines without sonar.

And as a result, “cybersecurity has transformed what is actually a ‘people problem with a technology component’ into its exact opposite.” Yes! Technology is not a panacea for preventing cyber attacks. Technology can’t protect your company’s biggest vulnerability: the people working there. “Until we embrace a vision of public cybersecurity that sees all people, at all ranges of skill, as essential to our collective security, there will be no widespread cybersecurity.” The same goes with your company. You can spend millions or more on tech-based protections, but if you ignore the human risk, your security is virtually certain to fail. And of course, if you are at risk of a cyberattack, you are at risk of trade-secret theft.

The article finishes with a great analogy between cybersecurity and public health:

We need to get better to increase our herd immunity against botnets. We need to see that cybersecurity—like all aspects of safety, security, and resilience—is a shared responsibility. Better devices and apps won’t save us, since there are myriad other ways that individuals—even highly trained ones—become the weak link allowing bad guys to access personal, corporate, and government information assets. And almost all efforts at online safety, while well-meaning, are so poorly designed as to preclude knowing whether they work. It’s not magic: As with health or safety education, we need to start with basic steps and repeatable behaviors—like hand-washing or looking both ways before crossing.

This is the key. In a mature organization that has fully embraced and achieved a culture of protection, the employees will treat cybersecurity as second nature. Good habits will have become routine. Unfortunately, I have yet to encounter a company that has reached this point. For a variety of reasons—dependence on technology first among them—just about all employees have a host of bad habits that put the company at risk.

Creating this culture is not easy. To the contrary, it will require repeated, sustained effort, initiated and supported from the very top of the organization down, over a long period of time. Nor will it guarantee that all cyberattacks will be thwarted. But I see no viable alternative. Any company that has not made employee-level protection a top priority is virtually certain to suffer repeated cyberattacks.

Best Practices for Protecting Trade Secrets: Categories of Employee Contracts

This is the first in a series of posts addressing best practices for protecting trade secrets. I’m starting with employee/independent contractor contracts, which are one of the most important and effective ways to protect proprietary information.

Contracts are critical for multiple reasons. First, they inform your employees of their legal responsibilities. Second, it’s generally easier to prosecute a breach-of-contract claim instead of relying solely on a trade-secrets misappropriation claim. Third, a competitor that hires your former employee may be more likely to cut ties with that employee when presented with a cease-and-desist letter attaching a contract. Finally, requiring these types of agreements can help you win a misappropriation case, since their existence bolsters the argument that you reasonably protected your trade secrets (a prerequisite to establishing a trade secret under the Uniform Trade Secrets Act).

There are three general categories of contractual protections: confidentiality/nondisclosure, nonsolicitation, and noncompete. Remember that the law applicable to these contracts varies widely from state-to-state, so you need to consult with an attorney who can make sure your agreements comply with and will be enforced under the applicable law.

Confidentiality/NDA

This is the lowest level of contractual protection. It’s also the easiest to implement, since employees are less likely to push back when asked to sign a NDA. From a best-practices perspective, it’s worth at least considering whether to require that all employees sign a NDA. Even low-level employees may have access to some proprietary information. The trick is drafting the language in a way that best defines what precisely needs to be kept confidential. In particular, you need to decide whether to define “confidential information” broadly vs. specifically. Each comes with benefits and risks. Speak with a lawyer who can learn about your unique situation to determine what language best suits your business.

Nonsolicitation Agreements

A nonsolicitation agreement prohibits your employee from soliciting some or all of your current or prospective customers and/or employees once she leaves your company, for a certain period of time. These contracts offer an intermediate level protection, more than a NDA but not as much as a noncompete. It’s best to have all employees with access to proprietary customer information, or who have relationships with prospective/actual customers, sign a nonsolicitation agreement. Again, consult with an attorney who can help craft the scope of the restrictions to your company, based on the applicable law.

Noncompete Agreements

These agreements offer the highest level of protection, since they prohibit your employee from working for your competitors or in your industry, within a certain area and for a certain amount of time. Recently, there has been media coverage of corporate overuse of noncompete agreements. For example, Jimmy Johns took a lot of heat for having its sandwich makers sign noncompete agreements. This type of practice can turn off a judge.

There’s no question that noncompete agreements can be a powerful tool for protecting your proprietary information. But you should consider only requiring that key employees sign a noncompete agreement. The other contracts above may be sufficient to protect against misappropriation by lower-level employees.

You also need to think about the noncompete’s temporal and geographic scope. Depending on the law in your state, an overbroad agreement may not be enforceable. In Florida, where judges are required to narrow an overbroad agreement, I’ve seen judges soured towards employers that overreached when drafting the agreement. Generally, it’s best to limit the agreement the area in which you can prove you compete. An attorney can work with you to determine the proper scope.

Procedure

Deciding to require some or all of the above agreements, and having an attorney draft the agreements, is only the first step. Next, you need to make sure the agreements are actually signed and dated. Then, you need to make sure the signed agreements are properly maintained. You would not believe how often companies forget to have an employee sign or date the agreement. Or how often I’ve seen a company struggle to find the signed agreement when it became necessary to enforce it.

The key is to develop a protocol that can be repeated for each new employee. When the decision is made to hire a new employee, a designated person should be responsible for creating a checklist of all documents that she needs to sign. Of course, the checklist may be different for each employee. Either the person who creates the checklist or another designated person needs to be responsible for making sure all items on the list are actually completed. I recommend including on the checklist the signing, dating, and filing of all required contracts. The responsible person should sign the checklist once everything has been completed, and the checklist should be filed along with the signed documents.

If the contracts are to be signed electronically, your IT people need to set up the software so it will not allow a signature unless all mandatory clickwrap “boxes” are checked. If you are old school and the contracts are manually signed, I recommend keeping an electronic copy along with the original.

In future posts, I’ll discuss specific contractual provisions that should be included in these agreements, as well as best practices for contractual protections when dealing with third parties, like vendors, consultants, and joint-venture partners.

 

%d bloggers like this: