The following is a nonexclusive list of the type of reasonable measures that companies can implement to protect their trade secrets. There are no rigid rules that must be followed to protect the status of trade secrets. Companies should adopt reasonable procedures that employees and managers can implement.
- Use Confidentiality Agreements.
- Employees, licensees, and others granted access to confidential information must be asked to review and sign nondisclosure agreements before being given access to information.
- Employers should establish procedures for reminding employees of the importance of protecting company trade secrets.
- Companies should avoid bombarding employees with too much information. If a business adopts unnecessarily complex procedures, employees will be unable to follow them.
- Restrict access to electronic information.
- Password protect certain files.
- Encrypt certain information.
- Evaluate third-party access to a company’s intranet (for example, via an extranet or as a result of access privileges given to consultants).
- Establish procedures and oversight for access to, and destruction of, proprietary information.
- Are backup tapes maintained?
- Is email purged regularly?
- Are passwords routinely changed?
- Are public keys for encrypted information periodically changed?
- Number copies of proprietary information stored on tangible media:
- Documents;
- Data on computer disks.
- Keep a log to trace access to proprietary information.
- Enforce procedures—don’t simply establish them.
- Conduct exit interviews.
- Remember to request the return of all proprietary information in an employee’s possession.
- Verbally discuss with the employee the importance of maintaining the confidentiality of corporate information.
- Ask the employee to sign an acknowledgement of continuing confidentiality obligations and provide copies of any confidentiality agreements previously executed by the employee.
- Deactivate passwords.
- In appropriate circumstances, notify a departing employee’s new employer of her continuing confidentiality obligations.
- Don’t ignore computer equipment in protecting network security
- Delete information stored on the hard drive of CPUs moved within an organization.
- Determine what information may be stored on portable computers and the home units of telecommuters.
- Ensure that trade secrets are not stored in unencrypted form on a company network.
- Regularly monitor newsgroups or Internet sites where secrets may be posted (if a trade secret owner has reason to believe that information could be posted online by disgruntled former employees or others).
- Attend to physical plant security.
- Investigate cleaning staff and other third-party access.
- Determine what should be maintained under lock and key.
- Employ security staff (where necessary).
- Use video monitors (where necessary).
- In appropriate circumstances, use sniffers or other devices to monitor unusual electronic traffic or suspected security breaches.
- Adopt and enforce consistent procedures for monitoring reports of theft or loss.
- Initiate litigation, where necessary, to protect trade secrets.