Guarding your IP from theft is an ongoing issue. However, it becomes a critical issue upon the departure of an employee. Since employees WILL leave, you need to plan in advance for properly securing your IP.
Various laws (e.g., Uniform Trade Secrets Act (state level) and Defend Trade Secrets Act (federal level)) and agreements (e.g., employment agreements and non-disclosure agreements) protect IP and trade secrets. Since enforcing those laws and agreements is a long, expensive and resource intensive experience, an ounce of prevention is worth a pound of cure.
An Ounce of Prevention
Here is a high-level description of the needed steps:
- Perform an audit in order to know what your IP consists of and where it resides.
- Develop and communicate to all employees your IP policy. The employer should make it clear that it considers protection of IP a priority and will vigorously enforce that protection. Creating an environment of vigilance will already be a deterrent to would be thieves. Employees should be regularly reminded (at least annually) of the IP policies of the employer.
- Monitor and maintain records of employee access to IP.
- When onboarding employees, conduct IP protection training and make sure that all employees sign appropriate non-disclosure and other documents that protect IP ownership and restrict disclosure of trade secrets.
- Upon departure, all access to IP should be immediately disabled and all employees should have an exit interview where they are reminded of all of their obligations relating to the company’s IP and they acknowledge in writing the obligation of compliance. The exit interview should be conducted in a manner that shows respect for the employee, while at the same time impressing upon the employee the seriousness of the post-employment obligations.
BYOD Risk Area
Due to the prevalence of Bring Your Own Device (BYOD) programs, only about 15% of current mobile devices are employer owned. That allows multiple gigabytes of data to move freely around. Therefore, carefully drafted BYOD policies need to be both prepared and enforced. Some provisions to consider for your BYOD policy which will help secure your IP include employer authorization to examine mobile devices and wipe a device (including backed up data) clean upon departure.
The above procedures and documents should be well thought out, prepared and followed. It may take time to put all of that in place, but in the long run it will benefit the company much more than relying on a pound of cure.