Keeping secrets: how to protect confidential information and IP

The rigorous governance of commercially sensitive secret information and IP is more vital than ever for employers, says Sean Leach, partner and UK & European patent attorney at Mathys & Squire

For most technology and engineering businesses, the most valuable IP is its people – and the knowledge each of them carries around in their heads, which they will carry into any future employment or enterprise of their own if they move on.

In the current circumstances, due to the COVID-19 pandemic, many employers are contemplating the grim possibility that redundancies might be unavoidable. Laid off ex-employees will have a real incentive to start up a business on their own. The rigorous governance of commercially sensitive secret information and intellectual property (IP) is thus more vital than ever for employers, and understanding the boundaries of what can be done without legal risk is equally vital for an ex-employee contemplating a new startup business.

Mitigate risks to IP during digital disruption

Small businesses at their early stages must make use of every asset available to them. Secrets learned in prior employment may be amongst the most valuable of those assets. The ex-employee starting up a business thus has an entirely understandable motive to try to exploit those assets and to try to pick their way around any legal risk they might face.

Employers often assume that everything confidential that an employee cannot disclose during their employment is a trade secret, which, if the employee then leaves the company they cannot use in employment by a competitor or in their own competing startup. This is not the case.

In some circumstances, an employer’s information handling practices can cause control of a valuable once proprietary secret to be lost when employment ends. This might mean that an ex-employer is left in a very weak position if they need to take legal action against an ex-employee or his/her new employer to restrain the use of valuable information which the ex-employer believes to be proprietary secrets.

Proper management of sensitive information is, therefore, vital to employers if they are to ensure that control of valuable trade secrets is not lost when employment ends.

confidential information
Image by S. Hermann & F. Richter from Pixabay

Practical management of confidential information

A basic requirement to enforce any rights in confidential information is the ability to identify the particular secret information at issue. There must be evidence to prove that information was known by the ex-employee and that it was known by him or her to be secret. Effective and verifiable record keeping of what information has been disclosed to whom and under what conditions is therefore fundamental.

In addition, the way in which secret information is recorded in such evidence can itself be significant – for example, is the scope of the information defined in a way which is broad enough? If not, then the ex-employer may find they are unable to use their rights to defend fully the commercial value of the secret. Conversely, is the definition so broad as to go beyond the scope of the ex-employee’s obligations to their former employer? If so, it might give rise to an overly onerous restraint of that ex-employee’s ability to practice their trade, and as result be unenforceable.

How are these competing considerations to be balanced? As a first step, employers should ensure that they are aware of which employees may handle trade secrets in their work. Does an employee receive or handle commercially sensitive information, such as information relating to the development of new products? If so, then the sensitive nature of that information, and the obligation upon them to keep it confidential, should be impressed upon them – for example through specific training.

All items of confidential information – e.g. documents, technical specifications, schematics, bills of materials, parts lists, recipes, source code and so forth – should be identified and marked as confidential, and steps should be taken to ensure they remain secret. For example, they should be stored securely (e.g. encrypted or password protected) and they should not be disclosed to any third party in the absence of a specific confidentiality agreement covering that disclosure.

Businesses must adopt and rigorously enforce a comprehensive policy on information handling. The design of such a policy need not be complex, but it must deal with the legal issues and it must be workable in practice. As an example, in many engineering businesses the exact confidential information known by employees is often not fully known and almost never documented. Annual performance appraisals offer a simple opportunity to ask the relevant questions and to ask for a signature on the answers. In these or other periodic review meetings, employers should be asking: “What sensitive information have you handled? What source code have you written, what product design have you worked on?” and keeping clear verifiable records of the answers.

Sean Leach is a partner and UK & European patent attorney at Mathys & Squire