Written By:

Frank E. Melton, Esq.

Rutter Hobbs & Davidoff

Los Angeles, CA

Technology’s effect on how people work and communicate is making it increasingly difficult for employers to protect their vital, confidential information. The proliferation of PDA’s, laptops, telecommuting, zip drives and social media makes confidential information readily accessible to employees virtually anywhere, anytime. As a result, employers must focus more than ever on what information is important, and act diligently and vigilantly to protect it.

The following key tips will help employers to protect their information in today’s mobile society:

Be tactical and focused. No company has the time or resources to monitor and track the actions of every current and former employee with respect to the use of confidential business information. The challenge of protecting vital information is even greater for middle market and smaller employers. Company leaders should determine what types of information are most important to protect, and then develop and implement a strategy with IT, HR and legal counsel focused on those employees who have access to that information.

Have clear, enforceable agreements. It is not enough to have a general policy on confidential information in your employee handbook or, even worse, to fail to define what you consider to be confidential, proprietary or trade secret information. Employers should have signed agreements with employees – and all consultants and independent contractors – specifically stating what information and categories of information are to be protected. Enforcement mechanisms, such as injunctive relief and recovery of attorneys’ fees and costs for the prevailing party, should also be addressed. Consider including narrowly-drafted restrictive covenants prohibiting departing employees for a reasonable period (such as a year) from using confidential information to solicit customers and/or employees. While non-competition covenants are illegal and unenforceable in California except in the context of a sale of a business, they may be enforced outside of California if considered reasonable under laws of the state where the employee works.

Communicate with your employees. Employees should not have any real doubt as to what data or documents they are barred from taking upon termination of employment. You should have clear written policies and conduct meetings or trainings from time to time to protect your company’s confidential information. In many instances, employers also need to take actions to protect private or proprietary information of their customers, clients or business partners. As an example, many non-profits fail to communicate with employees about the importance of protecting confidential or private information about donors, plans and strategies, and the people they serve.

Be proactive. Employees are increasingly purchasing their own mobile devices, such as smartphones, for combined business and personal use. Companies should address whether to access business data on such devices when employees leave, especially when some information may not be preserved on the company servers. The same holds true for employee-owned computers and home printer memory cards that may contain vital business data when an employee leaves the company. Where feasible, employers should limit access to especially sensitive business plans or data to those key employees with a real need to know this type of information, and reiterate to those employees the confidential nature of the information.

Adhere to strong exit procedures. Problems commonly arise when employers do not take proper steps at the time employees exit. Employers should meet with each terminating employee to review an exit checklist, ideally including an inventory and check-in of the electronic devices and property with which the employee has been entrusted. Employees should be required to certify in writing that they have returned all property and confidential information, and to re-affirm that they will abide by their agreement with the company to preserve and not use the company’s confidential information in the future.

Strategic post-termination actions. In the event of a real suspicion or concern about the theft or misuse of company data, employers should be savvy and tactical about their follow-up actions post employee termination. Cease and desist letters are commonly an initial step. The likelihood of success, effects on customer relationships, expense, and other business and legal issues should be considered before filing a lawsuit, which commonly proceeds quickly through expedited discovery to a motion for a preliminary injunction. Using a quality and reasonably-priced computer forensic firm to discover what information was improperly taken and used may be invaluable in assessing whether to file the lawsuit and in gathering evidence for such an action.

Employers can benefit greatly from the convenience and far-reaching range of mobile communication, but must take the necessary precautions to prevent confidentiality and privacy breaches from outweighing the advantages of such technology.

For more information on Rutter Hobbs & Davidoff, please visit Rutterhobbs.com or the International Society of Primerus Law Firms.