It is crucial that such information, which would cause harm to the company if disclosed to the public or a competitor, be kept safe from improper disclosure. Former employees have been known to misappropriate a company’s proprietary information to gain employment or realize an advantage with a competitor. Some attempt to use the company’s confidential personnel information to solicit current employees to resign and join a competitor.
Furthermore, because a company’s relationships with its customers are also a key asset, these also must be safeguarded against former employees and competitors. For example, a former employee or competitor could use a company’s customer information, including customer contact lists that detail their needs and preferences, to unlawfully compete with the company for business. Because a company spends a great deal of time and money acquiring and cultivating its customer relationships, it would be a substantial loss to the company if customers were stolen by a former employee or competitor.
The importance of developing an asset protection program
Perhaps the most important step for a business to take to protect the safety of its assets is to first ensure the fair treatment of its employees. If employees are treated with respect and appreciation, they are more likely to be loyal to their employer and less likely to exact revenge or cause harm. Even if employees are laid off, which is an unfortunate necessity for some businesses in this economy, most of them will remember that the company was decent and respectful and will think twice before causing mischief.
The second step in creating an asset protection program is establishing a policy on the preservation of confidential information. Such a policy should identify the company information that is considered confidential and set forth the procedures for retaining and properly storing it. Most significantly, the company’s policy should inform employees of their responsibilities in conjunction with the maintenance of confidential information. Specifically, the policy must advise employees of their obligation to safeguard the company’s confidential information during their employment, as well as after their tenure ends. In creating and enforcing such a policy, employees are on notice that the company’s confidential information is an asset that must be protected from disclosure and that the company’s employees are expected to provide the necessary protection.
A company can also ensure that confidential information is kept confidential by requiring that employees execute a nondisclosure agreement at the beginning of their employment. Such a nondisclosure agreement should describe the company information that must be maintained as confidential and should clearly state that the employee’s obligation to keep the company’s confidential information confidential does not end when their job does.
Additionally, many courts consider customer relationships to be a protectable asset. As such, in appropriate circumstances, an employer should consider requiring the signing of a restrictive covenant from employees who have access to customers, customer lists and other protectable information. A restrictive covenant should restrain employees who leave the company from soliciting other employees for employment or soliciting customers to cease or alter their relationship with the company. A post-employment restriction may include a prohibition on the employee joining a competitor or competing with the company for a period of time after the end of their employment.
It’s important to note that such restraints must be reasonable in time, scope and geography. Courts will balance the legitimate interests of the business to protect its assets with the undue hardship placed on an individual employee who is trying to earn a living. Different states follow different procedures regarding the enforcement of post-employment obligations. Some states will edit or "blue pencil" overbroad restrictions in an effort to provide the parties with the protection of their legitimate interests. In such an instance, the court will actually rewrite the agreement. Other states simply will review a covenant as a whole and, if overly broad, declare all post-employment obligations in the agreement unenforceable. The company then would not be able to take advantage of any of the protections afforded by the restrictive covenant—even those provisions that are reasonable and otherwise enforceable.
Thus, it is vital to tailor the agreement to protect the company’s legitimate interests. In considering the agreements, company should ask a few key questions, such as:
• What information do employees have access to that, if disclosed to third party, places the company at risk?
• Are the restrictions tailored to protect the organization’s legitimate interests?
Safeguarding company assets from misappropriation
Another step in the implementation of an asset protection program is the development of procedures for the physical retention and safeguarding of confidential and proprietary information. For example, all personnel information concerning employees of the company, including their personnel files, pay-rate information and performance evaluations, should be securely maintained. Access should be limited to those who need to know such information for legitimate purposes of the organization.
Similarly, the company’s financial information, as well as its intellectual property, customer lists and other proprietary information, should be protected from disclosure. Like confidential personnel files, access to proprietary information should be limited to particular employees. All proprietary information maintained in electronic form should be password protected and all electronic mail should be encrypted in order to prevent unauthorized access. In limiting access to personnel files and proprietary information, the company decreases the likelihood of identity theft or the misappropriation of business information by disgruntled former employees and competitors.
Furthermore, to prevent or minimize misappropriation of confidential information by an employee who is leaving the company, the company should, during the final meeting, remind employees of their continuing obligation—or their fiduciary duty, if applicable—not to disclose confidential information. And, if applicable, the company should reiterate to the employee the terms of any agreement with post-employment obligations, such as agreements not to compete or solicit employees or customers. The company may also request that departing employees leave the building immediately following the final meeting so they do not have the opportunity to take any confidential files or information. The company would then be required to forward to the employee any personal belongings following that last day of work.
Additionally, the company should ensure that employees return all company property in their possession, including keys, security cards, computers, confidential documents, files, customer lists and other information. Lastly, the company should immediately discontinue employee access to the company’s electronic mail and network database. Implementing an exit strategy for employees leaving the company is a key component of any asset protection program.
Establishing a plan to deal with information breaches
An asset protection program should also delineate what will happen if there is a breach of confidential information. The company should establish a task force of designated employees who have responsibilities in this area, beginning with the responsibility for the prevention of the misappropriation and misuse of such confidential information. The task force would be responsible for the investigation of any breach, including the determination of its source and scope. The task force would carry out an assessment of any damages resulting from the breach and create a plan to recover the misappropriated business information. Moreover, the task force would be responsible for periodically conducting an audit of the policies and procedures in place for the maintenance, retention and protection of confidential proprietary information. Finally, the task force should be well versed in all applicable state and federal laws and regulations concerning confidential information breaches and should be aware of the company’s legal obligations to report such breaches to affected individuals, including employees, customers or patients, if applicable.
Conclusion The information contained in this article is intended to provide useful information on the topic covered, but should not be construed as legal advice or a legal opinion. Also remember that state laws may differ from the federal law.
There is no better time than the present for employers to implement an asset protection program. In this turbulent economy, employers are vulnerable to sabotage either by former employees who have access, or competitors seeking to gain access, to the company’s confidential and proprietary information. In sum, businesses that treat their employees well, take reasonable steps to protect legitimate assets and take a systemized approach to addressing these crucial business issues will be better prepared to weather the storm.
The information contained in this article is intended to provide useful information on the topic covered, but should not be construed as legal advice or a legal opinion. Also remember that state laws may differ from the federal law.