By Christopher A. Brown
In the ongoing work conditions surrounding the COVID-19 pandemic, business owners may consider that their principal concern is how to make it easier and more efficient for employees to do their jobs remotely. But as businesses streamline connections and move information from office hardware to home computers, they should not forget to safeguard the trade secret information that may be moving around.
Indiana’s trade secret statute (I.C. 24-2-3) came out of the Uniform Trade Secret Act and so is quite similar to the provisions of many other states. It defines a “trade secret” as information that has economic value from not being generally known to or readily ascertainable by others and that is subject to reasonable efforts to maintain its secrecy (I.C. 24-2-3-2). Such information includes formulas, patterns, compilations, programs, devices or processes. Anything from a data processing algorithm to the “secret ingredient” in the local restaurant’s chili can qualify as a trade secret, so long as it has value from its secrecy and its owner takes steps to keep it secret.
Trade secrets are protected by statute from “misappropriation.” Misappropriation means improperly obtaining a trade secret (“acquisition … by a person who knows or has reason to know that [it] was acquired by improper means”). It also means unauthorized or improper disclosure or use of the trade secret. That includes disclosure by one who knew or had reason to know that he or she had the trade secret under circumstances giving rise to a duty to maintain secrecy or limit use. It also includes disclosure or use by one who derived the information from someone owing such a duty. See I.C. 24-2-3-2.
Normally, “reasonable efforts” to maintain secrecy are relatively straightforward. In “normal” times, we counsel clients to take physical steps such as limiting access to their facilities and requiring visitors to sign agreements not to disclose what they may observe. Clearly, computer security from outside hackers is vital, and maintaining digital trade secret information in a secure server, accessible only to those who need that information, is strongly advised. Employment agreement provisions and/or policy and training materials outlining employee duties and responsibilities in protection of trade secrets are also recommended.
In the current pandemic situation, employees may have to access trade secret information remotely in order to do their work. Naturally, existing secrecy protections of digital and other information should be kept. Nevertheless, allowing information to leave the office, whether digitally or otherwise, presents a risk that should be assessed by the employer. Dial-in systems that place the employee within the business’ computer system (and thus do not require removal of information from that system) are widely available. Employment policies and agreements can be fashioned to guard against copying information to unsecured systems and using it anywhere other than the employee’s home working space.
Notification of the presence of and responsibilities for trade secret information is also important. A business should advise employees working from home who have access to trade secret information of the business’ trade secret policies, and that the employees have a duty to keep the information secret and limit its use to what is needed for the business. Similarly, to the extent third-parties work with those employees, those third-parties should be advised that they are expected not to disclose or use the information outside of that work. Hopefully in most cases they will adhere to those policies and observe those duties. If not, the business has given the employees and third-parties at least “reason to know” that other disclosure or use of the information is improper.
Note also that the trade secret statute requires secrecy efforts to be reasonable “under the circumstances.” The pandemic has created demands and constraints that will affect what is a reasonable step to take to protect secrecy. With the shift to off-site work for many employees, business owners and officers should take time to assess the business’ trade secret information, its value to the business, and the cost and practicality of steps toward securing that information against misappropriation by third parties or employees. While it is not necessary to spend all possible time and money toward trade secret protection, the current circumstances warrant a thorough review of whether your practices meet the necessities of work in the current situation.•
• Christopher A. Brown is of counsel at Woodard, Emhardt, Henry, Reeves & Wagner LLP. Opinions expressed are those of the author.