We have previously posted on HR Headaches about the practical steps employers can take to protect their company’s trade secrets. You can find that post here. With this edition, we dive a bit deeper into the strategies and safeguards companies can deploy to prevent their trade secrets from walking out the door along with a departing employee.
A form-fitted confidentiality agreement is the foundation for any effective trade secret loss prevention program and can operate to head off disputes that might arise regarding the origin and ownership of your company’s data. This can be drafted to make clear to the employee that any information that is developed during or derived from their work with the company, and especially the information that was explicitly provided to the employee in support of a non-compete agreement, is the company’s property and cannot be taken or disseminated either during or after the employee’s tenure.
With this setting the stage, employers should establish and follow a standardized exit protocol which, in its simplest form, can be a written checklist of questions and affirmations. Consider developing a list of issues/items to address in an exit interview, including the following:
- Catalog all media that is being returned by the employee including computers, cell phones, flash drives, and/or external hard drives. Note the make and model of each device, any available serial number or identifying information, as well as a general description of the visible condition of the media. This will help eliminate disputes over what was and was not returned.
- Identify any company-owned devices the employee possesses but is not returning at the time of the exit interview and instruct the employee that the devices are to be returned immediately, and are not to be wiped or tampered with.
- Obtain any passwords that the employee may have established for these devices and ensure that they work.
- If you allow employees to “bring your own device” (BYOD) to conduct company business, and have established a set of policies delineating the employee’s use of that device, remind the employee of these policies and discuss any policy or procedures for removing company information and/or remote wiping following the employee’s termination.
- Have the employee verify that (a) they have not sent any company-owned information, emails, or data to their personal email; or (b) if they have done so, that they have permanently deleted or will permanently delete those emails. This equally applies to company data that has been saved to any DropBox or third-party file hosting/storage services, or any personal computers or devices.
- Once you have gone through the checklist, have the employee sign a document verifying that the checklist was completed and that the employee’s representations regarding the foregoing are true and complete.
Finally, if the employee was provided access to a shared, publicly accessible repository for company documents or information (e.g. Google Sheets or Slack), the password should be changed or login credential revoked to prevent the employee from rummaging around in the repository after the employee leaves the company.
Thinking proactively and establishing a basic exit protocol like this can go a long way in protecting the information your company spends valuable time and resources developing and keeping secret.