Google indicates that 200,000 of its employees will work from home through summer 2021. https://www.cnn.com/2020/08/02/business/companies-work-from-home-2021/index.html. It is unclear whether Google will make its work from home policy permanent, but it is clear that working from home holds attraction for companies concerned about employee wellness and reducing their physical footprint. Ironically Google also made news this week as one of its former engineers was sentenced to 18 months in jail for theft of trade secrets. https://www.wsj.com/articles/former-google-engineeranthony-levandowski-sentenced-to-prison-intrade-secret-theft-case-11596593931. While studies have shown that working from home may reduce corporate costs, the impact on trade secret theft is uncertain.
In talking with other in-house colleagues, C-suite executives, disaster planners, and HR managers, working from home appears to affect each individual differently, but all identified a general level of informality that seems to pervade this new workplace. This informality has raised new concerns when it comes to protecting intellectual property, and in particular confidential or trade secret information.
The reality of a work from home environment is there simply is less supervision. It is difficult to measure the deterrent effect of being surrounded by co-workers in an office, or the reality that random social interactions may reveal unusual or furtive behavior indicative of trade secret theft risk. From a trade secret security standpoint, this may increase the opportunities for employees to be approached by an entity interested in obtaining confidential information and facilitate opportunities for theft of confidential information.
The psychological analysis of trade secret theft often focuses on the motive behind the act. Primary motivators include an employee’s financial instability, workplace dissatisfaction, feelings of distrust, disengagement, or lack of adequate compensation. Again, ordinary workplace interactions may help reveal employees that are at risk before theft occurs, and create an environment where they are less susceptible to such risks.
The COVID-19 pandemic has made working from home a necessity, and the trend may be to make it a permanent fixture to reduce their physical footprint. Nationwide Insurance announced that it is permanently moving to a 98% work from home model to reduce real estate assets and costs. https://fortune.com/2020/05/11/permanent-work-from-home-coronavirus-nationwide-fortune-100/. Corporate managers have focused on productivity as a prime metric in determining whether a permanent work from home model is viable, but others raise concerns over employee morale and corporate culture. While these are all legitimate concerns, companies should also consider the impact on trade secret theft when determining what working from home will look like. Moreover, trade secret policies must be adapted to ensure that they remain effective in a larger work from home environment.
From a legal standpoint, theft of trade secrets also called trade secret misappropriation requires that a company take reasonable steps to protect its trade secrets. The reasonableness standard is intended to give some leeway as practical recognition that no trade secret policy or practice is perfect, and theft occurs despite best laid plans. Reasonableness is also viewed through the lens of the surrounding circumstances, and therefore may consider the policies and practices of similarly situated companies. Certain contractual protections, however, appear to define the base line for reasonableness and should, therefore, considered mandatory.
Contractual Protection: The basic contractual protections for confidential information and trade secrets should be familiar. For employees, their employment agreement, employee handbook and other policy documents should include an obligation to protect company confidential information and trade secrets. Outside contractors, vendors, and suppliers that are exposed to confidential information should be signing non-disclosure or similar agreements. Visitors to a physical location where they may view confidential/trade secret information should sign in to a log book that includes a non-disclosure agreement. Similarly, end user license agreements should include confidentiality provisions in the event that an end user would hack software or otherwise obtain confidential/trade secret information through unauthorized use or access.
Practical Measures: Practical trade secret protections may become more relevant in a work from home environment to augment existing contractual policies. Confidential information should be rationed out only to those that need to know it and only the amount that they need for their role in a project. Compartmentalizing confidential information such that no single person or team has all of the information needed to replicate trade secrets can make it more difficult for trade secret theft to occur. The same compartmentalization may be implemented in the supply chain such that manufacturers and suppliers do not have a complete picture that might reveal secret techniques, product designs, and other confidential information. This has the additional benefit of preventing purchase orders or other material orders from giving away quantities or types of materials that might be used to reverse engineer trade secret practices. Other practical techniques may be applied depending on the industry and type of confidential information involved.
Technological measures: Password protection, access controls, encryption, and tracking tools may be employed to limit access to confidential information and detect attempts at unauthorized access or downloads. For physical access, camera systems, scanners and the like may be used to monitor and track access. Daniel J. Melman offers an excellent summary of common technological solutions for protecting trade secrets in his article “Protecting Trade Secrets During a Pandemic.” https://www.pearlcohen.com/protecting-trade-secrets-during-a-pandemic/. Certainly, the types of technological measure employed are not a one size fits all and practical considerations of how confidential information is stored come into play. Therefore, a practical starting point is to assess confidential assets, where they are stored and how access is controlled before determining the types of technical measures needed in a work from home environment.
Finally, companies should continue to provide regular training and communication to heighten employee awareness to phishing scams, mal-ware, and other trade secret theft attacks and tactics.
Company Culture: As identified above, trade secret theft is often motivated by the psychology of an individual, and influenced by social interaction within a workplace. These cultural considerations are harder to define, but if a work from home environment will be pervasive, it is advisable to compensate for the lack of regular social interaction and strive toward a healthy work from home company culture. This will require more creativity than simply hosting Zoom® happy hours. From talking with colleagues, a number of approaches including rotating work schedules to bring people together in an office while reducing the number of employees in the work place are viable options. Other colleagues have gone to an open office model where teams schedule meetings for work from home staff. And still other colleagues advocate for keeping employees that are privy to confidential information in the office with measures to ensure a safe environment. To address, the lack of social interaction and maintenance of corporate culture, others have suggested increased mentoring and training activity to get direct feedback indicative of employee morale, mood and coping with the transition to a work from home environment.
Conclusion: Working from home may reduce the social interactions that help identify trade secret theft risk and potentially deter it. Without these interactions, companies may need to rely more heavily on other contractual, practical and cultural tools to protect their trade secrets. As should be clear from this article, the transition to more employees working from home impacts diverse skill sets within the company including management, human resources, IT and legal. While trade secret protection often falls on the legal team, it is important to get input and advice from all of these groups to devise the best strategy.