Article
Managing trade secrets risk in light of COVID-19
9
COVID-19 is bringing systemic change in the way businesses are operating and employees are working. With almost all of businesses' staff working remotely for the foreseeable future, companies face additional layers of risk to keep trade secrets and information confidential. There is, more than ever, a risk of businesses losing control of previously established trade secrets protection measures. We set out below some guidance on the heightened areas of risk and where businesses can try and limit their exposure.
Protecting trade secrets
The law will only protect information as a trade secret/confidential information where it meets all of the following requirements: (i) the information has been kept secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question; (ii) where it has commercial value because it is secret; and (iii) where it has been subject to reasonable steps, by the person lawfully in control of the information, to keep it secret.
The moving of staff to homeworking brings a number of risks to established trade secrets protection measures, such that there are increased risks of trade secrets information losing its confidential nature. These added risks and potential ways to mitigate them are set out below.
Areas of risk and ways to mitigate
Working Practice | Risks | Steps to Mitigate |
---|---|---|
Non-corporate devices & Email | Extensive homeworking can, due to some of the practical realities it brings, cause an increased use of personal devices and email for work purposes, including information being stored on personal devices and sent to personal e-mail addresses. This, given the likely lower security protections, and the fact it is leaving the corporate domain, can increase the risk of trade secret leakage. |
|
Hard copy documents | Whether necessary or not, staff may be more likely to remove hard copy information from the workplace and/or print information at home to better enable home working. Any physical copies of information whether in transit from or stored outside of the secure corporate environment brings obvious increased risks of loss of confidentiality. |
|
People | The COVID-19 crisis may result in higher churn of staff including contractor staff and relationships with third party vendors. Departing employees and contractors are often key risk points concerning information leakage, so this risk may be exacerbated by the crisis. |
|
Heightened cyber security risk, and phishing | Home Wi-Fi and non-corporate networks can be significantly less secure than corporate systems. This, together with an increase in criminal attempts to compromise systems by way of phishing attacks (including exploiting the heightened sensitivity of staff to apparent COVID-19 information emails) is causing extra layers of risk of theft and exfiltration of corporate information. |
|
Insecure working | Employees may be occupying a range of different living spaces and living arrangements including flat-shares and some in large houses of multiple occupation (HMOs), sharing space and resources with other individuals. As well as this bringing security risks to physical assets stored in such environments, employees may be unable to or find it difficult to conduct confidential calls, vid-cons and other business. |
|
Post COVID-19: points to consider
Looking forward, and as we proceed through this period of extended homeworking, including to its exit point, businesses should consider taking the following steps:
- A recovery and destruction exercise of any materials that were migrated out of the secure corporate environment where copies of electronic or hardcopy documents are collated and logged (to increase capture) and either delivered back to office premises or destroyed.
- A clean up exercise of employee systems and emails etc. to ensure any migration of corporate information onto private devices/systems is recovered.
- A review of employee terms around WFH and confidentiality policies and procedures to address any shortfalls.
- A review of the restrictions in place in the normal course for employees and contractors with respect to access to different levels of confidential information.
- A holistic 'lessons learned' review to review the risks, mitigation deployed, and to develop best practices going forward.
Feel free to get in touch if you would like to discuss any of the points raised.
NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.