Protect Company IP Against Rogue Employees

About 65% of employees who steal the trade secrets or other intellectual property (IP) have already accepted positions with a competing company or started their own company at the time of the theft. About 20% were recruited by an outsider who targeted the data. That’s the finding of a recent study on IP theft released by Symantec.

Businesses should particularly beware of technical employees who are leaving or want to leave the company.  The report finds that a majority of IP theft is committed by current male employees who serve in technical positions such as engineers, scientists, managers, and programmers. A large percentage of internal IP “burglars” have signed IP agreements.

One interesting find: although the thieves tended to use technical means to steal data—a network file transfer or email, for example—non-technical staff ends up discovering most of the wrongdoing.

As a condition of employment, a company should require all employees to sign a non-disclosure and IP assignment agreement related to all of the company’s proprietary intellectual property, including copyrights, trademarks, new inventions, technologies and improved processes, materials such as customer or patient lists and contacts, marketing tactics, pricing/discount information, and vendor contracts and other information.

But as the study suggests, having employees sign IP agreements isn’t enough.  When an employee leaves the company, the company should conduct an exit interview, collect physical documents and electronic information and reiterate the trade secret policy.  The employer may even consider requiring a departing employee to sign a written acknowledgement that he or she understands the trade secret policy and will not divulge any company secrets.
 
Other things a company should do to protect its IP from internal theft include:

• Protect digital information with passwords which are given to a limited number of staff.
• Store physical documents in locked filing cabinets.
• Label all sensitive files as “confidential.”  Make sure that they are marked as such at the top of each document or file.
• Require any outside vendors or contractors to sign non-disclosure agreements.
• Make sure that the trade secret policy is written in any employee handbook and continually reiterate the policy through periodic memos or newsletters, updates to the policy, annual performance reviews and staff meetings.
• Follow smart document destruction procedures, such as shredding.
• After an employee leaves, change passwords for confidential files to which they previously had access.
• Have exiting employees certify in writing that they have returned all copies of secret material and given back all company property, such as electronic devices.

In addition, when a business uncovers internal IP theft, it should pursue all means, criminal and civil, to get the data back and to prosecute the ex-employees and possibly their new employers.  The company should also make sure that all its employees, competitors and customers know that it comes down hard on IP theft. While a company can’t completely stop IP theft, it can warn off potential perpetrators with a tough policy and action.