When it comes to the prevention of trade secret loss/theft, the top best employer practices discussed in our blog post “Trade Secret Loss/Theft Response Plan: Best Employer Practices” include (1) selecting employees and assigning them incident responsibilities & roles, (2) designing response plan protocols, and (3) assessing whether the employee warrants a preliminary injunction or a temporary restraining order. Having exhausted this list, we now switch gears and focus on “Cybersecurity Precautions upon Employee Termination/Resignation.”
Cybersecurity Precautions upon Employee Termination/Resignation
As part of the typical termination procedure, it is advisable for employers to implement investigation and preservation protocols for every employee who terminates, whether willingly or unwillingly, their employment. Since courts may consider how fast an employer responded to potential trade secret misappropriation as a factor in action regarding such misconduct, employers should ensure that they react quickly and speedily by ensuring that these protocols are consistent, adequately established, and keenly implemented.
In addition to cybersecurity measures such as limiting access to the source code, requiring programmers to work in their own locked office, requiring all employees to use RSA security tokens (public-key encryption technology), storing computer servers in a locked room, and using passwords and encryption software, employers should take reasonable efforts to keep their source codes safe and terminate any employee found to have participated in such misconduct.
In addition to these measures, employers may adopt the following potential precautions upon employee termination or resignation:
- Remove and delete any company’s data, information, or software from the departing employee’s personal devices
- Through a separation letter, remind the employee of their post-separation obligations, including any non-solicit and non-disclosure covenants they are bound to
- Sophisticate all the company’s devices that were being used by the departing employee
- Ensure the former employee no longer has network access
- Create an archive of all the sent, received, and deleted items in the departing employee’s e-mail system
- If found to have misappropriated trade secrets, the employee should be issued a cease and desist letter, which would serve as a bridge for moving for injunctive relief and create a paper trail for litigation
- Seek exit interviews with the departing employee to ensure they can still remember all non-solicit or non-disclosure covenants, identify if they possess any confidential information, and retrieve any such information they may have
- Ensure all equipment, computer systems, information, and documents that were being used by the departing employee are preserved for a varying length of time based on the circumstances under which the employee has departed:
- Several months of preservation as a regular practice
- If subject to a litigation hold, preservation should take as long as that hold mandates-and-
- If a suspicion arises following the employee’s departure (for example, if the employee is disgruntled or resigned abruptly), preservation should take longer than the regular routine.
In Part XIV, we shall switch gears and move the discussion forward by hammering on the “Arising Issues Following a Trade Secret Data Breach.”
Stay tuned for more legal guidance, training, and education. In the interim, if there are any questions or comments, please let us know at the Contact Us page!
Always rising above the bar,
Isaac T.,
Legal Writer, Author, & Publisher.