By Eric D. Morton, Attorney
Employee theft has become a rampant problem. Several our of clients have had employees steal customer lists, designs, website content, and other intellectual property. Other clients have been embezzled. Thieving employees have become more sophisticated in looking for ways to access confidential information.
Once the theft has happened, it is almost impossible to undo the damage. I have seen cases of substantial embezzlement of money not investigated by the police. Intellectual property theft is never prosecuted. IP theft is also difficult to litigate. Trade secret theft is difficult to prove since proving something is a trade secret is difficult. Trademarks and copyrights must be registered before they are infringed to effectively bring suit. Non-disclosure agreements and confidentiality agreements are often not enforceable.
Business owners must be very proactive today. Some suggestions to business owners regarding their intellectual property:
- Assume your workers (employees, consultants, contractors) are going to rip you off. Sooner or later, one of your workers is going to try to take confidential information or steal from you.
- Have all persons who work for you sign carefully drafted, detailed non-disclosure agreements, consulting contracts and employment contracts. Do not make them over broad but tailor them to your business and IP that you have.
- Make an assessment of your IP. What do information, content, formulas, customer lists, etc. do you have? Look at where it is stored and who has access to it. How is it controlled?
- Make and implement and IP Protection Plan. Your plan should include:
- Labeling trade secrets as such (e.g. putting a watermark labelled “Trade Secret of XYZ, Inc.” on such information).
- Revising NDA’s and other contracts to specify information that is confidential and not to be disclosed. And, ensuring that such contracts are enforceable. If such a contract is too restrictive, a court will find it violates California’s anti-noncompete laws.
- IP security. Make sure that any sensitive information, designs, etc. are kept under lock and key (if tangible). If in digital form, ensure that it can only be accessed by persons given permission – and they must have a password and username.
- Assign and change usernames and passwords. Assign usernames and passwords to workers for computer networks and email accounts. Do not allow them to choose them or the ability to change usernames or passwords. Change usernames and password frequently.
- Strong computer use policy. Have a clearly stated computer policy that prohibits the use of computers and email accounts for personal use. There is no reason, in the age of smart phones, that employees will have any need to use work computers and email accounts for personal use. There is no reason for a work email account to contain personal contact information. Strictly prohibit workers from giving their usernames and passwords to anyone else, including a fellow worker.
- Labeling trade secrets as such (e.g. putting a watermark labelled “Trade Secret of XYZ, Inc.” on such information).
- Revising NDA’s and other contracts to specify information that is confidential and not to be disclosed. And, ensuring that such contracts are enforceable. If such a contract is too restrictive, a court will find it violates California’s anti-noncompete laws.
- IP security. Make sure that any sensitive information, designs, etc. are kept under lock and key (if tangible). If in digital form, ensure that it can only be accessed by persons given permission – and they must have a password and username.
- Assign and change usernames and passwords. Assign usernames and passwords to workers for computer networks and email accounts. Do not allow them to choose them or the ability to change usernames or passwords. Change usernames and password frequently.
- Strong computer use policy. Have a clearly stated computer policy that prohibits the use of computers and email accounts for personal use. There is no reason, in the age of smart phones, that employees will have any need to use work computers and email accounts for personal use. There is no reason for a work email account to contain personal contact information. Strictly prohibit workers from giving their usernames and passwords to anyone else, including a fellow worker.
- Obtain IP registrations. If a business has a large amount of content, particularly on a website, it should obtain copyright registrations. Trademarks should be protected by trademark registrations. Inventions that can be protected by patents should be unless the cost is prohibitive or not cost effective.
The above steps do not take into account employee theft of tangible property or embezzlement of company money. To prevent theft of tangible property, place controls on the use and possession of such property and follow up. To prevent embezzlement, regularly review the books of the company and hire outside accountants to audit the financial records. Do not allow anyone to have unfettered access to financial records or bank accounts. Be familiar with the vendors of your company and what they charge.
The above steps and others will take time and money to implement. Consultation with IT professionals, accounts and attorneys is also necessary. However, it will be well worth it prevent the theft of valuable assets.