Protect your confidential information and IP when employees leave
Whether it is a client list, pricing information, or design information, any confidential information that is taken can have a detrimental impact on your business – particularly if the confidential information includes personal data.
Proactive protection throughout employment
It is too often the case that protection of such information is reactive rather than a proactive. However, there are a number of key steps that can, and should, be taken in advance to protect your confidential information. You should:
- ensure that you have suitable email monitoring systems in place to track unusual activity
- limit the ability of employees to remove information from your systems, such as not permitting personal devices to be used and restricting the use of USB ports
- ensure sensitive commercial documents labelled are accordingly, that access is restricted to those who require it, and that access is monitored
- ensure that your employment contracts and social media policy make it clear who owns contacts, leads and referrals generated through social media
-
ensure that restrictive covenants are reasonable in terms of scope and length and are tailored (as far as possible) to each employee's role
-
if an employee is promoted, you should see if the old restrictive covenants need updating because of the change of role. If they do, update the restrictive covenants as a condition of promotion.
- if an employee is working on a highly sensitive project, ask them to enter into a further confidentiality agreement in addition to the terms set out in their employment contract.
Proactive protection when employees leave
However, even with the best systems in place there is still a risk. For employees working from home this risk is only increased – for instance, information could be viewed and then manually copied, thereby not triggering general email monitoring systems.
Additional proactive steps can therefore be taken once it is know that an employee is leaving. These include:
- enhanced monitoring of future emails and IT activity for unusual behaviour such as accessing documents for prolonged periods of time outside of working hours
- a search of recent sent emails
- remind the employee – both in person and in their exit interview – of the ongoing duties of confidentiality and the restrictive covenants to which they are subject
- put the employee on gardening leave immediately to restrict the ability to obtain confidential information (but bearing in mind that this then reduces the length of the restrictive covenant post termination)
- write to the new employer to put them on notice as to the employee had access to confidential information
- if you're entering into a settlement agreement with an employee on exit and old restrictive covenants or confidentiality clauses are poorly drafted or not sufficient, consider putting new ones in the agreement.
The exact steps to take will be dependent on various factors such as the nature of the confidential information, how long information will stay confidential, how important maximising the restrictive covenants is, whether the employee is going to a competitor, and the risk that the employee themselves poses. For example, if an employee worked on a highly confidential project or had access to client lists, it may be prudent to write to the new employer so that they are unable to turn a blind eye to any subsequent use of confidential information by that individual.
What about redundancy situations?
Even in redundancy situations restrictive covenants are enforceable if drafted properly. You may, however, decide to release redundant employees from certain restrictive covenants, such as those stopping them working for competitors, to help them get another job. If you do release an employee from a covenant be very careful to ensure that you don't inadvertently release them from others (such as non-poaching of staff or clients). Also be aware that if an employer breaches an employee's contract when they leave this may mean the restrictions are unenforceable. Common examples of contract breaches include wrong/no notice given or unfair or discriminatory dismissals.
If the worst happens, we can assist you in taking all necessary steps (including obtaining an injunction) to recover any misappropriated information and to comply with your regulatory obligations in the event of a data breach. However, we believe in proactive steps to reduce the risk of confidential information and intellectual property being taken in the first instance. We would be delighted to assist you in this regard.