How to protect your assets and minimize your losses due to misappropriation or a data breach Featured

7:00pm EDT November 25, 2010

An uptick in the economy can inspire employees to start planning their departures. Is your company prepared to protect itself as these job-seekers get ready to exit for a new opportunity?

More specifically, are you prepared to protect your corporate assets if employees exit with company information, customer relationships, business and/or other employees? Are you prepared if they exit with personal information — individuals’ names, coupled with a Social Security number or banking information, etc. — creating a data breach? These scenarios are becoming more prevalent as the economy improves and employees have more opportunities. So what can your company do to protect itself and minimize a potentially devastating impact?

“Taking proactive measures and responding appropriately to departing employees who threaten your business is critical,” says James J. Giszczak, a member at McDonald Hopkins PLC and co-chair of the Trade Secret, Non-Compete and Unfair Competition Practice, which has drafted confidentiality to noncompete agreements in all 50 states and litigated these matters in 38 states. “Not only will this help ensure that you are protecting your corporate assets, it will also help minimize potential liability related to a data breach.”

Smart Business spoke with Giszczak about how to protecting your corporate assets and minimize the potential catastrophic loss due to a data breach.

When should a company protect its customer base, business information and employees?

The time to think about protecting corporate assets is long before an employee has taken those assets. Being proactive is critical.

Work with an attorney who understands what you can and should protect, what protections are available and what to do if a departing employee attempts to misappropriate your assets. This attorney should understand not only local nuances but also those across the country, as state nuances may come into play depending on where your offices and/or employees are located. Assess corporate assets and what should be protected, including customer relationships; confidential, proprietary and trade secret information; vendor relationships; and your employee base. Next, review what protections you have in place.

What protections are available for employers?

You should have reasonably tailored agreements with each employee, providing appropriate levels of protection, depending on their exposure to assets, as well as the harm they could inflict after they depart. Agreements will escalate from a base-level confidentiality agreement, which should be signed by every employee, to a mid-level nonsolicitation agreement, to a true noncompete agreement. These will provide substantial protection by limiting the ability of departing employees to make competitive use of information gathered during employment or take advantage of customer relationships that you paid them to develop. Employers use patents, trademarks, copyrights, bilateral contracts and trade secret laws to protect trade secrets and customer relationships.

Also, keep sensitive information under lock and key, providing limited access on a need-to-know basis. Identify and mark as confidential proprietary and trade secret information. Restrict access to sensitive locations where information is stored and implement policies regarding the use of confidential information.

An employee is leaving; now what?

It is critical to conduct an exit interview. Confirm the new employer, the nature of the new employment and that the employee has returned your corporate property, and have them acknowledge their obligations under agreements that continue post-employment. The information should be reported in an exit interview acknowledgement form and signed by the departing employee.

Provide departing employees with a copy of agreements. Discuss continuing obligations. Even if no agreements were signed, departing employees should be reminded that they continue to have obligations to not use or disclose your confidential, proprietary or trade secret information.

The departing employee should acknowledge receipt of agreements that continue subsequent to their employment and confirm that they do not have and will not use confidential, proprietary or trade secret information. Evasive answers or a refusal to sign the acknowledgement form should be a red flag.

What steps can you take if a former employee violates agreements or takes corporate assets?

If you discover that the departed employee is violating his or her agreement or using your confidential, proprietary or trade secret information, take immediate action to protect these assets. Failure to address violations can affect not only issues related to this employee but future enforcement actions, as well. It is critical to move swiftly, aggressively and with a finely tuned strategy that incorporates your needs, governing law and state nuances.

What if personal information is taken?

One of the biggest areas of exposure for employers is the protection of personal information. Personal information — a name, coupled with a Social Security number or financial information — of employees and customers requires heightened protection, and, if taken or disclosed, requires a certain response. The average data breach costs a company more than $500,000. In addition to lawsuits from individuals, you are also open to actions from states’ attorneys general offices. It is critical to talk with an expert in this field to review what protections you have in place, what protections you must have in place and what you must do, pursuant to state statutes, should personal information be compromised.

Without question, protecting your company’s assets and avoiding substantial losses as a result of a data breach should be at the top of your list. You spend far too much time and far too many resources building and developing your business assets to just have them walk out the door.