By Ruth Binger
The exponential growth of technology has created amazing efficiencies in how businesses operate. Such cost savings come with a cost and companies need to continuously adapt to the ever changing opportunities and vulnerabilities. In 2020, it is predicted that over 5 billion people will be using the Internet, and within the next decade 6 billion people will have a constant connection to the Internet. The growth of your business is inextricably combined with the growth of the Internet.
Below are 10 best practices for your businesses to consider as you move forward:
- Mandate Rules Regarding Recruiting and Background Searching on the Internet.
- Prevent low buzz stalking, cyber stalking or “creeping” in your Internet searches of applicants and employees. The practice is not prudent because you inevitably find out Protected Status Information that could lead to a viable claim by the applicant or employee of disparate treatment or discrimination.
- Protected Status Information in connection with employment decisions falls into the following areas: Title VII (sex, race, color, national origin, religion, and gender), ADEA (40 and over individuals), Genetic Information Discrimination Act (genetic discrimination) and state law protections such as sexual orientation, marital status, disability, political affiliation, gender identity, and lawful use of alcohol and tobacco.
- Create a company policy regarding recruiting Internet searches that includes having searches being done by those not making employment decisions so as to allow filtering of Protected Status Information.
- Likewise, do not ask for employee’s social media passwords.
- Do not use mobile phone applications for background check reports given that they violate the Fair Credit Reporting Act.
- Create a Computer Use Policy.
- Implement and publicize a policy that makes it clear that employees have no right to privacy with respect to their use of company computers, email systems and Internet connections.
- Clarify that all information created, stored, received or transmitted on or by any system or device provided by the company is owned by the company and the company has the right to monitor, search, access, inspect and read all information stored on its servers.
- Educate employees by alerting them to the fact that accessing private emails/social media sites leaves electronic footprints on the hard drives of company-issued computers.
- Further, advise employees that the company will monitor said footprints from time to time with no notice.
- Finally, recognize and carve out an exception for personal use of the company’s servers by employees so long as such use is limited, incidental and sporadic.
- Consider Actually Monitoring Employee Use.
- Assuming the company has a well-drafted and publicized Computer Use Policy as described in #2 above, consider spot or systematic monitoring. Employee web surfing can entail visiting websites, potentially creating a hostile work environment and/or criminal liability. In Holmes v. Petrovich Development Co., the Court ruled that an employee attorney-client privilege was lost for emails sent through a work email account because it was “akin to consulting her lawyer in her employer’s conference room, in a loud voice, with the door open.”
- Prevent Theft of Trade Secrets – Exercise Self-help.
- Theft is always an issue. Companies have frequently found evidence of “e-sabotage” where employees send confidential information from their employer’s computer system to their personal third party email.
- Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030 provides for a civil remedy for a company that “suffers damage or loss” by reason of a violation of the statutes. Some postings are for spite and cause the company to lose trade secret status. China trade theft has been in the news lately.
- Keep the Really Valuable Trade Secrets in Your Vault – Take Them off the Server.
- Intellectual property and trade secret theft via the Internet is a huge concern. Companies should take their secrets off their server to prevent cyber-attacks.
- Many trade secrets and intellectual property are stolen internally by employees. Treat employees who have access to sensitive information differently.
- In 2011, China’s Simoval, the world’s second largest wind turbine manufacturer, abruptly refused shipments of American Superconductors’ wind turbine electrical system. Simoval provided American Superconductor with 70% of its business – a total of $700 million. Evidence emerged that Simoval had promised $1.5 million to an employee of American Superconductor, and, in turn, the employee actually transferred a copy of the software to Simoval.
- Create a Narrowly-tailored Social Media Policy That Considers the National Labor Relations Act Issues.
- Employers cannot punish employees for engaging in concerted activity or implement policies that infringe those rights. Protected activities include soliciting co-workers to join a union, discussing poor work conditions or unfair wages with each other and appealing to the public.
- However, employees can lose protection if their posts are sufficiently “opprobrious” or disruptive of workplace activity or discipline, or if the posts constitute disparagement of the employer’s products or services.
- Employers have to tread very carefully in the determination of whether something is protected when reviewing questionable posts.
- Update Your Employment Manuals and Employment Agreements.
- Add electronic policies to your employment manuals and employment agreements including noncompetition agreements.
- Consider whether your salesperson should provide you the passwords to his/her LinkedIn account and Twitter account if his/her sole purpose is to market for the employer. In Eagle v. Morgan, a federal court ruled that an employer could claim ownership of a former executive’s LinkedIn account where the employer had a hand in the creation, maintenance and operation of the account. Social media platforms can be likened to a public rolodex with a relationship building element. For example, a Colorado Court allowed a trade secret misappropriation claim to proceed based on the theft of MySpace “friends” Christou v. Beatport, LLC (D. Colo. Mar. 14th 2011).
- Consider the Availability of Friendly Monitoring Tools for Voluntary Self-help.
- Consider providing, auto-analytic tools to encourage employees to gather data about what they do at work so they can monitor and perform their job more efficiently. Software like RescueTimes allows you to set up automatic alerts to help you control how long one spends at an open window, how long one has been idle, and how often one window switches.
- Curb Electronic Use to Avoid Bandwidth Problems.
- Wall Street Journal reported that Proctor and Gamble Co. sent an internal memo to its 129,000 employees limiting the use of Pandora Media Inc.’s sharing music and Netflix Inc.’s streaming movies. There are other sites that eat up bandwidth as well, such as YouTube.
- Create Policies Regarding Data Theft.
- Companies that collect personal data (social security numbers, credit card and banking information) should create policies and institute data compliance programs that prevent data theft and notify consumers of the theft of personal data.
- Almost all states have enacted created varying types of statutes requiring companies to notify consumers of a breach of their personal data. Given all the states are different, coordination is difficult. See Massachusetts (201 Mass Code Regs. 201, 17.03-17.05), California (Calif. Civ. Code Section 1789.02 (a)) and Wisconsin (Wis. Stat. Section 134.98) with respect to notice.
- There are also a host of federal statutes that could be violated, including federal antitrust laws, federal securities laws, FINRA broker standards, FTC online advertising guidelines as to endorsements and testimonials, and FDA regulations as to prescription drug advertising.
Technology will continue to change and business owners must keep up. As the Internet is increasingly accessed by smartphones as well as computers, the rules will change again and so will the best practices. Working with your attorney to keep your policies and procedures regarding social media and Internet usage updated should be your best practice.
Posted by Attorney Ruth A. Binger. Binger serves both emerging and mature businesses concentrating in corporate law, intellectual property and technology law, digital media law, and labor and employment law. Her commitment to the success of small to medium-sized businesses, and her understanding of multi-faceted issues inherent in operations, are what distinguish Binger’s practice.
04/20/12 12:35 PM
Filed under Business Law, Digital Media, Employment Law, Intellectual Property, Manufacturing and Distribution | Comments Off on 10 Best Practices for Protecting Your Company’s Trade Secrets, Internet Access and Good Will