Trade Secrets - Company Policies on Computing

Remember that having trade secrets means the business owner must take steps to protect those secrets. Today, we have several articles pointing out how security now includes electronic devices and media.

Business Daily News asks Is Your Blog Leaking Trade Secrets?.

While organizations scramble to protect themselves against the next big TJX-style data breach, they’re overlooking another risk: social networking. Nearly every organization has an in-house blogger — officially or not.

It doesn’t have to be a «minimsft.blogspot.com» — an insider blog often critical of the Microsoft to pose problems. An enthusiastic employee who’s not well-versed on corporate policy, a developer on public message boards, or even a personal blog where the employee occasionally discusses work all pose risks.

A recent survey by Forrester Consulting looked at this and other content-security problems. The survey was commissioned by Proofpoint, a provider of email security and data-leak-prevention solutions.

The July 2007 survey gathered 308 responses from U.S. companies with 1,000 or more employees. Forrester found that more twenty percent of those surveyed had investigated “the exposure of confidential, sensitive or private information via a blog or message board posting in the past 12 months.”

“Security and IT professionals are just starting to wake up to blogs and message boards,” said Keith Crosley, Proofpoint’s director of market development. “The main concern is still outbound email, but these other forms of messaging and networking can’t be overlooked.”

Do you have employee turn over? Trade Secrets Blog published BNA Report: Mobility = Trade Secrets Risk.

Corporate policies aimed at safeguarding intellectual property and
trade secrets are becoming increasingly important as the mobility of labor
markets grows and as the tools available for compromising critical corporate
data expand, a panel of employment and technology law professionals said Dec.
12.

Daniel Waldman, corporate counsel for San Jose, Calif.-based Cypress
Semiconductor Corp., said corporations must develop and execute vigorous trade
secret protection policies with the help of their legal, human resources, and
information technology departments. Such policies should become embedded in the
corporation's culture so employees understand that they play a vital role in
the protection of organizational assets.

As well as mobile employees, the article discusses mobile electronic devices:

Finally, Newman said tools capable of hijacking the organization's most
valuable assets are becoming increasingly sophisticated. While external storage
devices, PDAs, instant message communication equipment, portable hard drives,
and cell phones are the essential tools of business, they are also effective
vehicles for shifting sensitive data and trade secrets off company servers. In
addition, external e-mail systems can serve as convenient storage bins for
employees looking to rob the store.

"E-mail policies alone are woefully inadequate to protect a company's
trade secrets," Newman said. "With mobile employees working all over the world
outside the four brick-and-mortar walls of the headquarters and with the
sophistication of moving information off of company systems, new technologies
such as instant messaging and stand-alone storage drives need to be accounted
for in a trade secrets policy."

***

The process should produce policies governing who has access to critical
organizational information and on what terms. The organization must also
develop specific policies governing the use of storage devices and external e-
mail accounts.

"It is an important point because a company's encouragement of the use of
external devices can, in the context of potential litigation, affect the
argument that a trade secret has been protected," Weingard said. "You will
certainly see your adversary argue that the company did not adequately protect
its trade secrets."

I meant to write a post about Don’t Fall Victim to Electronic Abuses from WomenEntrepreneuer.com, but I must admit delay probably was a good thing. This article provides a bit more practical detail to discussion of company policies found in the other two articles.

"Do your employees use e-mail for company correspondence? Do your business partners conduct research on the internet? Does your company regularly back up and store the contents of its company computers? If so, your business is ripe for an electronic media and communications policy."

***

In addition to defining the scope of the policy and the terms of what is and is not covered, an electronic media and communications policy will likely address:

• Company ownership of all electronic communication systems and data sent from, received by or stored in the company's computers, e-mail, telephone or other systems.
• Employees’ expectations of privacy (usually, none).
• Use of the telephone, internet, e-mail, instant messaging and computers, and restrictions on personal use.
• Monitoring of employee communications, phone conversations, computers and e-mail.
• Data safeguarding measures to be followed (such as passwords, encryption and turning off computers when not in use).
• Transmission of confidential information.
• Reporting/grievance procedures and penalties for violations.

If you are interested in reading more that I have written on trade secrets, just click on the Trade Secrets link below next to the word "Labels".