Ifemployees are being permitted to perform work from personalcomputers or firewalls have been disabled to permit remote work,employers should consider prohibiting sending or storing of companyconfidential information.

Legal protection of trade secrets under both the Uniform TradeSecrets Act (UTSA) and the federal Defense of Trade Secrets Act(DTSA) depends on whether a company takes "reasonable measures" tosafeguard the secrecy of the information. Many companies satisfythis obligation by implementing policies, controlled access towhere such information is used and stored and IT securitymeasures.

Related: Cybersecurity fears keeping CEOs up atnight

With millions of American workers hastily shifting to a remote-work arrangement during the pandemic,employers must be mindful of the risks to proprietary informationpresented by this changed work environment.

Revisit policies

Policies and protocols that were drafted premised on restricteduse of trade secret information on the employer's premises willneed to be reviewed and revised. Without revisions, an employercould be perceived to be negligent or selective in its enforcementof safeguards. If employees are being permitted to perform workfrom personal computers or firewalls have been disabled to permitremote work, employers should consider prohibiting sending orstoring of company confidential information on personal emailaccounts, portable storage devices or personal cloud accounts.

Guard the home office

Reminding the workforce that their contractual obligation toensure that confidential information remains confidential appliesequally at their remote worksite. Employers may want to provideemployees with guidance or directives about where work involvingtrade secret information can be performed. Depending on thesensitivity of the information, employers could require all work tobe done in a room in which only the employee has access or that allinformation be locked away.

With the new popularity of videoconference meetings, employeesshould be mindful of trade secret information in the backgroundthat may be visible to outsiders. This risk is amplified if aspouse or partner also shares the workspace and is not aware ofwhat is or is not considered to be confidential. Employers mightalso recommend that hard copies of documents that employees tookhome or printed while at home be shredded or disposed of properlywhen the employee returns to office.

Be mindful of departing employees

Traditionally, a large percentage of trade secretmisappropriation involve a departing employee that takesproprietary information with them. The exit interview of adeparting employee was the best opportunity to recover all companyproperty, to remind the employee of their ongoing confidentialityand other contractual obligations, and to ensure that the employeehad taken adequate steps to search for and return all companyinformation in their possession.

With a large influx of employees being furloughed or laid off inthe weeks following the enactment of the stay-home orders, exitinterviews were excused or became cursory. The challenges ofterminating an employee who is remote, including the return ofcompany property, must be fully considered. While laptops can beshipped back, it is critical to take steps to ensure that theemployee has returned or destroyed hard copies of materials and hassearched for deleted confidential information on personal devicesor in cloud storage accounts.

In this chaotic environment, employers may forget to disable theworkers access to company systems, shared drives or outside accountaccess to databases such as Salesforce.

Work with IT to strengthen safeguards

It has been reported widely that phishing and relatedcyberattacks have increased when the remote work arrangementscommenced. With the assistance of IT professionals, companies maywish to implement additional protocols to ensure that trade secretinformation is not unwittingly compromised:

• Changing settings of company-issued or personal computers tolock the screen after a short period of non-use.
• Requiring all work to be done on the company's secured network,like a VPN.
• Requiring employees to password-protect their home WiFisystem.
• Prohibiting transmission of confidential or trade secretinformation and instead using shared drives or cloud accounts thatthe employer sets up with access rights limited to a need-to-accessbasis.
• Increasing training and reminders to employees about maliciousemails and other security compromising tactics.
• Implementing remote lock-out and wipe capabilities to companydevices should they be misplaced or stolen.

Each company must assess what practices suggested above are"reasonable under the circumstances" to maintain the integrity ofits trade secrets taking into account how work is performed. Thereare some suggestions that might be stifling to productivity andothers that may be cost prohibitive. What may be reasonable to onebusiness may not be reasonable for another. Instead, therecommendation is to think about many of the safeguards that are inplace at the office and how the remote work environment hasrendered those safeguards less effective.

Even in jurisdictions that are reopening, employers shouldconsider the issues presented above and formulate a plan to ensurethat confidential information and materials follow the employeesfrom home back into the office.

KorayBulut is a partner in the employment group at Goodwin and focuses his practice onemployment law, with an emphasis on litigation matters.

Read more: 

• COVID-19 & 5 data breaches combine into acyberstorm
• How will states handle data privacy legislationafter COVID-19?
• COVID-19 cyber threats: A checklist for a remoteworkforce