On April 23, 2024, the Federal Trade Commission (FTC) released its final rule essentially banning noncompete agreements. On July 3, the rule, which was slated to take effect on September 4, 2024, was postponed when a federal court in Texas partially blocked the government’s ban on noncompete agreements. Subsequently, on July 23, courtesy of a ruling out of the Eastern District of Pennsylvania, the FTC got a win on the noncompete ban after its loss in the Texas court.
While the fate of the rule hangs in the balance, if enacted, it would enable an estimated 30 million employees of the American workforce who are bound by some sort of noncompete to change jobs more freely, including joining a former employer’s competitor or starting a competing business.
In its April ruling, the FTC almost universally banned noncompetes:
Under the FTC’s new rule, existing noncompetes for the vast majority of workers will no longer be enforceable after the rule’s effective date. Existing noncompetes for senior executives – who represent less than 0.75% of workers – can remain in force under the FTC’s final rule, but employers are banned from entering into or attempting to enforce any new noncompetes, even if they involve senior executives.
“According to the FTC, part of the reason for this change is to reap economic benefits. The FTC estimates an average increase of 17,000 to 29,000 new patents each year in the first ten years after implementation,” according to Diane Gabl Kratz, Director, IP Strategy & Operations, Dolby Laboratories. “Furthermore, new business formation is expected to increase annually by about 8,500 businesses, and the FTC estimates over $500 per year in increased earnings for the average employee.”
Potential implications if the rule takes effect
If enacted, the FTC rule creates a sea change for the business world, with a potential increase in trade secret enforcement and litigation. California, where noncompetes have been unenforceable for some time, provides an excellent example. In California, both state and federal courts have more trade secret misappropriation cases filed every year than any other state in the country. Rather than rely on noncompetes, companies have turned to trade secret misappropriation litigation as a means of ensuring former employees don’t take trade secrets and confidential information to their new employers.
There also are potential implications for breach of pre-existing contracts. If an existing cause of action, such as a breach of contract related to a noncompete clause already occurred prior to the effective date, it is not affected by this final rule. The actions are covered under the pre-existing contract.
“My understanding is that if a worker was in breach of a noncompete before the effective date…they can still be sued for breach of contract,” states Ben Herbert, Co-leader, IP Practice, Miller Barondess, LLP.
And there’s the pending immediacy. If the rule takes effect, Herbert notes, “the most pressing thing is that companies need to give notice to those noncompetes that are getting wiped out to the employees” and remind them of their obligations to maintain confidential information under their employment agreements.
10 ways to protect your trade secrets: Operate as if the rule will be finalized
Although legal challenges have delayed enforcement of the rule’s provisions at best and railroaded it at worst, this is a critical moment for companies aiming to keep their intellectual property safe from competitors—and companies should operate as if the rule as currently written will be finalized as expected.
In fact, 70% of IP theft occurs within 90 days before an employee’s resignation announcement, and a whopping 72% of departing employees admit to having taken company data when they leave, according to InfoSecurity Magazine.
1. Leverage NDAs and confidentiality agreements
As part of its ruling, the FTC found that instead of using noncompetes to lock in workers, “trade secret laws and non-disclosure agreements (NDAs) both provide employers with well-established means to protect proprietary and other sensitive information. Researchers estimate that over 95% of workers with a noncompete already have an NDA.” Regardless of whether the rule takes effect, NDAs are a critical tool in helping protect sensitive information.
Those agreements typically include defined terms that expire after a few years. Companies can include a carveout for trade secrets that do not expire until the trade secret becomes publicly known, along with mandatory destruction clauses requiring exiting employees to return or destroy confidential information.
“In any NDA, the term for trade secrets [should be] indefinite until it becomes publicly known. That’s the gold standard,” says Herbert.
Finally, while residual clauses used to be more common, it’s difficult to restrict the use of accrued industry knowledge gained through experience. If exploring residual clauses, examine the case law on the topic and ensure it is coextensive with other agreements specifically protecting trade secrets.
As this rule raises awareness about confidentiality and trade secrets, that awareness should extend beyond the employer/employee relationship to agreements and NDAs between companies, a company and a vendor, and the like.
2. Approach mergers and acquisitions with discipline
Company acquisitions always come with risk, especially involving an employer from another country where noncompete laws may be different or may not exist at all. While it’s best to require new employment agreements during acquisitions to mitigate risk, if the new employees acquired in the merger or the acquisition are not required to sign a new employment agreement, companies must be disciplined in ensuring that policies are consistent across locations.
“In some situations, new employees coming over in a merger or acquisition slip through the cracks and do not sign a new employment agreement. This is particularly risky if it’s a cross-border acquisition; that’s a place where you need to be very disciplined. You need to make sure that whatever policies you have on the ground for employees at the “mothership” are actually being followed at other sites around the world—assuming, of course, that those policies comply with local laws,” advises Gabl Kratz.
3. Provide multifaceted employee onboarding and training
With or without the noncompete agreements so many employers have relied on for protection, they augment trade secret protection and confidentiality protection with robust onboarding and training on what those mean for employees. To do so, they need to first define which information is confidential; what are considered the company’s trade secrets and IP; and what level of access each employee should have to that information.
“The term under federal law for trade secrets is defined very broadly and can capture quite a bit. Virtually all types of tangible and intangible assets from an organization are covered,” states Matthew Joyce, Vice President, Sales, IP Services & Solutions at UnitedLex.
Trade secret protection begins at onboarding when employees should be given company policies about device usage, ownership access privileges, as well as establishing a clear protocol for employee departures that includes returning devices and disconnecting access to company information.
As part of onboarding, employee handbooks should contain detailed definitions of trade secrets and receive signed acknowledgements from the employee.
4. Establish an exit process
Ideally, all employees should sign employment agreements, and during exit interviews companies can get a signed acknowledgement that the employee leaving understands their ongoing obligations related to sharing confidential information. The best-case scenario includes individualized letters for employees that list the types of confidential information they had access to, and secure written acknowledgement that they understand the consequences for sharing that information.
As employers, companies should establish a well-communicated and adhered to process for how they treat departing employees. Exit interviews can be helpful in ensuring positive outcomes as they provide an opportunity for employers to communicate expectations with regard to maintaining integrity of any known trade secrets during employment, acknowledgement of understanding from departing employees as well as time to process information or raise any concerns and/or address questions.
5. Establish clear device policies
As part of onboarding and training, employees should be provided with detailed guidance how company-issued devices and applications should be used, including accessing and storing company data on mobile devices, and collaboration tools used for communications. Having clear policies about which communication and collaboration tools are allowed, especially on company-issued devices, and enforcing them throughout an employee’s tenure helps reduce the threat of malicious actors using these tools to mishandle confidential information, IP, and trade secrets.
6. Conduct a data mapping exercise to locate trade secret and sensitive information
Knowing the exact locations of your trade secret and sensitive information, through data mapping, allows you to take steps to protect that data. Data mapping is the process of creating a comprehensive inventory of a company’s data, showing what types and formats of data the organization generates, uses, and stores, where that data is stored. It should also detail who is responsible for that data, and when it should be archived or deleted based on data retention obligations or retained due to legal hold.
7. Restrict and monitor access through physical and technological controls
Give employees access only to the systems and information necessary to do their job. Monitor the location of confidential information to identify unusual or unauthorized access. Many employees have access to more information than they need to do their jobs, including access to entire file shares where they can access information before they depart.
“If you can narrow the universe of folks that have access to trade secrets, that’s better,” says Herbert.
8. Establish preservation protocols for departing employees
Create a system where recovered devices from departing employees are quickly imaged and stored for analysis for a set amount of time before the device is repurposed to another employee. This ensures that a company can protect data from inadvertently being lost or destroyed when the device is transferred to another employee. Moreover, preservation ensures that any potential evidence uncovered during an investigation or anticipated litigation is not inadvertently destroyed, deleted, lost, or altered in any way.
9. Complete a forensic triage of departing employee devices
Proactive internal investigations of departing employees can help identify if they have destroyed, exfiltrated, or transferred proprietary information prior to departing the company; one of the surest approaches is through executing a forensic analysis of a departing employee (FADE).
“If there is a massive layoff, for example, and you have hundreds of employees who’ve lost their jobs, then you have hundreds of laptops that need to be investigated,” says Gabl Kratz. “These laptops could be sitting not for weeks, but many, many months. By the time you identify some sort of problem, it’s going to be a lot harder to properly address it. It’s likely too late to easily gather what you need and mitigate damage.”
Through a FADE investigation, companies can discover the efforts of individuals trying to cover their tracks, ensuring there was no unauthorized access or removal of IP, confidential information, or trade secrets by departed employees.
Warren Kruse, Vice President, Data Forensics & Preservation at UnitedLex, says, “We do a lot of triage when someone is suspected of leaving who is going to a direct competitor and maybe using the trade secrets or the confidential information or the IP. For example, if there’s any indication that they sent the ‘crown jewels’ to their email, their home email address, or copied it onto a thumb drive.”
“Unfortunately, what happens sometimes is it takes so long before employers realize that potentially bad actors are using their IP. If they don’t have a good exit process, the data might be gone before we even get the call. Maybe the new rule will force people to have a good exit process and to do a triage sooner rather than later.”
There have been tremendous advances in analyzing mobile devices. For many years following the proliferation of smart devices, companies could be locked out of them following collection as a departing employee failed to provide the password. Some companies had evidence rooms full of mobile devices they owned but couldn’t access. Recently, thanks to new software, forensic teams can now unlock cell phones they have the legal authority to access and conduct analysis to provide deeper data collection abilities.
10. Revisit trade secret strategies
Finally, the FTC notes that employers have other ways to protect proprietary company information, including through trade secret protection and enforcement. In the wake of the potential ban on noncompetes, employers should assess their current trade secret protection strategies and develop enhanced safeguards to protect those trade secrets from improper disclosure by departing employees.
Bottom line
While the fate of the FTC ruling hangs in the balance for now, and there are several other pending legal challenges that may add more wrinkles, the rule—whether it takes effect or not—should encourage all employers to assess the efficacy of their trade secret protection efforts and take steps to augment them.
This posting is a summary of a webinar hosted by UnitedLex on May 30, 2024, titled, Employee Departures: Digital Forensics, Noncompete Bans, & IP Protection, featuring Diane Gabl Kratz, Director, IP Strategy & Operations, Dolby Laboratories; Ben Herbert, Partner and Co-leader, IP Practice, Miller Barondess LLP, and Warren Kruse, Vice President, Data Forensics & Preservation, UnitedLex. Matthew Joyce, Vice president, Sales, IP Services & Solutions, UnitedLex, moderated the webinar.
Let’s talk about how UnitedLex can support your trade secret protection strategies with FADE and IP services.