Several factors amplify the risk. The sheer volume of job transitions creates a larger pool of individuals with access to sensitive information, increasing the likelihood of inadvertent or intentional disclosures. Layoffs can breed resentment and potentially motivate individuals to misuse sensitive information. “If you leave on bad terms with a company, you might be more likely to make some bad decisions,” Smolowe said. This risk is bidirectional, as companies hiring from competitors must also be vigilant about incoming trade secrets. “If you’re Company Y, and you’re hiring a bunch of people from Company X, it would be wise to make sure that you’re not getting Company X’s trade secrets when all those new employees come over,” Smolowe emphasized.
The consequences of trade secret misappropriation can vary widely. “Most of these cases are resolved via pre-litigation negotiation, letters back and forth, or they’re resolved pretty quickly,” Smolowe said. “Occasionally, you get into big litigation, and once in a while, a trial or an injunction or things like that.” There are provisions for criminal liability too. “But you’re not usually going to see that without some intentional conduct,” Smolowe added.
On the unintentional side of things, the rise of remote and hybrid work models has caused problems through blurring the lines between personal and professional digital spaces. The ubiquitous smartphone, coupled with cloud storage and various messaging apps, provides several avenues for confidential information to inadvertently commingle with personal data. “The line between separating your work and your personal life isn’t as clear as it used to be,” Smolowe said.
From USB drives to the cloud
In the not-so-distant past, the primary concern for companies was the physical removal of sensitive information. “About 15 years ago, something you would see a lot in trade secret misappropriation cases is people having thumb drives or removable devices that they took from one place to another, either intentionally or sometimes inadvertently, in their car,” Smolowe recounted. “And then somehow litigation ensued, and it turned out they had it, and that wasn’t great.”
Over the years, it has become more common for companies to prohibit the use of removable devices on company computers or to require special permission before doing so. But the rise of cloud computing has fundamentally reshaped the landscape of IP theft. Vast amounts of data now reside in the cloud, making virtual access control the new frontline in protecting sensitive information.
The ease with which information can be moved and shared in the cloud presents a unique set of challenges. “There are still ways to move information,” Smolowe said. “People might take a photo of something in a presentation, and then they’ve got a photo on their phone. There’s stuff in the cloud that syncs to your phone.” The vulnerability extends beyond scientific formulas and manufacturing processes to include customer plans, sales data, and other business-related intellectual property.
Remote work also can lead to IP security headaches
The rise of remote and hybrid work models has further complicated the IP protection landscape. The traditional boundaries between work and personal life have become increasingly fuzzy, creating new challenges for both employees and employers. “The line between separating your work and your personal life isn’t as clear as it used to be,” Smolowe observes. “Some people still have separate phones for work and personal. A lot of people don’t. So there’s a lot of opportunity for mixing the personal and the work, in a way that creates an opportunity for work stuff to get into your personal possession.”
This intermingling of personal and professional digital spaces increases the risk of inadvertent IP breaches. An employee might unknowingly retain access to confidential information on personal devices or cloud accounts long after leaving a company. The ease of digital transfer also makes it simpler for disgruntled employees to intentionally misappropriate sensitive data.
The risk of IP misappropriation isn’t just about deliberate theft. Unintentional breaches are another potential landmine. Smolowe highlights the complexity of this issue: “Let’s say you have a completely well-meaning person who’s not trying to take anything. But they’ve been fired, and now they’ve been hired at a new company. They’re doing something similar and trying to figure out in your brain, like, ‘Okay, I was trained at this other place. I know there’s some stuff I’m allowed to use and rely on, and some things I’m not.’ And maybe I know that I can’t use the recipe for such and such a drug. But what can I use? These are not always easy questions to answer.”
While such unintentional cases of IP vulnerabilities may be less dramatic than the “cinematic” stories of employees “spiriting away hard drives in their clothes,” they are more common and perhaps more insidious. Each time an employee moves between companies, even with the best intentions, there is a degree of risk of carrying bits of confidential information. As Smolowe puts it, “I think a really well-meaning person who’s doing their best to differentiate between stuff in their heads is probably, as a general matter, not facing a huge amount of risk. I think the more significant risk comes when you have a larger group of people moving from one company to another.”
No ‘one-size-fits-all’ approach to IP protection
Regardless of company size, there are several best practices that can significantly mitigate the risk of IP theft, although the details vary based on company type. Smolowe emphasizes the importance of thorough exit strategies and onboarding practices. For departing employees, she advises conducting exit interviews that serve as gentle reminders of IP ownership: “Remind people that the intellectual property of their company belongs to their company and they shouldn’t take anything.” This includes prompting employees to check various locations where confidential information might linger, such as personal email or cloud accounts.
Smolowe elaborates on the importance of these exit interviews: “You’d be surprised at how much that can help. Just remind people, ‘Hey, we’re paying attention to this and here’s some places you should look and you need to return all your property before you leave. And if you find anything else, you got to send it back or contact us.'”
On the flipside, when welcoming new employees, especially those joining from competitors, Smolowe suggested a direct approach: “Talk to them when you onboard them. Say, ‘Hey, do not bring over any property from your previous employer. We don’t want it,'” she said. At this stage, employers can also remind the employee to scrub their personal devices and accounts of any lingering information from their previous job.
While fostering an IP-aware culture is crucial, there are inherent complexities. Companies should help provide clarity to help employees navigate gray areas, especially for new employees transitioning between companies. “They’re trying to figure out in your brain, like, ‘Okay, I was trained at this other place. I know there’s some stuff I’m allowed to use and rely on, and some things I’m not,'” Smolowe explained. It is possible that new workers know they can’t use the exact formula for a specific drug, but the specifics of what they can use are often unclear.
Some companies employ advanced measures to protect their IP. “On the really extreme end, there are companies that have very fancy computer software in place to monitor exactly where files are moving at any one time, or certain things are password protected, even beyond the general login that you need to get into your computer.” However, Smolowe cautions that not all confidential information requires such high-level protection: “But there’s lots of confidential stuff that isn’t protected at that high level, and sometimes people might email it to themselves. Sometimes people might print something out and have a hard copy whole file.”
While these best practices provide a solid foundation, Smolowe cautions against a one-size-fits-all approach: “It’s pretty context-dependent. I don’t think it’s only company size, though. I think it just depends on the company. Some companies are more focused on this than others, and I think it is important to note I can speak to some differences, but it is important not to generalize and to understand that there is a wide range of protections that different companies take.”
Filed Under: Legal precedents and interpretations