For decades, companies relied on non-compete and non-solicitation agreements as a primary protection against employees taking IP and trade secrets to a competitor. But today, legal and cultural tides are turning against restrictive "employee covenants," and organizations are falling back on trade secret litigation to protect themselves from increasing IP theft. But trade secret claims put a high burden of proof onto plaintiff organizations, and to meet this higher standard, organizations need to radically shift how they monitor and protect their "secret sauce" files and data.
The slow death of the non-compete agreement
Despite ubiquitous use, non-competes and other employee covenants have long been difficult to enforce in court. Legal precedents have increasingly sided with defendants (ex-employees), citing non-competes and non-solicitation agreements as anti-capitalist and anti-free enterprise. Over the last decade, growing cultural and political focus on workers' rights has led state and local governments to increasingly restrict the use of employee covenants. This trend was accelerated by the pandemic, as the Great Resignation and historically tight labor market gave workers power to make demands — and pushed employers to make changes to attract and retain employees. All of this came to a head this summer, when President Joe Biden signed an executive order deputizing the Federal Trade Commission to "curtail" the use of non-compete agreements.
Trade secret claims rise along with surging IP theft
IP and trade secret theft is on the rise, accelerated by several impacts of the pandemic. Contrary to the most salacious headlines, most IP theft isn't strictly malicious; it's just people "looking out for #1," taking information to help them land or excel in their next gig. Without non-competes to protect against this, companies are instead falling back on trade secret litigation that more specifically focuses on the theft and/or use of the proprietary information in question. A report from Bloomberg Law notes that federal data shows trade secret cases are up more than 400% in the last decade.
A higher burden of proof
The surge in trade secret cases has led state courts to tighten standards for these claims, requiring plaintiffs to deliver clear proof of the alleged theft before discovery. This is intended to protect against a company using a spurious trade secret allegation to gain access to a competitor's trade secrets during discovery. In essence, evidence that an ex-employee is using proprietary information (i.e., a competitor introducing a copycat product, or targeting your key accounts) no longer meets the burden of proof for a trade secret claim. You need to be able to show exactly how and when that proprietary information was taken by the employee — and you need to provide this contextual evidence before any subpoenas are issued.
To protect trade secrets, focus on the trade secrets — not employees
With empowered workers jumping ship more eagerly than ever and cloud-based tools making it easier than ever to take files, IP theft is an urgent problem for every organization. To protect themselves, companies need to shift focus away from controlling or limiting what employees do — non-competes are unenforceable, and conventional data protection tools that try to block data exfiltration just can't keep up with the myriad ways employees can move files.
Instead, organizations need to focus on the trade secrets themselves. As a JD Supra essay on this topic noted, in lieu of non-competes, "take stock of your confidential information and your valuable business relationships. Then, focus your efforts on protecting those without limiting an employee's ability to move up in his or her career." Companies would be wise to add: "and without limiting an employee's productivity and collaboration" to the end of that sentence, as far too many are still using outdated, hamfisted DLP and blocking tools that restrict their employees' ingenuity and innovation — and impede their business' speed and agility.
3 Keys: Visibility, Signal & Response
The keys here are deep visibility and a clear signal of risk that drives a faster, more effective response. You need comprehensive visibility of all your data — across all channels, on and off the network. And you need to hone the tremendous noise of all that data activity down to a high-fidelity signal of risk. With this visibility and signal, you can immediately see when an employee does something suspicious, you can immediately dig into context to determine risk — and you can act fast. In most cases, a polite note from HR or Legal — "We know what you took; we want it back." — will be more than enough. And should you need to take legal action, you'll have everything you need to prove your trade secret claim upfront.