Corporate secrecy – how to protect it?
5 December 2023 / Anna Żmidzińska / Articles
When an employee leaves your company, it can cause more than just problems related to having to recruit for his or her position or transferring responsibilities to a new employee. One of the more difficult situations you may have to deal with is:
– the possible departure of the employee along with the client (or staff of employees)
– a former employee’s use of your company’s secrets, e.g., within his or her newly established business or with a competitor;
– impersonation of your brand and use of your trademark (e.g., an employee who has worked with a particular company for years may be associated with it and use this fact in further contacts with customers).
Prevention is better than cure
The ideal situation is when you protect yourself in advance by entering into appropriate agreements with the people you work with, viz:
Non-competition agreements;
Non-disclosure agreements, the so-called NDA (a business secret is the right to confidential information that has economic value when the entrepreneur has taken reasonable measures to maintain confidentiality about it. It can apply to technical, organizational, financial information).
On the other hand, if you have not entered into the above-mentioned agreements, then you should consider whether the behavior of a former employee constitutes an act of unfair competition.This is because regardless of the contractual provisions, the employee is liable under the Act on Combating Unfair Competition and the Labor Code. A business secret arises independently of the contract, but it must meet several conditions:
– it must have economic value,
it must not be disclosed to the public, and
– should be identified by the entrepreneur as a business secret (the entrepreneur should take certain measures to protect this information from unauthorized persons).
If, despite the absence of a confidentiality agreement, this secret has been otherwise communicated (e.g., in the work regulations, in the content of an email) – then we can take civil or criminal action. On the other hand, a non-disclosure agreement definitely strengthens the position of the entrepreneur in case of a dispute with a former employee on this background.
An additional aspect that should be noted is that the confidentiality agreement should be “tailor-made”. Too general provisions in practice make it difficult to comply with.
Remember, too, that no contract is a 100% guarantee that your company’s secrecy will not be breached (even major corporations like Apple are vulnerable to this – see the high-profile case of two Chinese nationals stealing data on the “Project Titan” autonomous car model; despite the fact that they signed agreements obliging them to maintain confidentiality about the projects they were working on, and that the corporation’s work on developing advanced technology was covered by strict secrecy, it was breached).
How not to lose in court
An analysis of case law and court cases in which companies sue their former employees leads to the conclusion that if the cases are lost it is not because the information used by the employee could not be a company secret – because it is usually confidential data and has economic value. The reason for losing is usually that the employer did not take action, or took action, but not enough to make the information a business secret. That is, he has not taken reasonable measures to keep the information confidential, or he has not informed employees that the information in question is his business secret.
Ways of preserving confidentiality in a company consist of taking necessary measures, reasonable under the circumstances (organizational, IT and legal measures – third parties wishing to see information about the company would have to break security). In addition to the aforementioned non-disclosure agreement, these actions can consist of:
Marking documents with a confidentiality clause, a “company secret” clause,
Introducing individual logins and passwords for employees,
3 Setting different levels of access to information in the company.
Application of the “need to know” principle – ceding access to information to employees by limiting the circulation of information (not every employee must have access to every piece of information, it should be limited according to the scope of duties, the need to access certain data),
The puzzle principle – only information put together has real economic value (like a Coca-Cola recipe;)). Different people have access to different information, but do not have access to the whole,
Entering passwords for important documents,
Controlling the movement of visitors around the company (use of passes when entering the company),
Applying restrictions on access to premises,
Awareness and work organization culture of destroying unnecessary documents, leaving empty desks after work, hiding the most important documents in locked cabinets or safes.
Signing confidentiality clauses is recommended, of course, while other technical safeguards in the company and tools for possible tracking down the perpetrator of a breach (leakage of confidential data) should not be forgotten. Otherwise, the NDA agreement will not serve its purpose.
Secret weapon in the fight against competition – trademark registration
In addition, if your business is not a small, purely local enterprise, it is worthwhile to take care to protect its brand and register a trademark – in many cases it will then be sufficient in the event of infringement to use the resulting protective right or simply the protection provided by copyright law (there is a reversed burden of proof – you derive your rights to the brand from the certificate of registration itself – it is the competitor who, in order to invalidate it, must initiate a dispute and gather evidence himself).
The milk has spilled – what to do?
If you already know that your current/ex-employee is preparing to exploit your company secret (or worse, has already committed such a violation), and efforts to resolve the problem amicably end in failure, you should take legal action as soon as possible – bring a civil action for cessation of infringement and for damages, as well as file a criminal prosecution for violation of company secrets. Only quick and comprehensive action will protect the interests of your business. Remember that time works against you both for business reasons (longer lack of response = greater damage, number of lost customers, demotivation of remaining employees) and for legal reasons (difficulties of proof due to the passage of time and the start of the statute of limitations for possible civil claims as well as the criminality of the act).
In conclusion, first of all, we recommend securing the interests of the company at the earliest possible stage by preparing and implementing appropriate documentation, regulations, agreements and procedures in the company, while if your company is already dealing with a committed breach of secrecy then a detailed analysis of the factual and legal situation by our lawyers will help to take appropriate action on the measure and scale of the violations committed so as to minimize losses as quickly and effectively as possible.
We will tell you exactly what actions you can take in the case of a violation committed in the next section.
If you want to secure your business and take measures to protect its secrecy, we invite you to contact and cooperate with our experts.
Need help with this topic?
Write to our expert
Articles in this category
Can we keep our data safe in LLM (AI) models such as ChatGPT?
Can we keep our data safe in LLM (AI) models such as ChatGPT?Cyber Monday – how not to get ripped off? Cyber security for e-commerce customers
Cyber Monday – how not to get ripped off? Cyber security for e-commerce customers🛒 Mr buy, Mrs buy – consumer rights vs. B2B sales
🛒 Mr buy, Mrs buy – consumer rights vs. B2B salesThe internet has no borders – or the legal issues of selling services and products abroad
The internet has no borders – or the legal issues of selling services and products abroadI consent to … or data protection in e-commerce
I consent to … or data protection in e-commerce