How often do you propose to plug a hole in a ship with your finger? To us - constantly!
Here is a regular application: make us an NDA with an employee to protect yourself from the disclosure of confidential information
For some reason, many in IT are confident that in order to protect company information, it is necessary and sufficient to sign with an NDA employee
However, the NDA with an employee is not a document at all that must be used to protect trade secrets in an employment relationship. As a result, the requirements for a trade secret regime are grossly violated. Software architecture, algorithms, calculations, and other know-how used in development remain unprotected.
Let’s figure out what's wrong here.
Let's start with the terminology. Non-disclosure Agreement (NDA) is a civil law agreement between two independent entities regarding the use of confidential information of the parties to such an agreement.
In labor relations, the employee is subordinate to the employer. Therefore, the protection of confidential information, including trade secrets, is ensured by internal (local) acts of the company (IP). One of such documents is the Non-disclosure obligation, which the employee gives after reviewing the Regulation on the organization's trade secrets.
In addition, the employee should be familiarized with the list of confidential information approved by order of the organization. And finally, the terms of confidentiality (protection of trade secrets) are included in the terms of the employment contract with the employee to ensure his responsibility for disclosure.
Exactly this way - by accepting and familiarizing the employee with a whole range of internal documentation - the legal protection of information constituting a company’s trade secret is ensured.
We add that the introduction of a trade secret regime in organizations requires, in addition to performing the legal measures that we discussed above, also ensuring the actual protection of confidential information from disclosure by adopting organizational and technical protection measures.
For example, if documents with confidential information are not isolated from documents with a normal level of access, the requirements to ensure that such information is kept confidential are violated. Consequently, any person who has obtained random access to such information will not be liable for its disclosure.
Thus, signing with an NDA employee does not solve the problem of protecting company confidential information, even to a first approximation. Information security requires a comprehensive solution.
Here are 5 easy steps to keep your trade secrets:
- Enter the mode of trade secrets in the organization. To do this, issue an order approving the Regulation on trade secrets, a list of confidential information, and the appointment of a person responsible for compliance with the regime.
- Familiarize employees with a signature on the Regulation on trade secrets and a list of confidential information.
- Take a written non-disclosure obligation from employees. To simplify the task of recovering losses from the disclosure of confidential information, include a specific amount of the disclosure penalty in the Obligation.
- Determine which documents contain confidential information from the approved list. Mark them with the mark “Trade Secret” and separate them from documents that do not contain such information.
- Limit actual access to documents containing trade secrets. Documents in printed form must at least be stored in a safe and issued against signature with a mark in the document movement journal. Protection of electronic documents should be ensured by setting access rights for users of the information system.
Use these simple tips to protect your business.