The risk of trade secret misappropriation while working from home continues
Managing IP is part of Legal Benchmarking Limited, 4 Bouverie Street, London, EC4Y 8AX
Copyright © Legal Benchmarking Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

The risk of trade secret misappropriation while working from home continues

Sponsored by

tillekegibbins.png
Remote working from home. Freelancer workplace in kitchen with laptop, cup of coffee

With many employees in Thailand working outside their company's normal IT security fence, their increased use of their own computers and devices instead of those in their offices with standard or enhanced security mechanisms has made it more challenging for employers to control access to key business information. In the rush to set up a fully or partially remote workforce, most companies have had little time to establish work-from-home guidelines on protection of their valuable intangible assets like trade secrets and confidential business information. The need for sufficient internal guidelines on copying files to USB drives, emailing files to personal accounts, and uploading to cloud storage is already widely recognised, but who could have imagined the need for rules precluding sharing proprietary information over Zoom, Skype, Webex, and such programs?

In addition to misappropriation by employees, many organisations have also seen hackers exploit vulnerable IT protocols and bait people with emails related to the current health crisis. Phishing and ransomware emails have been used to lure people working from home in attempts to access protected systems. Hacking of smart home devices has resulted in recordings of confidential conversations being transmitted to not only Amazon, Google, and other providers but to hackers and thieves as well.

HR tasks

A top concern for companies in Thailand should be revisiting rules for handling and maintaining confidential business information. This should include a refresher in employment agreements or individual confidentiality agreements (particularly for key personnel) to accommodate work-from-home realities. To prove a case against a trade secret infringer, the owner must show that care was taken to maintain the confidential information. This would include regular reminders to employees defining "confidential information," "trade secrets," and their duty to maintain confidentiality. Many will already be familiar with a company's rules on information disclosure, but this is complicated by new patterns of external communication, often involving online collaboration and meeting tools. For document sharing, companies might employ secure transfer solutions like password-protected FTP programs, time-limited document viewers, and limitation of the number of downloads.

For businesses forced to lay off or furlough employees, work-from-home realities make the exit interview even more important. Along with existing requirements such as return of company property, companies should secure additional undertakings, such as assurances that no unauthorised copying or downloading occurred, no company information is retained, and no confidential information was shared without authorisation. If the departing employee was on an research and development, design, or engineering team, an enhanced exit interview is an ideal time to effect IP assignments or other necessary declarations. Even if the research project is incomplete, companies might consider filing provisional patent applications with the employee's written assurance that follow-on applications will not be jeopardised.

IT tasks

The IT team can complement these HR efforts by updating existing security measures, implementing new ones, and explaining changes to employees. This might include a new personal device use policy with an explanation of the employer's right to track and monitor its own devices as well as those of the employee who uses them for their work–all legal in Thailand, as it is in most jurisdictions so long as employees are made aware. Personal devices will be at greater risk of hacking than fenced-in company IT architecture, so the IT team should also install necessary security on personal devices used for company work. If employees are allowed virtual private networks (VPNs) or other remote access, employers should decide about potential restrictions on downloading, copying, or transferring files.

While no business in Thailand can completely insulate itself from leakage of proprietary information, most can take steps to significantly reduce the risk, mitigate damages, and prove that reasonable care was taken to protect their property.

adcock-alan.jpg

Alan Adcock

more from across site and ros bottom lb

More from across our site

INTA has postponed its planned Annual Meeting in Dubai, but the organisation should think carefully about whether it wants to go there at all
The firm has named its new managing director after its former Asia head resigned earlier this year
As law firms explore how best to support clients at the UPC, members of the UPCLA network believe they have found the best of both worlds
The Industry Patent Quality Charter hosted a conference in which it discussed the importance of granting high-quality patents
Julia Holden explains why, if she weren’t in IP, she would be directing and producing live English-language theatre
The impact of the recently agreed treaty may be modest at first but is likely to become more significant over time
Meet the esteemed judges who are assessing the first-ever Social Impact Awards
Lawyers debate whether the Supreme Court’s ruling helps maintain confidence in the trademark system
We provide a rundown of Managing IP’s news and analysis from the week, and review what’s been happening elsewhere in IP
The group of lawyers, which includes seven IP partners, say they were impressed by ArentFox Schiff's wide-reaching experience
Gift this article