Managing IP is part of the Delinian Group, Delinian Limited, 8 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2023

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

The risk of trade secret misappropriation while working from home continues

Sponsored by

tillekegibbins.png
Remote working from home. Freelancer workplace in kitchen with laptop, cup of coffee

With many employees in Thailand working outside their company's normal IT security fence, their increased use of their own computers and devices instead of those in their offices with standard or enhanced security mechanisms has made it more challenging for employers to control access to key business information. In the rush to set up a fully or partially remote workforce, most companies have had little time to establish work-from-home guidelines on protection of their valuable intangible assets like trade secrets and confidential business information. The need for sufficient internal guidelines on copying files to USB drives, emailing files to personal accounts, and uploading to cloud storage is already widely recognised, but who could have imagined the need for rules precluding sharing proprietary information over Zoom, Skype, Webex, and such programs?

In addition to misappropriation by employees, many organisations have also seen hackers exploit vulnerable IT protocols and bait people with emails related to the current health crisis. Phishing and ransomware emails have been used to lure people working from home in attempts to access protected systems. Hacking of smart home devices has resulted in recordings of confidential conversations being transmitted to not only Amazon, Google, and other providers but to hackers and thieves as well.

HR tasks

A top concern for companies in Thailand should be revisiting rules for handling and maintaining confidential business information. This should include a refresher in employment agreements or individual confidentiality agreements (particularly for key personnel) to accommodate work-from-home realities. To prove a case against a trade secret infringer, the owner must show that care was taken to maintain the confidential information. This would include regular reminders to employees defining "confidential information," "trade secrets," and their duty to maintain confidentiality. Many will already be familiar with a company's rules on information disclosure, but this is complicated by new patterns of external communication, often involving online collaboration and meeting tools. For document sharing, companies might employ secure transfer solutions like password-protected FTP programs, time-limited document viewers, and limitation of the number of downloads.

For businesses forced to lay off or furlough employees, work-from-home realities make the exit interview even more important. Along with existing requirements such as return of company property, companies should secure additional undertakings, such as assurances that no unauthorised copying or downloading occurred, no company information is retained, and no confidential information was shared without authorisation. If the departing employee was on an research and development, design, or engineering team, an enhanced exit interview is an ideal time to effect IP assignments or other necessary declarations. Even if the research project is incomplete, companies might consider filing provisional patent applications with the employee's written assurance that follow-on applications will not be jeopardised.

IT tasks

The IT team can complement these HR efforts by updating existing security measures, implementing new ones, and explaining changes to employees. This might include a new personal device use policy with an explanation of the employer's right to track and monitor its own devices as well as those of the employee who uses them for their work–all legal in Thailand, as it is in most jurisdictions so long as employees are made aware. Personal devices will be at greater risk of hacking than fenced-in company IT architecture, so the IT team should also install necessary security on personal devices used for company work. If employees are allowed virtual private networks (VPNs) or other remote access, employers should decide about potential restrictions on downloading, copying, or transferring files.

While no business in Thailand can completely insulate itself from leakage of proprietary information, most can take steps to significantly reduce the risk, mitigate damages, and prove that reasonable care was taken to protect their property.

adcock-alan.jpg

Alan Adcock

more from across site and ros bottom lb

More from across our site

Counsel are eying domestic industry, concurrent PTAB proceedings and heightened scrutiny of cases before institution
Jack Daniel’s has a good chance of winning its dispute over dog toys, but SCOTUS will still want to protect free speech, predict sources
AI users and lawyers discuss why the rulebook for registering AI-generated content may create problems and needs further work
We provide a rundown of Managing IP’s news and analysis coverage from the week, and review what’s been happening elsewhere in IP
A technical effect must still be evident in the original patent filing, the EBoA said in its G2/21 decision today, March 23
Brands should not be deterred from pursuing lookalike producers, and an unfair advantage claim could be the key, say Emma Teichmann and Geoff Steward at Stobbs
Justice Mellor’s highly anticipated ruling surprised SEP owners and reassured implementers that the UK may not be so hostile after all
The England and Wales High Court's judgment comes ahead of a separate hearing concerning one of the patents-in-suit at the EPO
While the rules allow foreign firms to open local offices and offer IP services, a ban on litigation and practising Indian law could mean little will change
A New York federal court heard oral arguments this week in a copyright case pitting publishing giants against a digital library