Protecting Intellectual Property – The Importance of the HR Department

Often in our investigations into uncovering wrongdoing in respect of company intellectual property rights, company stakeholders are unaware of the importance of having appropriate and necessary information within their employee handbooks and/or contracts in respect of confidential information.  

If your company is reliant on bespoke data sets held in a database, or uses a custom made application or algorithm that gives you a competitive advantage, then our series of articles will provide advice on how to safeguard your intellectual property and confidential data.  

Staff turnover is not a new concept.  Employees seeking to join competitive businesses or setting up their own start-up business is not uncommon.  Whilst most employees will be seeking pastures new hoping to increase their salary or believing they can bring something new to the market with their own start-up, HR departments should be taking a keen interest in their activities prior to employment cessation.

For some, the temptation to take confidential information or company intellectual property (IP) to assist in their transition proves too strong, sometimes innocently, sometimes not so.  For employees unaware of their responsibilities in respect of confidential information or IP and its ownership, there is a genuine dawning of horror as it is communicated to them that they may have broken the law infringing the intellectual property rights (IPR) of the company.  For others, the intent may be compounded by the evidence of an attempted cover up.

What can you do to ensure information remains confidential?

Forward thinking organisations should already have evidence preserved in advance of a staff member leaving. Irrespective of whether this is the case, a few basic policies and procedures applied from the offset should minimise the risk of potential theft of confidential data/intellectual property by employees.

Ensure your HR team has standard operating procedures to inform new starters of their responsibilities in respect of company confidential data and any intellectual property.  Ensure employees have read and understood any intellectual property clauses and are clear who is the owner of any IP. Obtain a signature to confirm they have read and understood all terms. For a brief overview of how intellectual property is classified, gov.uk provide a brief explanation here.  

IT Group has a wealth of experience in investigating suspected Intellectual Property infringement. In cases where infringement is determined, our experts can ensure all infringed material is securely removed by performing the necessary forensically sound deletion procedures.  In a recent case, our consultants identified infringement of over 2000 database records netting the infringing ex-employee over £87,000.00 in revenue. This was identified using a database query to find payment receipt information contained within the database in respect of the identified infringing records.

To a degree, the rise in IP theft has been exacerbated by the use of personal mobile devices in the workplace. There are numerous methods of transferring data using electronic means at the employee’s disposal and with the advent of Bring Your Own Device (“BYOD”), it may be that the employee has not needed to use company devices.

To mitigate this, all organisations should have standard policies in place for computer use and electronic communication in respect of, BYOD, Company Owned Personal Equipment (COPE) and communication equipment. For more information about how to execute and implement an effective BYOD policy, gov.uk also provide guidance on the key security aspects to consider here.

In the era of BYOD the efforts made by a company in caring for their confidential information should be re-doubled, yet seldom is this the case. A number of organisations are still only equipping themselves against threats posed by outsiders.  Employees who as part of their daily role have contributed towards gathering customer information, personal details, inputted database records, developed systems or applications often believe since they gathered or created it, they own it, and it is their information/work/data to share and or copy as they please. This is rarely the case.  There are stringent rules in respect of intellectual property and organisations have a responsibility to ensure that these are communicated to each employee or sub-contractor to avoid any misconception that could ultimately lead to litigation.

Common methods of transporting confidential data/intellectual property include email (company account to a personal account), copying onto a portable USB memory device or other portable media item, or even theft of the actual backup media itself.  These methods are relatively simple to monitor and yet rarely is this carried out adequately.

If you suspect an employee may have intentionally taken confidential data/intellectual property then legal advice should be sought in order to obtain and retain any potential evidence of infringement.

See our next installment on how to protect your data using a technique called seeding.