How to safeguard confidential information about your company


By Huifen Zheng, legal counsel. All views expressed here are strictly in her personal capacity.

safeA company’s confidential information forms part of its assets. Such information includes the client base, corporate setup, and most importantly — ideas.

Most startups begin with one bright spark of an idea that the team works to translate to a viable business model. But there is nothing to stop key employees or co-founders from jumping ship and trying to take confidential information with them to a new setup.

How can such ideas be protected?

Resorting to legal action is never cost effective and most startups simply lack the cash to pay lawyers’ fees. Here are sensible ways for managing the flow of confidential information within the company. I’ll also briefly discuss intellectual property protection at the end.

1. Ensure all founders and employees sign non-disclosure/confidentiality and assignment agreements.

A non-disclosure or a confidentiality agreement is a document in which one or both parties agree to keep certain information confidential. In the case of a co-founder or an employee, the agreement to keep secrets will be one-way, i.e. that the co-founder or employee will not disclose any confidential information that they have access to while working for the company.

This applies even after that person leaves the company. This restriction can be for a few years after leaving, or perpetually. It depends on how strict the company wishes to be.

Separately, an assignment agreement will state that whatever work product generated by the co-founder or employee while working for the company, will be fully assigned to the company.

Taken together, these two documents will mean that the company owns the work generated, and that the co-founder/ employee is required to keep such information confidential.

2. Keep information on a “need to know” basis.

Even after the documents in point 1 above have been signed, sensitive information should still be carefully guarded. Employees should be able to access enough information to do their work well, but no more. For example, do not save your product’s source code without encryption in a public shared drive, or leave client lists lying in plain sight.

You can’t leak what you don’t know.

3. Be vigilant about transiting and former employees.

When an employee has resigned and is serving out her notice, it’s possible that she may transmit confidential information outside. I’d suggest that an employee who has tendered her resignation completes any handover as soon as possible and serve the rest of the notice period away from the office (and from access to company information). This is known as “garden leave”.

At the exit interview, it’s always useful to remind her of the confidentiality requirements in her employment contract or non-disclosure agreement (see section 1 above).

If the employee was a key member of your team, it may be useful to monitor who her new employers are. If she joins a competitor, keep an eye out for the work done and new releases by said competitor – does the competitor appear to be using an idea similar to yours, or approaching the same customers but at a lower price?

4. Write to the infringing party, and to customers/ business partners, if necessary.

If you have good reason to believe that information has been taken and confidentiality breached by your former employee, collect as much evidence as you can around it, for example:

– comparisons between your product and the competitor’s

– emails that your employee has sent from her office account to her personal account (this may require IT forensics)

– testimonials from customers/ partners (that the former employee approached them seeking to switch business from your company to her new employers)

When you have a good collection of evidence, write to the former employee, copying her new employers. State the facts you have regarding the supposed confidentiality breach, and that you have good reason to believe that sensitive information belonging to your company was taken. Request that the infringing conduct stop immediately.

Caution: do not take the step of writing unless you are sure of the infringement, and can back it up with evidence (not merely anecdotal or hear-say stories). Testimonials from customers who were approached by the former employee are evidence; gossip from industry peers is not.

You are at risk of a defamation suit if you say something about a person which is not true or which you cannot prove with evidence.

5. When the time is right, consider obtaining intellectual property protection for your product idea.

Remember, there is no copyright in ideas. Copyright only protects the expression of ideas. Just because you and your team came up with an idea first does not stop someone else from taking the same idea and developing it into a workable product.

If there is enough cashflow and your product is sufficiently mature i.e. Almost ready to go to market, you may consider applying for a patent over the key elements of your product. However do note that the downsides of a patent application:

– Patents are country-specific, there is no such thing as a “international patent”. Generally, you will apply for patent protection in the countries where your main markets are in. However this does not stop someone from making and selling a copy of your product in markets where you did not apply for protection.

– Once your patent application is granted, part or all of the patent claims will be made publicly available. This could allow others to look at the elements of your product and attempt work-arounds.

– Patents are expensive to apply for and to maintain – you are looking at around Usd 5,000 legal fees upfront (more if the patent is complicated or if you apply for protection in more than one country). If the patent is granted, there will be annual maintenance fees.

– even if you suspect that there is infringement of your patent by someone else, it will again be expensive to prove the case and bring the matter to court.

Photo: Squacco

About the author

huifen zheng picHuifen is a corporate counsel for an European MNC in Singapore, and has been a mentor with JFDI.Asia since 2012.

(And yes, we're serious about ethics and transparency. More information here.)

Read More