Business resolutions for the new year
By, Brian E. Kasper, Esq.
New Years is a time for reflection and resolution. We reflect on the events of the past year and set our resolutions for improvement in the next. Though this is a notion largely embraced by individuals, it can and should be adopted by businesses as well. Reflection and resolution can improve efficiency, profitability, and client relations. But, more importantly, it can help to mitigate risks and prevent catastrophe.
One point of reflection and resolution for all businesses should be with regard to the protection of electronically stored information. Understanding the nature of electronically stored information, the inherent value of that information, and current security measures, is necessary to minimize the risk of any loss. But equally important is having a plan of a swift and effective response to prevent any further misappropriation or transmission of electronically stored information.
Though 2016 will likely be remembered for external attacks, hacked e-mails, and a show down between Apple and the FBI over access to an iPhone, the primary threat to businesses are internal breaches. Employees, partners, shareholders, members, agents, and others are typically given unquestioned access to confidential and proprietary information of a business. The logic and intent of this access is simple: Those individuals will use their access to better the business.
But what happens when the relationship sours? What happens if an employee copies information, or retains unauthorized access to information after either termination or voluntary departure? This may be of no concern if the employee does not utilize the information, but it could be of great concern if the employee joins or forms a competing entity. Given the nature of electronically stored information in today’s business environment, it could easily cripple a business.
This all begs the question, how can a business prevent or, minimally, mitigate the damage posed by this threat? As with many issues in corporate law, the key is to establish proper legal protections. As noted above, a business should understand the very nature, scope, and value of their electronically stored information. They should then categorize that information and define access levels to classes of employees. The next step is to draft employment agreements that are tailored to the business and nature of the protected information. This includes, but is not limited to, non-disclosure agreements, restrictive covenants, non-solicitation agreements, etc. These agreements will not only serve as mechanisms of enforcement in the event of a breach, but also as tools for any equitable action related to the exposure of confidential or proprietary material.
The next step is to regularly update those agreements consistent with the terms of applicable laws, such as the Computer Fraud and Abuse Act, 18 U.S.C. SS 1030, the New Jersey Computer Related Offenses Act, N.J.S.A. 2A:38A-1 et seq., and the New Jersey Trade Secrets Act, N.J.S.A. SS 56:15-1, et seq. The last step is to monitor access and use of confidential and proprietary information and to enforce non-compliance with the above agreements in the event of a breach.
But beyond those preventative measures, a business maintaining sensitive electronically stored information should regularly consult with experienced litigation counsel. This will not only serve to ease the above-referenced updates to employment agreements, but also aid in a rapid response in the event of a breach. Given the particularly sensitive nature of electronically stored information, it should go without saying that swift action in the event of a breach is necessary to prevent any additional misappropriation. But further, a swift response plan may serve as a deterrent to any threat.
So, as we enter this New Year, take time to reflect on the successes and the setbacks, but also make a resolution to better protect your business. If your business does not have any protections in place, it is highly recommended that you start the process now. If your business does have protections, then it is recommended that you review those in place in light of recent legal developments and seek qualified legal counsel to ensure your protections are adequate.