Layoffs of hybrid, remote workers spur new trade secrets liability risks
As more workers are laid off from their jobs, they may be leaving with sensitive company information putting them, their employers, and maybe even their future ones at legal risk. And in new remote and hybrid working arrangements, the trouble now for both sides is knowing where those documents, screenshots and files are even stored.
“It was always a challenge before but this is a bigger challenge now that everybody’s living digital lives, with huge storage capacities on many devices in many locations,” said Carolyn Luedtke, partner at law firm Munger, Tolles & Olson.
Sensitive company information today might come in the form of a screenshot or iPhone photo taken of a slideshow during a Zoom meeting, or even a Dropbox file or a document sent to a personal email.
“It’s not like the old days were like — you just sat in your office, left behind all your files in your file cabinets and left behind your computer. Now you have people who have been working from their phones, they’ve been working from their tablets, they’ve been working from their personal laptop, they’ve been working from their spouse’s laptops, in all kinds of locations,” Luedtke said.
Staff may be taking information with them nefariously to share online or to try and use in a new role with a competitor, but in most cases they’re taking it with them inadvertently, which employers can sometimes determine through targeted data loss prevention efforts. There is also now the additional risk that employees’ use of generative AI opens up, if they’re unaware that any company information they share on tools like ChatGPT takes it outside the company firewall and makes it available to large language models mining data.
Businesses are increasingly trying to improve their offboarding procedures to ensure staff aren’t taking information with them that they shouldn’t. But the latest wave of tech layoffs could lead to more lawsuits filed against former employees, according to lawyer sources.
Luedtke advises employers on how to properly offboard staff while protecting their sensitive information. The first thing to have staff ask themselves is where they might have information. It might be on an iPhone camera roll, an iCloud account, or even a note-taking app or recording device, to name a few. The best practice for employees to cover their own bases is to then go through and see if they have potentially sensitive information in those places, then tell employers and let them know they are deleting it, she said.
Employers should also ensure they have adequate data loss prevention efforts when issuing mass layoffs and enlist IT departments to watch over that diligently, she said. Such software allows companies to track if people are uploading documents or sending documents out of the company that they aren’t supposed to.
Today more employers are also thoroughly scanning company-issued phones, laptops and other devices when returned upon termination, said Peter Rahbar, an employment attorney at the Rahbar Group. “It used to be that companies would just erase and repurpose them for someone else, and now they will regularly scan the devices to see what was happening when you had it,” Rahbar said.
“They’ll see if you download documents onto your hard drive that maybe you shouldn’t have, they’ll see if you email something to yourself to a personal account, they’ll see if you access a Dropbox or other cloud storage account,” he said.
“A very sophisticated company will scan and audit all of its exiting employees’ devices to see whether there’s any unusual activity there,” he said.
Another way for employers and their staff to minimize legal risk is by having a culture that emphasizes the importance of protecting proprietary information.
“I think sometimes when employees hold on to confidential information that they shouldn’t when they leave, it’s because they’re just not aware, or they don’t realize the potential consequences or how important it is,” said Natalie Pierce, partner at Gunderson Dettmer and chair of the firm’s employment and labor practice.
Employees typically sign a confidentiality agreement as part of their contract when they start stating they can’t share information about their former employer for a set amount of time after their termination. For tech companies in particular, “their IP is like their crown jewel,” and most employment agreements will include clauses around using proprietary information from a former employer in a new role, Pierce said.
“They have no interest because of the potential consequences associated with getting another company’s code or getting another company’s customer list,” she said.