Last month, I wrote a post in which I shared an expert’s advice on how employers can minimize the risk of losing intellectual property when they lose an employee. But what if the tables are turned, and your company is the one doing the poaching? How can it minimize the risk of straying into the realm of corporate espionage or trade secret theft?
Fortunately, that expert, James Pooley, has addressed the latter issue, as well. An information security consultant and former Silicon Valley trial lawyer, Pooley is the author of “Secrets: Managing Information Assets in the Age of Cyberespionage.” Here is his advice on how employers can stay on the right side of the law when hiring key employees away from the competition:
Understand what's legal for you to know, and what's not. The law protects only trade secrets, not employee skill or general knowledge—but what's the difference? The skill a worker acquires practicing her craft over time is hers to keep and is your company's to enjoy after you've hired her away from the competition. The same thing may also apply to techniques and information she has learned over the course of her employment. However, if any of those techniques or pieces of information give her employer a competitive advantage, are not generally known, and are safeguarded to a reasonable degree by the company, they are likely to be considered trade secrets. If that explanation sounds confusing or open to interpretation, that's because it is. Trade secrets can range from unique processes for creating goods—such as the legendary Coca-Cola formula—to seemingly inconsequential details, such as a key client's favorite wine. There simply is no hard-and-fast distinction between these types of assets. However, if a piece of information—no matter how minute—is privately held and gives a particular company an edge over the competition, chances are the law will treat it as a trade secret—and will prohibit you and your newly poached hire from using it.
Tread carefully in the recruitment phase. You can start mitigating the risk of information contamination when your company is still in the recruitment phase. Ideally, all job announcements will express qualifications in generic terms, avoiding anything that could be interpreted as trolling for a source of competitive data. Be especially careful in this area if you're targeting a particular individual or group. Don't let down your guard once you have desirable candidates on the hook. The pre-employment interview can be an especially fraught situation. Those who participate in the process should be trained, or at least well informed. They should be guided by a checklist that allows them to find out only what they need in order to assess the candidate's general knowledge and skill set (which, once again, is the part of their experience that applicants are entitled to take with them). Make it clear to candidates at the outset that you don't want them to reveal sensitive information of any kind, and explain why.
Reaffirm your commitment to remaining "clean" during on-boarding. During new employee orientation, reinforce your company's culture of respect for others' information rights. As with the pre-employment interview, your goal is to impress on new employees how important it is to come into the new position "clean," and to point out that there is no advantage—and considerable risk—in trying to prove themselves by bringing with them the work they did before. In my experience, there are some types of new hires for whom this sort of fresh start is particularly difficult. Consider software engineers, for example. Many of them tend to view their prior work as belonging to them instead of their former employers, and they often feel attached to it as a reference source. In this situation, use the on-boarding process to affirm your confidence in the new employee's ability to get the job done only with the skill and general knowledge that he has accumulated during his career. Go carefully through the various forms and contracts that have to be signed, and make sure that the new hire knows where to get answers or address any concerns about information security.
Train current employees to recognize off-limits information. Despite your best efforts, a new hire might inadvertently share sensitive data about a previous employer. It's important that all of your employees (not just supervisors and hiring managers) know how to recognize off-limits information. Set aside time for companywide training on what constitutes a trade secret, and be sure to provide examples of acceptable and unacceptable conversations regarding “how we did things at my previous company.” Give specific instructions on what to do if an employee thinks she may have been exposed to secret information. And perhaps most important, provide information and encouragement about where to go if employees have questions or are concerned about an ethically ambiguous situation.
Have a decontamination plan in place. It's much better to be prepared than to be sorry, so assume that despite your best efforts, you'll encounter information infection from new hires. Know how to proceed if and when this happens. Your first goal should be to understand the facts: what information was received, when and how it entered, to what extent it has spread through the organization or its systems, and whether or how it has been used. Unless the issue seems trivial—for example, it's information of minor importance, possibly publicly available, and exposed to only one person—immediately involve legal counsel to help decide what to do next, and to provide a privilege against disclosure of your internal communications. Assuming that any unwanted infection you suffer was truly an accident or the result of a rogue employee's misconduct, then your challenge will be to combine risk management with ethical behavior. Happily, they usually align. Voluntary disclosure to the information's owner is often appreciated, with no greater consequence than cooperating on a plan for containment. Naturally, if the damage has been more extensive, there is more risk that litigation will result. But by keeping the situation secret from the victim, you will increase the risk of serious consequences if the facts surface. So the ethical choice is also the smarter choice.
A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.