How to prevent IP theft amid current job layoffs

Nobody wants to lay off workers during a pandemic, but if you must, you must also make sure your IP is protected. Espie Angelica A. de Leon explains.
As the world wages its battle against the novel coronavirus Covid-19, it also continues to feel its terrible effects.

Aside from isolation, illness and death, job layoffs are also commonplace. From office employees to factory workers, countless individuals have suffered from these job cuts.

Things don’t always end when the employee makes his exit. The departure could turn ugly for many different reasons, including because it may lead to intellectual property theft. Acts of stealing may range from deleting files to sabotage and outright copying of data and documents to satisfy a departing employee’s vested interests. This is especially so if the employee harbours ill will toward his employer or is desperate to land a new job under the circumstances of a pandemic. Worse, he might use his loot in his new job, particularly if the employer is in the same industry as his old employer.

“My experience is that IP theft is not uncommon following termination of employment, especially for more senior positions,” said Andrea Fong,a partner and head of IP at Wilkinson & Grist in Hong Kong.

“The risk of IP theft following a layoff is particularly prevalent and frequently occurs,” said Risti Wulansari, a partner at K&K Advocates in Jakarta. “[These are] mostly IP assets in the form of confidential corporate data and other corporate IP such as patented technologies, trade secrets, marketing materials and customer information where the former employee usually tends to use them in their new jobs.”

Trade secrets can include customer and supplier lists, pricing methods, cost information, secret recipes and formulas to any process or technology and trade know-how.

“Know-how is a kind of IP that can be acquired by an employee through work and thus could become part of the employee’s own expertise or property,” said Fong. “It may be difficult to clearly define as to what can be used without consent post termination of employment.”

“I have not differentiated between layoff and proper termination of employment since I do not consider there to be much difference in the present context,” she explained. “Whilst a layoff may generate hostility, a proper termination may give more time for the ex-employee to plan the theft.”

According to some lawyers, trade secrets are the ones mostly stolen by former employees, whether wilfully or not, based on their experiences with clients.

Unfortunately, IP theft cuts across industries and sectors, making every company vulnerable. It has also become easier to commit with the world becoming more and more digital.

To prevent IP theft, business owners should implement the following measures:

Prepare well-drafted and enforceable contractual terms for the periods covering employment and post-employment. These include contracts and agreements made between employers and independent contractors as well as consultants.

“In my experience with clients, global companies and a number of big local firms have their employee-employer contracts/agreements contain adequate IP policies to help prevent IP theft by the employees. But, a lot of companies are not or are insufficiently interested in such IPRissues, and accordingly, neither care about IPR protection nor include IP policies in their employee-employer contracts or agreements,” saidNguyen Thi Hong Anh, head of IP and technology at Indochine Counsel in Ho Chi Minh City.

Fong said that the companies which own more IPs indeed have better drafted agreements in general in terms of IP protection. Yet, something may still be lacking.

“Even so, most clauses are quite standard and may be more focused on non-competition and restrictive covenants in terms of solicitation of customers and staff,” Fong said. “In most cases, improvements are needed on the definition of IP and/or confidential information which is fundamental to the scope of the protection as well as the employee’s post-termination obligations including declaration of compliance.”

Joyce A. Tan, managing director of Joyce A. Tan & Partners in Singapore, agrees.
“It is a wide range of IP policies that we see in employment contracts, from those which do not even address the matter at all to those that are prescriptive to a granular detail. There are employers who are highly sensitized to the issue and reflect this in their IP policies and those who are much less clued in and happy to settle for a general statement, simply providing an acknowledgement of the employer’s IP ownership,” Tan said. “That said, the actual incidence of IP theft by employees, may not necessarily be determined solely by the state of articulation or documentation of IP policies, but by a host of other factors as well.”

According to Tan, IP issues that should be addressed in a contract or agreement depends on many factors. These include the business of the employer; the kind of IP it owns, uses, licenses, develops and has access to; the significance of IP in the business; the IP it relies on for the generation of which proportion of its revenue, and others.

An employment contract or agreement should contain and address the following:
  • The rights to IP developed during and after employment and during personal time; what is owned by the employer and what is not.
  • A confidentiality clause and required practices for handling and protecting confidential information and IP.
“This clause should require employees to use proprietary information for work purposes only and not to disclose such information to third parties except when necessary and authorized by someone with authority to permit such disclosure,” said Wulansari. “This clause should survive termination of employment.”
She added that the contract or agreement should also state the scope of confidential information and its definition.
  • Agreements for transfer and assignment of IPRs for works or developments created by the employee during the period of employment;
  • The use of third-party IP;
  • The mixing of IP from different sources or origins;
  • The demarcation between IP policies generally applicable to all employees, or a class of employees, and those that apply to a specific employee with a particular role;
  • Documentation on record keeping of activities involving IP;
  • Culture of innovation such as KPIs in connection with an employee’s innovative contributions and rewards tied to the achievement of these KPIs;
  • IP incident handling such as that in relation to allegation of infringement or unauthorized use of IP of employer or third party;
  • Liability management of risks involving IP; and
  • Updates and amendment of IP policies.

Implement professional and well-thought-out employee exit procedures. Require employees to surrender all files, records or information of any sort with regard to the confidential information prior to exit. There should be standard exit checklists and processes for going through, and accounting for, inventory of company property issued to the employee upon hiring.

Most employees will comply with exit procedures that are legal and professionally executed. Job layoffs accompanied by antagonism will cause ill will and thus might make a departing employee uncooperative.

This scenario could spiral into sabotage, misappropriation and theft. Employers should always remember that employees are human beings. They should be treated with dignity and respect. Sure, the employer can take an erring former employee to court later on if theft is committed. But had the employee been given that gentle touch early on, the risks would have at least been minimized.

“In the case of layoffs, a company can surely control the employee’s access to confidential information after breaking the news which could eliminate such information being stolen,” said Fong.

Implement procedures to ensure data storage security and proper authentication for accessing IP assets. Where possible, confidential files should be encrypted “at rest” and not just in transmission and preferably using dynamic passwords such as token-based 2-factor authentication solutions.

Establish sound employee policies, IT policies, authorization policies and other governance tools to enable a strong legal foundation with which to address an issue when it arises.

Educate employees about IP security to make them aware that stealing their company’s IP assets is unlawful.

Strengthen protection of confidential information in the course of business.

Seek adequate protection of IP rights wherever possible.

Tan said that these policies may also be included in general employee handbooks, specific IP policy documents, ad hoc communication or documentation, among others.

These measures will be helpful especially at this time when companies around the globe are cash strapped and many aren’t hiring, causing laid off workers to be desperate to land a new job.

Obviously, many of these preventive measures need to be set up in advance, long before a layoff or termination is implemented. The more serious cases of theft are normally hatched way before they are committed. Thus, it is important for business owners to consider and rethink their IP strategies early on.

Besides, it isn’t only the disgruntled employee who has been laid off or terminated who is prone to commit IP theft.

“A current employee is sometimes the bad actor who is involved in corporate IP theft as well,” said Wulansari, citing a data theft case involving an employee of an Indonesian state-owned telecommunication company. The employee, who worked at the firm’s customer service department, stole customer data and uploaded it to Twitter.

“Honestly, I don’t see IP theft being more prevalent during the present pandemic due to the layoffs,” said Fong. “I think a company should always be well prepared in protecting its IP rights.”

After all, as mentioned, any IP asset may be stolen and any business in whatever industry may fall prey to IP theft. Especially in this age of digital technology when a would-be perpetrator only needs a few devices such as a thumb drive and a micro SD card. The idea of a hostile employee sneaking into a room, browsing through the files and stealing some confidential documents or paraphernalia when nobody’s looking? Those days are long gone.

Nguyen Thi Hong Anh

Related Articles

Special Alert | Decree 52: A Game Changer in Non-cash Payments

Special Alert | Strengthening Cyber Governance: Vietnam to develop its Draft Decree on Cybersecurity and Data Protection Administrative Violations Sanctions

Enforcement amid digital piracy and organized crime in Vietnam

Special Alert | Thrive in Change: Vietnam's New Land Law Opens Doors for Developers

Special Alert | Key Updates on the Implementation Plan for the Vietnam National Power Development Plan VIII

Contact Us | Legal Notice | Site Map | © 2006 – 2023 Indochine Counsel. All Rights Reserved.