My last post stressed the importance of planning for protection of intellectual assets, and recommended businesses institute information security procedures and routine training in those procedures to limit the risk of employees inadvertently (or intentionally) disclosing business-critical information and know how to competitors. Unfortunately, too many business leaders mistakenly believe use of a boilerplate confidentiality form equates to intellectual property (IP) security.
Say It, Do It
More than just a document, a strong IP security policy is a proactive, ongoing business discipline that requires energy and diligence to be effective. In fact, if your business ever finds itself in litigation over misappropriation of IP, you may expect a court to look beyond the mere existence of an IP security policy document to ascertain if your company actually “lives” the policy. If IP security policy procedures are not visible and active in the work routines of management and employees, the business’s contractual rights to the subject IP may be at risk of being compromised.
Don’t get me wrong: Capturing the business’s IP security policy in writing is a very important first step. The policy should speak to the identification and handling of all information the business considers trade secrets. The more specific the language in your documented IP security policy is regarding the business’s inventory of intellectual assets, the better for litigation purposes down the road. Intellectual assets may include not only technical secrets, but also sensitive commercial information such as marketing plans and customer lists.
Once you have documented your IP security policy, living” that security policy may be characterized by specific and verifiable management actions with regard to prospective, current, and former employees. More on those in upcoming blog articles.