Trade secret protection in corporations: best practices

FILE PHOTO: Small toy figures are seen in front of displayed Pfizer logo in this illustration taken, June 24, 2021. REUTERS/Dado Ruvic/Illustration/

April 8, 2022 - Trade secrets are becoming increasingly valuable and integral to maintaining a company's success, but companies are often unaware of the legal, administrative, and technical tools they can use to protect this information. This knowledge gap is especially pronounced in the context of employee departures and moves to competitors. While a common occurrence in most industries, an employee's departure can put a former employer's trade secrets — and competitive advantage — at the most risk.

A recent lawsuit in the U.S. District Court of the Southern District of California highlights this danger, as well as the tools companies can use to give themselves notice. In Pfizer v. Li, No. 21-cv-1980, complaint filed (S.D. Cal. Nov. 23, 2021), pharmaceutical company Pfizer, Inc. sued a soon-to-be former employee for misappropriation of trade secrets, breach of contract, and trespass to chattel (essentially, intentional interference with enjoyment of personal property).

Pfizer alleges that its employee, Ms. Li, uploaded more than 12,000 files, several of which contained confidential information pertaining to vaccine study analysis, operational goals, development of new drugs, and clinical trial techniques. She allegedly transferred and then deleted files she previously saved on her Google Drive account in preparation for taking a job with a competitor.

Once discovered, Pfizer confronted Li, only to have her attempt to cover her tracks by providing Pfizer with a decoy laptop. Eventually, Pfizer filed suit against Li and requested a temporary restraining order to prevent any further disclosure. Pfizer agreed to drop the suit after the parties reached a deal allowing Pfizer's counsel to search Li's personal emails, Google drive accounts, and all other personal computing devices or accounts that could contain confidential information or trade secrets.

This case highlights the need for companies to implement effective legal, administrative, and technological measures to protect confidential information and trade secrets.

Here, Pfizer's employment agreement obligated Li to not to disclose or use any confidential information other than in her employment without Pfizer's written permission, and return all Pfizer property and material in her possession within 48 hours of her termination.

From an administrative perspective, a comprehensive policy and set of procedures for the protection of trade secrets and confidential information is critical. First, companies should have a practice of protecting their trade secrets through executing and enforcing effective confidentiality agreements. Subject to state law and the federal Defend Trade Secrets Act, 18 U.S.C.A. § 1836, employers may create confidentiality obligations through standalone agreements or as a part of an employment agreement.

In these agreements, a company may define what it considers confidential and trade secret information, details the employee's use and disclosure restrictions, and outlines the continuing obligations after the employment relationship is over. Similarly, non-competition and non-solicitation agreements can work to prohibit employees from interfering with co-workers, clients, or vendors who may possess or represent trade secret information.

Although not reflected in the Pfizer complaint, administrative procedures ideally are in place to educate employees, not only to emphasize the legal obligations placed upon them, but also to clarify, in advance of any issue, the breadth of such obligations.

For example, an employee downloading a spreadsheet or report they created while on the job may not want the employer's confidential data in the document, but rather the format of the document, believing it to be generic knowledge. We have seen employees claim ignorance as to the distinction between an employer's trade secrets and generic knowledge gained on the job.

Training as to the scope of employer confidential information and trade secrets may avoid good faith misunderstandings and, in any event, strengthen an employer's claim as to having adequately protected its trade secrets — a legal requirement.

Companies should also maintain comprehensive trade secret and confidentiality processes and policies, as may be reflected in employee handbooks. These processes and policies can provide valuable training, identify categories of relevant, protected information, define obligations of employees, set appropriate levels of access across particular employee groups, and generally establish company protocols for maintaining confidentiality, including when employees depart.

It's also important for companies to communicate to employees at all levels their responsibilities when it comes to trade secrets. While training may be in place in connection with new hires, many existing personnel may not be educated on the company's current confidentiality and trade secret policies and may need to be trained. They should have policies in place that, where appropriate, physically and technologically restrict employee access to trade secret materials during their employment.

Upon an employee's departure, employers should consider routine, documented exit interviews during which the surrender of all documents and files is requested — a requirement often found in employee agreements — and providing the employee with a copy of her employment agreement or other confidentiality obligations.

One effective way to protect trade secrets is to use technological controls to prevent misappropriation before it occurs or at least flag it quickly so remedial action may be taken. The Pfizer complaint provides some insight into some technological measures employers should contemplate implementing. Prior to this incident, Pfizer had already disabled USB access on its devices to prevent unauthorized file downloads. The company discovered Li's file transfer after it implemented technology to monitor employee upload of files from Pfizer devices and directories to cloud-based platforms like Google Drive.

Of course, there are numerous other technological measures and safeguards that employers should contemplate. Some examples include: restriction of off-site access, use of sufficient encryption, employee computer activity monitoring software, and automatic shutoff of employee access upon departure.

In Pfizer's case, it had several technological tools in place, without which it may not have discovered Li's misappropriation until it was too late. Its existing USB access rules made misappropriating trade secret information more difficult, while its upload surveillance allowed it to monitor suspicious transfers such as Li's. A company without such foresight could find itself at risk of losing its competitive edge.

While prevention is key, companies should also have a detailed strategy for approaching an employee when they suspect misappropriation. Companies should have a predetermined plan or guidelines for dealing with potential employee misappropriation, including for making a determination as to when an investigation justifies filing a legal action. Having the necessary controls in place to quickly provide evidence of misappropriation is also beneficial in obtaining a tailored remedy, such as a temporary restraining order or preliminary injunction.

The plan should include steps for limiting the spread of confidential information and for contacting entities and individuals to whom disclosure was made. Though less commonly thought of, where a departing employee is planning to join a competitor, companies also have the option of reaching out to the competitor once they're armed with the knowledge gained from their internal controls. They should always be careful, however, to protect themselves from potential counterclaims.

In short, if not already in place, legal departments should strongly consider putting in place a comprehensive trade secret policy or bolster existing policy. A comprehensive, complimentary set of legal obligations (agreements), processes and policies, and technical tools is key to companies' protecting trade secrets and maintaining their competitive advantage.

Such measures are particularly important with a remote workforce such as during the pandemic. Furthermore, the concern for loss of trade secrets should translate into a concern for the potential inadvertent receipt of a competitor's trade secrets. Companies should consider similar legal, administrative and technological measures as applied to new hires and consultants, especially those who have worked for competitors.

Opinions expressed are those of the author. They do not reflect the views of Reuters News, which, under the Trust Principles, is committed to integrity, independence, and freedom from bias. Westlaw Today is owned by Thomson Reuters and operates independently of Reuters News.

Ian DiBernardo is a New York-based partner at Brown Rudnick LLP and chair of the firm's intellectual property litigation practice group. He is also practice group leader of the firm's U.S. technology group. He counsels emerging and established companies, focusing on intellectual property and technology transactions and litigation. He has handled matters involving functional ingredients, nutraceuticals, protein bars and supplements. He can be reached at

Jason Sobel is a New York partner in Brown Rudnick LLP's intellectual property and technology practice group. He provides counsel to clients in a wide range of industries, including extensively in the food science and ingredients industry, developing IP portfolios, negotiating business transactions and shepherding clients through complex, multiparty, bet-the-company litigation. He can be reached at

Marcus Strong is a New York-based associate at Brown Rudnick LLP focusing on litigation. He can be reached at