Protecting Company’s Confidential Information and Trade Secrets – Securing Evidence

Protecting Company’s Confidential Information and Trade Secrets – Securing Evidence

Protecting CI and Trade Secrets

A company, ABC Pte Ltd (“ABC”) had invested heavily in its research and development division, hiring top engineers and talents in order to come up with a new product that ABC then launched into the market. A few months after launching the product in the market, one of its main researchers who was heavily involved in the product’s development left ABC.

Shortly after, ABC discovered that a competing company, XYZ Pte Ltd (“XYZ”) was selling a product that was closely similar to its own but at a substantially lower price (the “Competing Product”). Preliminary investigations revealed that the researcher who had left ABC had joined XYZ’s research and development division. This aroused ABC’s suspicion that the researcher had misappropriated research materials and confidential information relating to the development of the product when he had left ABC and used it in XYZ to help them to create the Competing Product. However, there was no evidence to substantiate this allegation.

ABC then sought legal advice to prevent XYZ from unfairly commercialising the product that ABC had so painfully taken steps to develop. We then advised and assisted ABC in the various steps involved in securing evidence required to take legal action against XYZ.

Securing Evidence

While ABC had a suspicion that its ex-employee had misappropriated research materials and confidential information and was now using the same to help XYZ produce the Competing Product, it was not possible to launch immediate legal action to stop either the ex-employee or XYZ without actual evidence of such misappropriation.

Therefore, the first step that we took, as appointed lawyers of ABC, was to identify the various research materials and confidential information relating to the development of the product that existed, and were therefore likely to have been a target of the researcher’s misappropriation. It is noted that conducting such an exercise streamlined the investigation process by allowing us to focus on key sets of data and the systems in which they were held, rather than looking for the proverbial needle in the haystack.

Having created an inventory of the research materials and confidential information, we assisted the company in checking its systems to map the access and use of such research materials and confidential information by the researcher against his / her job scope.

We had also engaged the services of an external digital forensics expert to assist in this investigation process. Such experts can scan the company’s systems for information that may be relevant including:

• Patterns and information on the access and use of the confidential information and trade secrets by the ex-employee, including the types of data that he / she accessed, the dates and times of such access or use, whether any data was printed, downloaded, uploaded or transferred and if so, the location that the data was downloaded, uploaded or transferred to;
• Whether any external devices were connected to the computer and if so, what files or data were transferred or downloaded to such external devices;
• Whether the ex-employee sent any data to external parties or to external servers; and
• Whether there were any communications between the ex-employees and any accomplices. In this regard, companies should check the internal messaging systems and the ex-employees emails. It is noted that in many cases, these areas, which often contain vital information or incriminating evidence, are commonly overlooked.

Through this exercise, we were able to ascertain that in the weeks before the researcher left ABC, he had downloaded a large number of research notes containing the development process of the product, some of which he had no reason to access and was not supposed to have access to, onto a number of thumb-drives and portable hard-disks.

We also found communication logs and emails between the researcher and representatives of XYZ in the data registries and log files of the computer which the researcher had been using during his time as an employee of ABC. These revealed incriminating negotiations between the researcher and representatives of XYZ.

Having garnered enough evidence, we proceeded to represent ABC to commence legal action. With sufficient evidence and specific documents in mind, we were able to satisfy the courts to make an order for specific discovery of XYZ’s research materials relating to the Competing Product, in order to allow for the comparison XYZ’s research materials against that of ABC’s. In this regard, we found a large degree of similarities between the two, with portions of the research materials being identical in a number of instances.

By taking the above steps, we were able to build a strong case based on sufficient evidence to satisfy the court that ABC’s research materials and confidential information had been misappropriated and unfairly exploited.

Lessons Learnt

Below are some of the lessons learnt by ABC to prevent misappropriation of confidential information and trade secrets from re-occurring.

1. Implement a strict segregation of access rights policy. This is to ensure that access to important research materials and confidential information is limited and controlled. For instance, employees access to ABC’s research materials and confidential information should have been limited to a strict “need to know basis”, and even then, accessible only with certain specific credentials and authorisations. Therefore, employees who have no reason to access ABC research materials and confidential information would not be able to do so. In this way, ABC would be able to limit the exposure of its research materials and confidential information from falling into the wrong hands, while maintaining records of each employee who had access to the same.

As a corollary point to the above, ABC was advised to implement a strict bring-your-own-devices protocol, whereby employees were prohibited from bringing and plugging in any personal devices on the company’s computers systems.

2. Establish an inventory of research materials and confidential information. It is essential to establish an inventory of research materials and confidential information and conduct a risk assessment exercise to identify which of these research materials and confidential information are likely to be targeted.

3. Implement a traffic monitoring tool. This tool helps to monitor the flow of data in and out of the company’s system, such as data that is downloaded, uploaded or transferred. This allows for the timely discovery of any irregular behaviour, such as large downloads or transfers of data, and would allow ABC to take pre-emptive measures to intercept or prevent such downloads or transfers in the future.

4. Ensure confidentiality and non-disclosure clauses are present in contracts. Review existing agreements with employees to ensure that important clauses relating to obligations of confidentiality and non-disclosure are present. It is important that such employment agreements contain such clauses so that in the event that employees steal or misuse confidential information, the company would have a contractual remedy against such employees.

5. Implement an exit clearance process. This comprises of two elements. (1) The exit interview which is conducted when ABC’s employees leave the company to remind such persons of their obligations of confidentiality and to verify that such persons has returned, and no longer possesses, any data belonging to the company and (2) the removal of any access rights or credentials that ex-employees had while they still working for the company. This may involve simple steps to remove their accounts, or the changing of passwords on the company system to ensure that ex-employees would not be able to continue to access the company’s systems when they are no longer working there.


 

Lionel TanContributed by:

Lionel Tan
Partner
Advocate & Solicitor, Supreme Court of Singapore
T (65) 6232 0752
E lionel.tan@rajahtann.com
Rajah & Tann Singapore LLP
9 Battery Road, #25-01 Straits Trading Building, S049910


Lionel started out his career in law as a Deputy Public Prosecutor and concurrently held the appointment of Assistant Director of the Computer Information & Systems Department of the Attorney-General’s Chambers. Since joining private practice he has been involved in various high profile commercial and criminal litigation cases and has advised clients on a wide spectrum of commercial and criminal matters.
He has a keen interest in the field of Information Technology Law, with special emphasis on the developing area of litigation practice in the Information Technology arena. He has been involved in cases dealing with Internet defamation, Internet fraud, on-line security breaches, trade secrets and misappropriation of confidential information, telecommunication regulatory issues and software implementation and website development disputes. He advises and represents clients on intellectual property matters relating to trade mark and copyright infringements. He also advises and represents clients on IP matters relating to brand protection, licensing and franchising issues.
Lionel graduated from the University of Hull, United Kingdom in 1992 with a Second Upper degree in Law. He was awarded the Sweet & Maxwell Law Prize for that year. He pursued a postgraduate degree at the University of Oxford and was conferred a Bachelor of Civil Law. He has also completed the Certified IT Project Manager Assessment course conducted by the Institute of System Science.