Laura Fitzpatrick and Rebecca Ablett share how best to protect your IP and confidential information.

1. Identify and keep track of your IP and confidential information.  As a business, you should know where your IP and confidential information is located (whether this is in electronic or physical form).   We recommend that you conduct an audit and compile an IP and confidential information register.  This register should be accessible by designated people within your workforce and should be reviewed and updated on a regular basis.

2. Safeguard and restrict access to confidential information.  Ensure your IT system has suitable divisions in it, so that information is available on a need-to-know basis only. We recommend that you clearly mark all confidential information as being so and more sensitive confidential information should be password protected.  Consider binding those with access to confidential information with appropriate, specific non-disclosure agreements.

3. Ensure that internal IT security protocols are adequate and necessary encryption and access controls are in place – particularly on devices which can be taken outside the workplace.

4. Review existing confidentiality procedures and policies to ensure they are adequate (whether these are contained within your employee handbook or otherwise).  This is particularly important in amidst the Covid-19 pandemic with a significant proportion of companies’ employees now working from home.

5. Educate your workforce about IP, how it can be protected and the consequences if it is compromised (whether intentionally or unintentionally):
   • Provide regular training (from both internal and external sources) and ensure this is part of your new start induction process;
   • Provide a letter to all new starts informing them that they are instructed not to bring with them any material which may contain IP from any third party including former employers;
   • Ensure IP protection policies, such as confidential information and IT security, are in place and regularly updated;
   • Monitor and document compliance with internal IP protection policies including whether or not employees can send documents to personal email addresses to work when out of the office;
   • Enforce policies in the event of non-compliance (and ensure that your workforce are aware of enforcement options); and
   • Use signs around the workplace to inform staff of the rules and policies in place.

6. Ensure employment contracts contain robust provisions in relation to IP and confidentiality both during the course of employment and post-termination.  Where an employee is particularly senior or has access to IP and confidential information as part of their role, we recommend that you properly consider the extent to which the applicable clauses in your employment contracts need to be tailored.

7. Ensure employment contracts transfer ownership of IP created in the course of employment is to employers and job descriptions of employees who are involved in the creation of IP are up to date and reflect that it is part of their normal duties.

8. Confirm IP and confidential information has not been removed by asking all departing employees to sign a letter acknowledging that they have not removed any material containing the company’s IP and/or confidential information during the course of their employment.

9. Be alert to the possibility of registering your IP as soon as practicably possible.

10. Review confidentiality clauses in contracts with third parties (including contractors, customers and suppliers) and track the flow of confidential information to (and from) third parties, including customers and suppliers.

Related News, Insights & Events