PUBLICATIONS

Your Business May Be Exposed if You Rely Too Heavily on Noncompetes

For decades, employers relied heavily on noncompetes to protect their proprietary data, client lists, and specialized processes. That era may be coming to an end.

Across the country, the legal and regulatory trend is increasingly aligned against noncompetes. Leaning into this shifting climate, the Federal Trade Commission (FTC) proposed a nationwide noncompete ban in 2023. While it did not go into effect, the underlying trend that led to the FTC rule has continued. Federal regulators and state legislatures are cracking down on noncompetes.

For example, New York came close to adopting one of the country’s broadest noncompete bans. In 2023, the state legislature passed a bill that would have prohibited noncompete agreements for virtually all workers, but the Governor vetoed it. Even so, the episode illustrates how much pressure lawmakers are facing to restrict noncompetes. At the local level, New York City has floated its own restrictions, including bills that would either ban noncompetes or limit them for certain groups, such as low-wage employees and freelance workers. Those proposals were preliminary, but they reflect a greater legislative skepticism towards noncompete agreements.

New York is only one example. Since 2020, a majority of states have imposed new or stricter limits on noncompete agreements.   

In addition, the rise of remote and hybrid work has turned even small businesses into multi-state employers. A startup may be based in Florida, but if the company has employees working remotely from New York or California, for example, those states’ laws may apply to limit or even bar a noncompete.

Although the unrestricted use of noncompetes is still permissible in some states, the majority now either limit their use (often through wage restrictions), or ban them outright, except in limited circumstances, such as the sale of a business. The wage restriction approach, which requires employees subject to a noncompete to earn a minimum salary, can be especially problematic for businesses where low-level employees are the ones interacting and developing relationships with customers.

For all of these reasons, employers should consider pivoting away from heavy reliance on noncompetes, and towards state and federal trade secret laws to protect their most commercially valuable information.

Trade Secret Laws: An Additional Way to Protect Your Business’s Commercially Valuable Confidential Information.

Simply put, a trade secret is confidential information that a business treats as a secret, and that is commercially valuable, at least in part, because it is not known by, or readily available to, competitors. Or, stated another way, it is confidential information that gives a business a competitive edge. For example, a confidential customer list might be a trade secret. Even if some of the information in the customer list is publicly available, the list may still qualify for trade secret protection.

The federal Defend Trade Secrets Act (DTSA) and corresponding state laws protect trade secrets by prohibiting their unauthorized acquisition, use, or disclosure, collectively known as “misappropriation.” Under these laws, employers can obtain court orders (injunctions) to prevent or stop the misuse or disclosure of their confidential information. In extraordinary circumstances, the DTSA even allows courts to order the immediate seizure of property or devices holding stolen trade secrets. Also, if an employer prevails in a trade secret lawsuit and can prove that the employee’s theft was willful and malicious, these laws provide businesses with an avenue to recover their attorneys’ fees.

Unfortunately, many employers do not think about trade secret laws until their confidential information has been stolen and they are working with counsel to evaluate their legal options. By then, however, it is often too late.

Trade Secret Audits Help Businesses Leverage Trade Secret Laws

To claim trade secret protection, it is not enough for an employer to argue that the trade secret is valuable or not generally known. An employer must also prove that it took “reasonable measures” to keep the information secret. A trade secret audit helps employers do precisely that by: (i) identifying what information is worth protecting; (ii) examining whether the company is taking reasonable measures to preserve secrecy; and (iii) recommending fixes before a dispute arises.  

Broadly speaking, a trade secret audit follows a four-step process:[1]

• Step 1: Identify and Categorize Valuable, Confidential Information. An employer cannot adequately protect what it has not identified. Therefore, the first step in a trade secret audit is to identify the business’s high-value confidential information. Examples may include:
  • Proprietary pricing models and profit margin information;
  • Unpublished marketing and business strategies and plans; and
  • Customer lists containing specific buying histories and preferences.
• Step 2: Determine Where Trade Secrets Are Stored, Examine How They Are Shared and Used, and Identify Vulnerabilities. Once a company has identified its trade secrets, it should examine how they move through the business to identify security gaps. For example, employers should:
  • Understand how trade secrets are created and identify where they are stored, who they are sent to, and how they are used;    
  • Consider how the company shares trade secret information with vendors, consultants, customers, and business partners;
  • Determine which categories of employees have access to trade secrets;
  • Verify whether trade secrets are stored securely; and
  • Examine whether employees are permitted to download trade secrets onto, or to access trade secrets from, personal electronic devices.
• Step 3: Review Contracts and Policies. Next, employers should review their confidentiality agreements and policies to ensure they are effective at protecting the trade secrets identified in step 1 (above). To that end, employers should consider the following:
  • Are confidentiality agreements tailored, or are they so overbroad that a court may decline to enforce them as so-called “stealth noncompetes”?
  • Do confidentiality agreements and/or handbook policies contain DTSA immunity language, which is required for employers to claim double damages and attorneys’ fees?
  • Do confidentiality agreements and policies clearly define protected information and limit use and disclosure?
  • Do independent contractor and other vendor agreements contain confidentiality restrictions?
• Step 4: Evaluate Access Controls; Implement Electronic and Physical Barriers. Employers should consider implementing some of the “reasonable measures” of protection that courts consider when hearing trade secret disputes. Where gaps exist, employers should modify their practices and procedures accordingly. Some examples of “reasonable measures” may include: 
  • Explaining confidentiality obligations to employees at the time of hire, and training them on an annual basis regarding the company’s policies and procedures to protect trade secrets;
  • Adopting physical safeguards such as badge access, locked offices, locked filing cabinets, and clean-desk practices;
  • Implementing technological safeguards, such as multifactor authentication, data encryption, access permissions, endpoint controls, audit logs, backup protections, and the deployment of software that prevents downloading, printing, and emailing sensitive documents;
  • For employers that use cloud-based third-party providers to store trade secrets, confirming that all appropriate security features have been enabled;
  • Ensuring that the only employees who can access trade secrets are those who must use the trade secrets to perform their job duties;
  • Providing employees with company-controlled electronic devices and prohibiting employees from accessing trade secrets from personal devices;
  • Implementing special disposal protocols;
  • Establishing termination procedures to revoke digital access the moment an employee resigns or is terminated, to ensure that all trade secret information (whether hardcopy or electronic) has been returned, and to remind departing employees of their continuing confidentiality obligations; 
  • Developing a plan that can be activated immediately in case of suspected misappropriation.