How to safeguard proprietary data from competitors.HOW TO SAFEGUARD PROPRIETARY DATA FROM COMPETITORS One of the most common and troublesome problems large and small organizations face is protecting proprietary data-such as financial information, customer lists and marketing and expansion plans-from competitors or others with prying pry·ing adj. Insistently or impertinently curious or inquisitive: ignored the prying journalists' questions. pry eyes. August Bequai, JD, LLM LLM abbr. Latin Legum Magister (Master of Laws) LLM Master of Laws [Latin Legum Magister] Noun 1. , is a lawyer in private practice, specializing in industry security law, in McLean, Virginia McLean is an unincorporated community located in Fairfax County in Northern Virginia. A small geographic area along Chain Bridge Road in Arlington County has a 22101 zip code and is also part of McLean. . He lists the steps necessary to ensure data protection. Prevention is the best protection when it comes to safeguarding proprietary data. Although lawyers frequently say patents and copyrights are adequate to prevent a competitor from usurping data, experience proves otherwise. In more than half the cases in which trade-secret lawsuits were filed, the court ruled against the organization or person seeking protection. In fact, 90% of the cases involving patents-which are the most difficult trade-secret protections to get initially-are overturned by the courts. Clearly, an organization should not rely on patents or copyrights alone when seeking data protection. Here are some important advisories for protecting data from unauthorized users. THE DATA * Precise definition. Management often defines proprietary data incorrectly-either by omitting details on the data package itself or in any literature about the data or by failing to provide complete information to those who have access to it. For example, property definitions may be too broad, making ownership claims unenforceable-or too narrow-and therefore useless. * Litmus test litmus test n. A test for chemical acidity or basicity using litmus paper. . At least two criteria have to be met before a proprietary claim is effective. The owner must be able to prove the information is not already generally known and the information is of value. It's not enough that the owner considers the data valuable or not generally known; it must be provable. One way is to be able to show the data give the owner an advantage over competitors. The owner also must prove it used its own labor and resources to develop the data and then treated the information as classified. Defining and limiting access helps establish evidence of confidentiality. * Ownership definition. Management should clearly state its ownership-both on the data and to those with access to it. For example, employees, consultants and customers should be told that the company owns the data and is prepared to enforce its rights. Not all data, however, can be kept secret. A proprietary interest in data supporting an illegal activity, such as restraint of trade restraint of trade Preventing of free competition in business by some action or condition such as price-fixing or the creation of a monopoly. The U.S. has a long-standing policy of maintaining competition among business enterprises through antitrust laws, the best-known of , is not enforceable. EMPLOYEE SECURITY * Screening programs. Because insiders pose the greatest security threat, a screening program should be established for all employees who will handle sensitive data. n Security awareness Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. . Employment policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental should include a statement on data security. This notifies employees that data security is taken seriously. * Noncompete agreements A contract limiting a party from competing with a business after termination of employment or completion of a business sale. Found in some business contracts, noncompete agreements are designed to protect a business owner's investment by restricting potential competition. . Employees should be required to sign noncomplete contracts. Such a contract makes it clear that a departing employee can't take secret information collected on his old job and use it in a new job with a competitor. Agreements should limit, for a set period, the places a departing employee cannot work. However, to hold up in court, the limitations must be reasonable and justified. * Nondisclosure agreements. All employees with access to proprietary data should be required to sign a nondisclosure agreement. Such agreements have both legal and psychological value, especially when used with noncompete agreements. * Nondiscrimination non·dis·crim·i·na·tion n. 1. Absence of discrimination. 2. The practice or policy of refraining from discrimination. non . In applying security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security , management should avoid focusing on individuals or groups solely because of sex, religion or nationality. For example, the U.S. Immigration Reform Immigration reform is the common term used in political discussions regarding changes to immigration policy. In a certain sense, reform can be general enough to include promoted, expanded, or open immigration, but in reality discussions of reform often deal with the aspect of and Control Act of 1986 prohibits asking only foreign workers foreign workers Those who work in a foreign country without initially intending to settle there and without the benefits of citizenship in the host country. Some are recruited to supplement the workforce of a host country for a limited term or to provide skills on a to sign confidentiality agreements. Also, other civil rights laws bar discrimination against other groups of employees. OTHER DEFENSES * Security upgrades. Management should periodically review and upgrade its data security programs, identifying and addressing weaknesses as soon as possible. * Monitoring competitors. At the first sign a competitor is using a company's data, the violated company should notify the transgressor of impending im·pend intr.v. im·pend·ed, im·pend·ing, im·pends 1. To be about to occur: Her retirement is impending. 2. action. Wise companies have reputations for enforcing their rights; such vigilance VIGILANCE. Proper attention in proper time. 2. The law requires a man who has a claim to enforce it in proper time, while the adverse party has it in his power to defend himself; and if by his neglect to do so, he cannot afterwards establish such claim, the usually forestalls violations. * Security-violation documentation. As a matter of policy, management should document any breach of data security. The time, date, location, data type and suspect's name should be recorded. Such documentation will be valuable in both disciplinary action and criminal or civil prosecution. LEGAL LIMITATIONS * Lawful Licit; legally warranted or authorized. The terms lawful and legal differ in that the former contemplates the substance of law, whereas the latter alludes to the form of law. A lawful act is authorized, sanctioned, or not forbidden by law. measures. Safeguard methods should conform with federal, state and local laws. For example, some states regulate screening techniques such as honesty tests and lie-detector examinations. If an organization is a federal contractor, it must be sure its security programs are in accord with applicable laws. * Transborder considerations. If a company transmits its data outside the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , management must be alert to the receiving country's transborder trade-secret laws. For example, the United Kingdom has stringent data registration laws, and France and Belgium limit access to data stored in those nations. While these steps are helpful, all these efforts can come to naught if an organization fails to maintain vigilance in guarding its data. EXECUTIVE SUMMARY * ORGANIZATIONS should not rely on legal techniques alone when seeking data protection. TO QUALIFY for protection, owners of data must be able to prove the information is not common knowledge and is of v * MANAGEMENT should make clear statements that its data are proprietary. Allusions to ownership are not enough. * BECAUSE insiders pose the greatest security threat, employee policies, including statements on data security, noncompete agreements and nondisclosure agreements, are essential. DEFENSIVE measures, such as security upgrades, monitoring competitors and security-violation documentation, also deter violations. * MANAGEMENT should be aware of federal, state and local legal limitations of using safeguards such as lie-detector tests. International regulations also may differ from those of the United States. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion