All it takes are the acts of one rogue employee for the federal government to open a criminal investigation of the company. In the intellectual property arena, companies have found themselves to be the subject of a federal investigation, for example, by hiring employees from a competitor and who bring with them to their new company the trade secrets and other confidential information from their old company. Avoiding exposure to liability for criminal theft of trade secrets under the Economic Espionage Act requires that businesses take a close look at all their procedures involving confidential information. Standards of contracting authority and rules for entering into nondisclosure agreements should be reviewed to control the process of assuming, tracking, and enforcing confidentiality obligations to third parties. Hiring practices should be reviewed to avoid hiring tainted employees and consultants and to emphasize respect for intellectual property rights as part of a company’s training program. Perhaps most importantly, a company must examine its business relationships to determine the procedures and behaviors of those who may create vicarious liability under the EEA.
The most important feature of any strategy for avoiding or mitigating exposure under the EEA, or any federal criminal statute for that matter, is a “compliance plan.” Indeed, the Federal Sentencing Guidelines provide that an “organization” can reduce its culpability by establishing and maintaining an effective program to prevent and detect violations of the law. Moreover, a good compliance plan can also aid in convincing a United States Attorney’s Office that prosecution of the corporation is not warranted because the corporation itself was victimized by a “rogue” employee.
The primary goal of a compliance plan is to prevent unauthorized secrets from becoming part of the company’s knowledge base. Because a good compliance plan will by definition raise the level of awareness within the organization about the importance of intellectual property, it will also lead to the increase in protection of a company’s own intellectual property. Since the loss or disclosure of most corporate trade secrets is is often caused by accident or negligence, a compliance plan can be an extremely effective and cost-efficient way to safeguard a company’s own confidential information.
Other general goals of a compliance plan include increasing the likelihood of early discovery and avoiding liability in civil litigation. Civil lawsuits for trade secret misappropriation are on the increase, especially in technology-related industries. Just as in the criminal context, the implementation of a compliance plan is not a shield against all civil lawsuits, however, it does reduce their likelihood and potential liability.
According to the Federal Sentencing Guidelines, a compliance plan should include the following nine elements:
1. Standards and procedures to be followed by all the employees of the corporation.
2. Oversight of the plan by a high level executive of the company.
3. Due care in delegation of authority. The plan must not give discretionary authority to individuals when the organization knew or should have known through due diligence to have a propensity to engage in illegal activities.
4. Communication and training. The plan must include steps to communicate standards through employee training programs.
5. Monitoring and auditing. The plan must include steps to monitor procedure to supervise the company’s operations to assure that violations are likely to be detected and reported within the organization.
6. Discipline. The plan’s standards must be consistently enforced through appropriate discretionary mechanisms including as appropriate, discipline of individuals responsible for the failure to detect an offense.
7. Reporting. After a violation has been detected, the organization must take all reasonable steps to respond appropriately to the offense and to prevent further similar offenses.
8. Custom Design. The sentencing guidelines also stress that the compliance plan must be tailored to fit the individual characteristics of the company.
9. Certifications. Upon joining and leaving the company, employees should be made to sign appropriate certifications regarding the use and disclosure of trade secrets.
My book, Intellectual Property & Computer Crimes (Law Journal Press 2003), contains a detailed description of the elements of a compliance program.