Now that a federal judge has blocked the Federal Trade Commission from implementing its noncompete rule, employers no longer face a Sept. 4 compliance deadline. But Ryan v. FTC is still subject to appeal and may reach the US Supreme Court. Future FTC action is unknown and a patchwork of state laws still raises questions about heavy reliance on noncompetes.
All this should prompt businesses across industry sectors to start evaluating their existing plans to protect competitive and confidential information.
Audits are a crucial first step to ensure maximum security of trade secrets and confidential information. Once a company gathers that information, it needs to ask: If the FTC’s noncompete ban takes effect, is our business adequately protected from unauthorized access, misappropriation, and misuse of valuable confidential information?
Any answer other than an unqualified “yes” means the company needs to improve protections. Successful companies will take a multidisciplinary approach to legally protecting confidential information.
A combination of policies, training, security controls, and agreements can be effective, but the most protective approach will consider these tools as part of an overall program designed to create a culture of confidentiality, security, and compliance.
A next-generation plan should include coordinated feedback from multiple organizational groups and should involve legal counsel to ensure, to the extent available, that the deliberative process is protected by attorney-client privilege. Any such effort should include a combination of the following, depending on the company’s individual business structure and need:
- Business and finance personnel familiar with the competitive nature of business information and how it’s treated in the industry
- Information technology and security to discuss the systems and processes in place or that could be deployed
- Human resources to cover any employee training, policies, or agreements in place or that should be revisited
Each perspective—legal, business, finance, security, and human resources—provides a critical lens to view these issues.
After an audit, those constituencies should come together to develop a legal and reasonable plan to protect competitively sensitive confidential information. Areas to address depend on the company’s nature, scope, and offerings, the particular business environment, industry norms, and available technology and resources. Key topics include:
Categories of protectible information. What confidential information does the company own and what is the most important category that the business depends on?
Operational and human resource policies. Do existing policies accurately address operational and business needs while sufficiently protecting varying categories of confidential information? This should include all applicable policies, including systems and property access, personal use of company systems and devices, use of personal devices, and social media policies. Are policies in line with other applicable laws, such as National Labor Relations Act requirements?
Cybersecurity policies. Do physical and logical security protocols and processes adequately address the varying categories of confidential information, or is there room for improvement with redesign or additional tools? Where are the most substantial threats of exfiltration for this information? Has the company reasonably limited access of competitively sensitive information to those employees who need it for their essential job functions?
Training implementation and execution. Are employees trained sufficiently about the value of confidential information? Does training accurately and adequately express to employees (particularly supervisors) why confidential information and trade secrets are critical to the company?
Nondisclosure agreements. Do nondisclosure agreements comply with applicable law and sufficiently cover competitively sensitive information, both with employees and other parties necessary to the business, such as vendors and customers? These agreements reinforce and acknowledge the employer’s confidentiality and security policies but also create a legal framework to protect data and ideas from being shared or disclosed to third parties. It is therefore critical for companies to consult with counsel to ensure their agreements are enforceable under the state law most likely to be applied in a dispute.
Non-solicitation agreements. Has the company created and enforced reasonable non-solicitation agreements that are compliant with applicable law, don’t overly burden employee mobility, and protect relationships essential to the company’s business? If you aren’t using these types of agreements, now is the time to consult with counsel about implementing them. If you have such agreements in place, review them with counsel to ensure they’re enforceable and, like nondisclosure agreements, comply with applicable state law.
On-boarding and off-boarding protocols. Does the company have a policy and protocol for incoming and exiting employees designed to protect confidential information? Discussion of these policies likely will raise operational issues, such as creating redundancies to ensure no customer, system, or project is solely addressed by one employee.
Interactions with labor competitors. What interactions does the company have with competitors for labor? This could include information sharing or benchmarking, or contracts with competitors that could be interpreted as no-poach agreements. Antitrust agencies and plaintiffs’ antitrust bar have targeted industry information-sharing arrangements and alleged no-poach agreements. Antitrust agencies have recently revoked long-standing antitrust guidance setting out safe harbors or safety zones for benchmarking.
Antitrust policies, training, and guidance. Should the company update antitrust compliance policies and training to ensure employees understand the requirements around antitrust and employees? Should employees receive mandatory regular training to emphasize the importance of antitrust compliance? If companies need to enforce their rights against an employee, competitor, or otherwise, advance efforts toward creating a plan that designates, contains, and monitors confidential information and trade secrets will be critical evidence of their legal status and value to the company.
Companies should reevaluate the entire program as individual components to ensure its effectiveness. Advanced planning will highlight opportunities to improve systems and avoid discovering problems in an emergency. While a tailored program for protecting confidential information is critical in any environment, employers should continue to monitor further developments associated with the noncompete rule.
The case is Ryan v. FTC, N.D. Tex., No. 3:24-CV-00986, decided 8/20/24.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Author Information
Theresa Sprain is shareholder at Baker Donelson in Raleigh, representing businesses in labor and employment litigation.
Edward Lanquist is shareholder at Baker Donelson in Nashville focused on intellectual property litigation and counseling and technology law.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.