Employee Termination
While not always possible given local labor laws, to the extent possible, the company should require the manufacturer to adopt protocols to govern the termination of the manufacturer’s employees in a manner that minimizes the risk of the employees taking confidential information with them when they leave the manufacturer. These may include:
Giving employees short notice before termination.
Automatically disabling access by these employees to secure areas or systems before giving notice.
Informing employees of, and requiring them to agree to, the withholding of their final salary or severance payments, or both, pending the company’s review of their information access and transmission records.
Use of Independent Contractors and Consultants
The company should take into account the risks of permitting the manufacturer to use third-party independent contractors or consultants. To limit the disclosure and use of its confidential information, the company should consider expressly prohibiting the manufacturer from using any independent contractors or consultants.
However, where the company is willing to allow the use of these individuals, it should ensure that the outsourced manufacturer:
Is directly responsible for their actions and obligations.
Has agreed to confidentiality obligations and practices for these individuals at least as protective as those used with the manufacturer’s employees, including the company’s:
Approval of any individuals before any permitted disclosures; and
Review and, if necessary, revision of relevant agreements.
In addition to contractual and relational arrangements, it is important not to undervalue the significance of physical (both hard and electronic) protections. It is to that subject that we now turn.
Security Procedures for Access, Storage, and Transmission
To better ensure that its trade secrets are protected against misappropriation, the company should contractually require the manufacturer to set up physical barriers and electronic firewalls to protect confidential information, including email filters and download limitations to prevent the transmission of large data files.
The company should ideally require confidential information in electronic format to be isolated from the manufacturer’s main computer network and any computer or network with internet access.
The manufacturer also should maintain physical security for its facilities, including:
Building security guards
Internal access restrictions based on clearance levels
Surveillance devices
Information Technology
Because of vulnerabilities in cybersecurity and efforts by corporate, state, and criminal actors, particularly those based in certain developing countries, to access and siphon off economically and competitively valuable information, the company should specify special information technology protocols for the manufacturer. These protocols can include:
Keeping certain highly sensitive information entirely off of the manufacturer’s, and perhaps even the company’s network
Performing periodic information technology audits to assess the networks’ security
Protocols for Confidential Information
The outsourced manufacturing agreement should cover generally applicable measures for the use and transmission of confidential information. These should include requiring:
All documents containing trade secrets and similar know-how to be marked as confidential
Encryption for electronic files
Transmission of confidential information should also only occur through secure channels.