In a workplace that increasingly exists beyond the four walls of an office building, it is more important than ever for employers to handle employee departures with care. While employee departures are often routine, they sometimes create the risk that departing employees may take with them trade secrets or confidential information, either intentionally or inadvertently.
In light of these risks, employers can take steps before, during, and after an employee’s time with the company to help safeguard the company’s confidential information.
Protecting Confidential Information and Trade Secrets
In the event confidential or trade secret information is taken (intentionally or accidentally), courts generally look at whether companies have taken reasonable measures to safeguard their information, especially where trade secrets are involved. See MedQuest Ltd. v. Rosa, 2023 WL 2575051 at *5 (S.D.N.Y., Mar. 20, 2023) (finding that plaintiff pled insufficient facts to demonstrate reasonable measures in part because it did not even allege the existence of non-disclosure or non-solicitation agreements); but see UrthTech LLC v. GOJO Industries, Inc., 2023 WL 4640995 at *12 (S.D.N.Y., July 20, 2023) (noting that “taking steps to protect information through a confidentiality agreement does not, on its own, suggest the existence of a bona fide trade secret”). There are three things that employers should seek to do in protecting their sensitive information: (1) limit access to those who truly need to know the information; (2) track access to sensitive information; and (3) ensure that employees routinely are made aware of the employer’s expectations and their own obligations. See Better Holdco, Inc. v. Beeline Loans, Inc., 666 F.Supp.3d 328, 385-86 (S.D.N.Y., Mar. 30, 2023) (considering evidence that Better had employees sign a PII Agreement, limited access only to those actively working on a matter, had a practice of terminating employee access upon departure, conducting periodic reviews to ensure no unauthorized access and holding that sufficient measures had been taken).
Physical safeguards—locked doors that only grant access to authorized personnel, drawers and offices with locks—help to restrict access to sensitive information to authorized personnel. Employers should also consider marking confidential or trade secret documents as such and using code names for projects to avoid inadvertent disclosures.
Employers can also utilize cyber-security measures to ensure that the employer retains control over its information. The most important step is to ensure that employees are not using personal email addresses or phone numbers for work related tasks, or otherwise storing confidential information on personal devices. Other measures include using password protection, encryption, and multi-factor authentication, limiting the use of shared drives for the employer’s most sensitive information, and implementing a system of manager approvals before employees are added to new team sites. Employers should also consider hardware-based cybersecurity measures, such as using computers without USB ports or other ability to connect external devices.
For both physical and cyber-security measures, tracking access to sensitive information shows that a company takes the protection of its information seriously. This includes monitoring access into and out of the building and any areas containing trade secret information, as well as maintaining logs of computer activity, especially when employees have regular access to sensitive information. Employers should audit their physical and cyber-security measures regularly to ensure they are functioning as intended.
Employers should also consider implementing regular training that reiterates employee obligations with respect to sensitive company information, and tracking completion.
Post-Employment Obligations
Post-employment, employees need to be made aware (particularly in the context of trade secret and confidential information) that they will have ongoing obligations to their former employers. Employers should remind employees of these ongoing obligations in both face-to-face exit interviews and contractual agreements.
Employers should ensure that the former employee comes out of an exit interview with an understanding of ongoing obligations to the company. If there is reason to believe that the employee is in possession of sensitive documents, this is also a good time to request—and verify—the return or destruction of those documents. Following an exit interview, employees should be reminded of any confidentiality and/or noncompete agreements they signed upon hiring.
If employers seek to create a new termination agreement or post-employment noncompete, employers must ensure that there is sufficient consideration to make that contract legally binding, and that it is narrowly tailored to be compliant with relevant state and federal law. The agreement can also reiterate the employee’s existing confidentiality obligations, and include an affirmation that, to the extent the employee has any confidential or trade secret information in their possession, they have returned or destroyed any such documents. Alternatively, a more practical approach might be for the employee to sign an attestation verifying that they have returned or destroyed any trade secret or confidential information in their possession. Employers should maintain a copy of all applicable employment and confidentiality agreements and, if the employee was terminated, documentation of legitimate, nondiscriminatory bases for termination, for at least three years. 18 U.S. Code § 1836(3)(d); see e.g. New York Extends Statute of Limitations for Discrimination, Harassment and Retaliation Suits, and Enacts Changes to Laws Governing Remedies in Agreements Resolving Related Claims, SULLIVAN & CROMWELL, /insights/blogs/2023/December/New-York-extends-statute-of-limitations-for-discrimination-harassment-and-retaliation-suits-and-enacts-changes-to-laws-governi (Dec. 1, 2023); TIME LIMITS FOR FILING A CHARGE, U.S. EQUAL EMPLOYMENT OPP. COMM’N, https://www.eeoc.gov/time-limits-filing-charge (July 3, 2025). The moment the employee’s work ends, employers should terminate all access to company buildings and servers.
***
Though modern technologies and job markets increase the risk that company trade secret or confidential information may be stolen and/or misappropriated, by considering the above factors, employers can take steps to protect themselves, minimize information leaks, and present a strong position in the event of litigation.