By James Pooley, author of “Secrets: Managing Information Assets in the Age of Cyberespionage“
In today’s hyper-competitive global economy, talent is often your most valuable weapon. If you’re like most business leaders, you’re not above engaging in a little employee-poaching to improve your position. After all, if you can entice an MVP from another company to enlist in your ranks, you’ll deprive the competition of a key asset while taking immediate advantage of your new hire’s previous training and experience. Best of all, this kind of hiring is perfectly legal, right?
Well yes… except when it’s not. There are two scenarios that tend to get companies in trouble when they woo workers away from a previous employer.
The first is hiring a new employee with the intention of gaining access to confidential information about another company. The second is simply being sloppy about onboarding new hires and unintentionally allowing them to bring confidential data, knowledge, or methods into their new position.
If you’re wondering whether tapping into another company’s secrets via employee-poaching is really that significant a transgression, the answer is a resounding “yes.”
After Boeing hired away Lockheed employees who brought proprietary documents to their new employer, it had to pay a $615 million fine to avoid criminal prosecution. Even then, two former Boeing executives were indicted and sentenced to prison time.
Think this couldn’t happen to you? Think again. As reported recently by Symantec, half of employees who leave their jobs keep data belonging to their former employer, and most of them leave with plans to use it in their new positions.
When you’re hiring away employees, you need to be very familiar with what’s legal and ethical and what’s not, and take specific steps to make sure you aren’t crossing the line into espionage or trade secret theft.
Here are six ways for employers to stay on the right side of the law when hiring key employees away from the competition:
1. Understand what’s legal for you to know, and what’s not.
The law protects only trade secrets, not employee skill or general knowledge — but what’s the difference? The skill a worker acquires practicing her craft over time is hers to keep and is your company’s to enjoy after you’ve hired her away from the competition. The same thing may also apply to techniques and information she has learned over the course of her employment. However, if any of those techniques or pieces of information give her employer a competitive advantage, are not generally known, and are safeguarded to a reasonable degree by the company, they are likely to be considered trade secrets.
If that explanation sounds confusing or open to interpretation, that’s because it is. Trade secrets can range from unique processes for creating goods — such as the legendary Coca-Cola formula — to seemingly inconsequential details, such as a key client’s favorite wine. There simply is no hard-and-fast distinction between these types of assets. However, if a piece of information — no matter how minute — is privately held and gives a particular company an edge over the competition, chances are the law will treat it as a trade secret—and will prohibit you and your newly poached hire from using it.
2. Be aware that poaching is a balancing game, not an exact science.
Even if your company is careful to avoid learning and utilizing sensitive information when onboarding a new employee, contamination may still occur. Often the most valuable new employee in theory is also the one with the most knowledge of the competition, and is thus the riskiest hire in terms of exposure to information that could get you into trouble. As the “inevitable disclosure” theory postulates, some new hires may know more than they can reasonably be expected to contain. It’s up to your company to confront this paradox directly and determine your risk appetite for the “best” hire.
Also, be aware that your risk multiplies when hiring a group of people away from the same company. Not only must you guard against contamination from multiple sources who may be used to sharing confidential information with each other; you may face litigation from their previous employer. The competitor’s perspective is easy to understand: With so many qualified individuals out there, the only reason for going after most or all of a team can be to cause damage, and perhaps also get access to an array of special knowledge. This, the competitor will allege, is a raid, a particular form of unfair competition.
3. Tread carefully in the recruitment phase.
You can start mitigating the risk of information contamination when your company is still in the recruitment phase. Ideally, all job announcements will express qualifications in generic terms, avoiding anything that could be interpreted as trolling for a source of competitive data. Be especially careful in this area if you’re targeting a particular individual or group.
Don’t let down your guard once you have desirable candidates on the hook. The pre-employment interview can be an especially fraught situation. Those who participate in the process should be trained, or at least well informed. They should be guided by a checklist that allows them to find out only what they need in order to assess the candidate’s general knowledge and skill set (which, once again, is the part of their experience that applicants are entitled to take with them). Make it clear to candidates at the outset that you don’t want them to reveal sensitive information of any kind and explain why.
4. Reaffirm your commitment to remaining “clean” during onboarding.
During new employee orientation, reinforce your company’s culture of respect for others’ information rights. As with the pre-employment interview, your goal is to impress on new employees how important it is to come into the new position “clean,” and to point out that there is no advantage — and considerable risk — in trying to prove themselves by bringing with them the work they did before.
In my experience, there are some types of new hires for whom this sort of fresh start is particularly difficult. Consider software engineers, for example. Many of them tend to view their prior work as belonging to them instead of their former employers, and they often feel attached to it as a reference source.
In this situation, use the onboarding process to affirm your confidence in the new employee’s ability to get the job done only with the skill and general knowledge that he has accumulated during his career. Go carefully through the various forms and contracts that have to be signed, and make sure that the new hire knows where to get answers or address any concerns about information security.
5. Train current employees to recognize off-limits information.
Despite your best efforts, a new hire might inadvertently share sensitive data about a previous employer. It’s important that all of your employees (not just supervisors and hiring managers) know how to recognize off-limits information.
Set aside time for company-wide training on what constitutes a trade secret, and be sure to provide examples of acceptable and unacceptable conversations regarding ‘how we did things at my previous company’. Give specific instructions on what to do if an employee thinks she may have been exposed to secret information. And perhaps most important, provide information and encouragement about where to go if employees have questions or are concerned about an ethically ambiguous situation.
6. Have a de-contamination plan in place.
It’s much better to be prepared than to be sorry, so assume that despite your best efforts, you’ll encounter information infection from new hires. Know how to proceed if and when this happens. Your first goal should be to understand the facts: what information was received, when and how it entered, to what extent it has spread through the organization or its systems, and whether or how it has been used.
Unless the issue seems trivial (e.g., it’s information of minor importance, possibly publicly available, and exposed to only one person), immediately involve legal counsel to help decide what to do next, and to provide a privilege against disclosure of your internal communications.
Assuming that any unwanted infection you suffer was truly an accident or the result of a rogue employee’s misconduct, then your challenge will be to combine risk management with ethical behavior. Happily, they usually align. Voluntary disclosure to the information’s owner is often appreciated, with no greater consequence than cooperating on a plan for containment. Naturally, if the damage has been more extensive, then there is more risk that litigation will result. But by keeping the situation secret from the victim, you will increase the risk of serious consequences if the facts surface. So the ethical choice is also the smarter choice.
Ultimately, establishing an overall culture of respect for intellectual property is your best defense against information contamination when you are hiring employees away from the competition. When everyone in your organization understands the importance of respecting trade secrets and other privileged data, this knowledge will shape their actions and interactions with potential candidates and new hires.
James Pooley is the author of “Secrets: Managing Information Assets in the Age of Cyberespionage“. He provides international strategic and management advice in patent and trade secret matters, performs pre-litigation investigation and analysis, acts as a neutral and special master, and consults on information security programs.