Remote Work – Risk on Protecting Trade Secrets for Enterprises?

(Nguyen Huu Phuoc Esq. & Pham Thanh Truc – Phuoc & Partners Law Company Limited)

The Covid-19 pandemic outbreak has been threatening the health and lives of hundreds of millions of people around the world since the first case was recorded in December 2019. In the context that the Governments of countries have issued social distancing policy to limit the spread of such a disease, the majority of enterprises have been forced to find ways to adapt to working from home, remote, online working model (collectively, “remote working model”) for uninterrupted business operations. With the support from digital technology platforms in the 4.0 technological revolution, enterprises are now able to organize a large number of employees to work remotely effectively without being present at the enterprises’ workplaces. The application of digital technology to the remote management of work and employee is an important and vital element to the success of this new remote working model.

However, besides the inherent benefits of switching from a traditional working model to a remote working model, plenty of enterprises are facing risks in protecting trade secrets and technological know-how (collectively, “Trade secrets”) not only of the enterprises but also of their partners and customers when it is impossible to absolutely guarantee the safety of personal electronic devices, the internet and other unknowns in the employees’ remote working environment. Therefore, enterprises need to have reasonable and appropriate precautions and measures in their abilities to minimize unnecessary losses during the transition to a remote working model.

Legal regulations on protecting Trade secrets

The value of a Trade secret often in commercial competitive advantage, so direct or indirect, tangible or intangible damages arising from the accidental or intentional leakage of the Trade secrets by employees can cause extremely serious consequences to the operation and development of the enterprises. In order to create a fair and healthy playing field, Vietnamese law provisions have established several mechanisms to protect the Trade secrets of enterprises by defining a Trade secret as a type of intellectual property of the enterprises. Accordingly, an enterprise’s Trade secret will be protected by the State since the enterprise has obtained them legally and the enterprise has taken necessary measures to protect such Trade secret[1]. The law also specifically stipulates civil, administrative, and even criminal sanctions for any acts that infringe on Trade secrets of enterprises to ensure compliance with the law by individuals and organisations in general[2].

Regarding the concept of “necessary measures” that enterprises need to take to protect the Trade secrets, up to now, there has not been a specific regulation guiding this concept and therefore necessary measures will have to be proactively determined by enterprises based on their business type, scale, and human resources. For example, an enterprise with a large size of human resources with many complex departments, branches, representative offices in many various locations of the country, must take drastic measures to protect the Trade secrets of the enterprise more closely than that of a small-scale enterprise. In the case of an enterprise specialising in providing IT software, it will have to take intensive technical measures to protect the source codes of the software products written and sold by the enterprise’s engineers.

In addition to the remarkable achievements of science and technology in the 4.0 technological revolution, the issue of network security has also become one of the high apprehensions for enterprise owners in the implementation of storing and sharing important information on an online platform. In consideration of the recent increase in cybercrime, the Vietnam National Assembly has passed the Law on Cybersecurity and officially took effect on 1 January 2019. The Law on Cybersecurity has created a legal corridor for the prevention and handling of infringements and attacks, and the collection of data from digital technology platforms, telecommunications networks, etc. strengthen the protection of information, data, and Trade secrets stored by enterprises on online databases.

Protecting Trade secrets while the transition to a remote working model

Policies related to Trade secrets protection of enterprises are not too strange and have been widely applied by many enterprises recently. However, the transition from the traditional working model to the remote working model has caused this new working policy to reveal some deficiencies and weaknesses that need to be adjusted and supplemented to expand security scope to cover the online workspace.

Protecting the Trade secrets while working remotely is generally related to three key issues as follows: (i) Safety of technology and telecommunications networks; (ii) Security of remote working space of employees; and (iii) Human factor in protecting Trade secrets. Below are some suggested opinions to set up a Trade secret security policy for the remote working model for the enterprises to consider and implement:

Firstly, ensure the safety of technology and telecommunications networks

For access devices, enterprises should stipulate that employees are only allowed to use devices and computers provided by the enterprise to work and access the enterprise’s data system. This regulation allows enterprises to be proactive in setting up security systems for these devices such as firewalls, anti-virus software, etc. It should be noted that the above-mentioned technological devices must (all) be password protected by the IT department of the enterprise.

For connection networks, enterprises should require employees to be limited to only connecting to secure telecommunications networks and to ensure encryption with the VPN system provided by the enterprise to prevent hackers from having the opportunity to access.

For online communication and meetings, enterprises need to have detailed and specific regulations on the technology platforms that employees are allowed to conduct according to the Remote work policy of enterprises and the right to join meetings must also be cryptographically restricted. Violations and appropriate sanctions must be updated in the internal labor regulations and registered with the local competent labor management agency.

In addition, the enterprise’s online database system must be decentralized to access, depending on the sensitivity of the information and the employee’s working position. For Trade secrets, the security must also be set at the highest level of safety and should minimize the number of employees who have the right to access. Enterprises should also spend necessary and timely financial resources to invest in software to monitor the remote download of important information folders in the enterprise’s database to control downloads and have early, timely warnings for the managers of the enterprise.

Secondly, ensure the security of the remote workplaces of employees

The remote workplaces of employees are generally considered as an apprehension factor in protecting the Trade secrets of enterprises. Enterprises should consider stipulating that employees must be responsible for ensuring that their workspaces are private and safe, not capable of containing eavesdropping devices, or with video and photo recording functions. In addition, equipment and hard documents of enterprises also need to be stored in safe places to avoid any approach by third parties.

Thirdly, ensure that the Trade secret is not disclosed by the employees

One of the most important elements to protect the Trade secrets of enterprises is the human factor. To be proactive in protecting their Trade secrets, enterprises should sign a confidentiality agreement or commitment (“Confidentiality Agreement”) with key employees, employees at managerial and executive levels who have the ability to access sensitive information of the enterprise to ensure the safety of the Trade secrets of the enterprises as well as that of its partners and customers.

When making the transition to a remote working model, the methods of monitoring, managing employees and work, communication forms, and accessing data of enterprises are mostly done through digital technology platforms. In addition to the existing benefits of this transformation, enterprises also face more risks on trade secret misappropriation than ever before. Therefore, it is extremely necessary to draft and promulgate, review and update security policies and Trade secret protection agreements to suit the remote working model so that enterprises can manage risks in protecting Trade secrets from being disclosed.

Furthermore, in order to prevent an employee from accidentally or intentionally disclosing enterprise’s Trade Secrets after leaving his or her job, the terms of the confidentiality agreement must clearly define the validity of the confidentiality agreement to be extended within a reasonable period since the termination of the employment relationship between the enterprise and the employee. In this regard, the current law does not have a limit on the period of confidentiality commitment, so enterprise is free to consider what period is deemed reasonable for both parties to apply in practice in enterprise[3]. Carefully, enterprise can also require employee to return all working tools (specifically, equipment and information, data, documents…) related to the Trade secrets of the enterprise that the employee has been holding, knowing as soon as the employee quits to avoid unintended problems.

In addition to the aforementioned content, to ensure that the online work cycle can operate smoothly, enterprises should also consider organising training and disseminating their internal policies and regulations for employees before officially implementing the remote working model. At the same time, enterprises also need to regularly and periodically update fraud methods to illegally infiltrate the enterprise’s data system for employees to increase vigilance within the enterprise. Enterprises’ software, technology platforms, and security systems must also be regularly improved and continuously upgraded to reduce the risk of being attacked by cybercriminals.

It can be said that we are witnessing the remarkable development of digital technology platforms in the 4.0 technological revolution. Online, remote working models, communicating, or even holding internal or external meetings through apps and social platforms have also become popular and familiar with enterprises because of their flexibility, convenience, and extremely low costs. Although the outbreak of the Covid-19 pandemic has suddenly increased the number of employees using the remote working model, according to the current general trend, even when the Covid-19 pandemic has been controlled, the remote working model will still be popular with enterprises and increasingly widely applied. Therefore, from now on, enterprises need to be cautious and prioritise investment in measures to prevent disclosure of the Trade secrets, proactively promulgating internal regulations for the purpose of education and deterrence, instead of passively waiting for the contents of a business secret to being disclosed, then starting to find remedial measures, it will take a lot of time, effort and money.

[1] Article 6.3(c) and Article 84 of the Law on Intellectual Property 2005

[2] Article 199.1 Law on Intellectual Property 2005 and Decree No. 105/2006/ND-CP

[3] Article 4 Circular 10/2020/TT-BLDTBXH