San Diego businesses typically invest significant resources in the development of customer lists, but often fail to adequately protect them. Companies may believe that such lists are automatically protected “trade secrets”. However, without affirmative steps designed to ensure that confidential lists fit within the definition of a trade secret, customer lists are at risk. In California, customer lists are considered trade secrets if the lists are valuable because they are kept secret (information that “derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use”), and if the business takes reasonable steps to protect the lists. The greatest risk comes from the company’s employees. In order to maximize protections, companies should take the following affirmative steps:
Maintain physical security: Customer lists should be isolated from other company information and clearly labeled “Confidential”. Computer files containing customer lists should be password protected and each file marked “Confidential”. When computer lists are accessed, the computer should flash the user a confidentiality reminder. Hard copies should be kept under lock and key with the cabinet and individual files clearly labeled “Confidential”. In addition, employee access should be limited to those employees that actually need it. These physical security measures serve as a constant reminder to employees and others that the company’s customer lists are indeed confidential.
Require non-disclosure (confidentiality), non-compete and non-solicitation agreements: Require employees to sign non-disclosure, non-compete and non-solicitation agreements. Requiring employees to sign non-disclosure agreements puts them on further notice that the company’s customer lists are confidential. It’s important that the non-disclosure language specify the company materials intended to be confidential. Courts are inclined to strike contract language that is too broadly worded. Non-compete clauses limit an ex-employee’s ability to hire on with competitors. Such clauses are generally unenforceable in California. This is because courts are reluctant to place restrictions on an individual’s ability to seek new employment. However, their inclusion in employment agreements can affect how departing employees behave. Where enforceable, non-compete clauses are typically limited in time and geographic scope. Non-solicitation agreements are less burdensome than non-compete agreements and therefore are more readily accepted by courts. In non-solicitation agreements, employees agree not to solicit a company’s existing customers or prospective customers. Whichever state your company resides, it is important to have your attorney carefully draft non-disclosure, non-compete and non-solicitation language to ensure enforceability.
Employee procedures and training: A company’s confidentiality policies should be addressed during initial training and should be clearly defined in the employee handbook. In addition, existing employees should attend regular meetings to discuss the procedures for maintaining confidentiality of customer lists. It is important to consult with your business attorney about developing an adequate employee policy.
Procedures for departing employees: Have procedures in place for departing employees to remind them of the company’s confidentiality policies.
Taking these affirmative steps is not a guarantee that your customer lists will be protected. Employees may still steal your trade secrets, and prosecuting them can be an expensive proposition. Courts may also be reluctant to prohibit ex-employees from soliciting contacts personally developed by the employee. Moreover, a court may determine that the list itself has no independent value and is therefore not a trade secret. For instance, customer lists collected from the phone book aren’t typically considered trade secrets. The company should have expended time and effort identifying the customers and their particular needs and/or characteristics. Nonetheless, if your company has a customer list that you believe has value in and of itself, these are necessary steps to ensure confidentiality.