For every company across every industry, whether there are 100,000 global employees or a team of 10 working out of a shared office space, intellectual capital protection is part of business strategy 101. Protecting trade secrets, new developments, company data and more is an essential element to maintaining a successful, cutting-edge company. However, even though the end result of intellectual capital protection is often the same, there isn’t a one-size-fits-all approach.
“From when I started my career up until a couple of years ago, protection involved locking the file cabinet. If someone wanted a personnel file, they’d have to go into the HR department and physically retrieve it,” says Laurence Midler, executive vice president and general counsel, CBRE. “Since we began the journey towards going electronic and completely digital, it’s about so much more than email safety. Protecting our Information is now very different than a lock and key.
Since we began the journey towards going electronic and completely digital, it’s about so much more than email safety. Protecting our Information is now very different than a lock and key.
A 2017 report conducted by the Commission on the Theft of American Intellectual Property found that in the U.S. alone, companies lose between $180 billion and $540 billion annually to trade secret theft. Though that number is hard to calculate, as companies might not know that their intellectual capital has been compromised or be willing to report losses, the report found that on average, “trade secret theft is between 1% and 3% of GDP.”
While those amounts vary depending on where in the world a company is based, businesses across all industries have something to gain by using workplace checks and balances to create a culture of safety, prime for sharing of company information.
“Although risks are different across different industries, we find that the big picture principles are similar. To address those, we turn to the management system approach to safety,” says John Dony, director of the Campbell Institute, the center of EHS excellence within the National Safety Council. “Companies need to understand what their risks are, put tactics in place to mitigate those risks, quantify how effective the tactics are and integrate from there, then continuously improve the system using those lessons to start the cycle again. That Plan, Do, Check, Act cycle is a management system principle grounded in decades of business research.”
Since transitioning to digital has posed a unique set of intellectual capital safety risks, companies are continuously looking for ways to shore up security and improve safety protocols—even when they may cause employee hurdles.
One popular measure that will fundamentally change the way employees interact with email is an email retention policy, which automatically deletes emails after a company-set period of time. It’s up to employees to archive the note or re-sort the information within the timeframe before it’s gone.
“A lot of companies have grappled with these types of policies due to the way people store information in email these days, so we’re trying to be at the forefront of the industry as far as safety goes,” says Liz Atlee, SVP, Deputy General Counsel of Global Litigation, Employment and IP at CBRE.
A lot of companies have grappled with these types of policies due to the way people store information in email these days, so we’re trying to be at the forefront of the industry as far as safety goes.
But with a global workforce comes differing privacy policies and laws, customs and cultures that all play a part in how companies can roll out new protection procedures. For instance, the EU’s General Data Protection Regulation (GDPR) will go into effect on May 25 of this year, and global companies that collect or process personal data on EU citizens will have to comply with the law’s expanded individual consumer privacy rights.
Atlee notes: “Everyone’s trying to get up to speed on how to handle those new requirements from an electronic and data-protection standpoint, but it does take time.”
As for implementing new company protection policies in a technological environment that moves at top speed, Midler says that too can be difficult to adjust to.
“We have desktop technicians in every office who are helping employees to work within the new policies. Likely in three years from now, when we’ve fully implemented some of these measures, we’ll look back and think, ‘how did we ever have anything else?’”