Protecting Yourself Without Noncompetes
There are good alternatives available to protect your proprietary data and employee investments, but MSPs should take action now.
Noncompete agreements are going away.
President Biden signed an executive order on July 9 encouraging the Federal Trade Commission (FTC) to ban or limit noncompete agreements. Lina Khan, the new FTC chairwoman, has criticized noncompetes as reducing competition, thus hurting consumers, and is likely to eliminate them.
Even without noncompetes, however, MSPs have several ways to protect proprietary information and investments in employee training and certifications.
In fact, these options may have more teeth than noncompetes, which I never relied on when I was an MSP. My lawyer had advised me that right-to-work laws and a person’s right to earn a living almost always beat an employer’s claim that the worker had signed a noncompete agreement.
Protecting Proprietary Information
Stealing company data is a crime, but it happens all the time. A survey from Biscom showed that 87% of employees took company data with them when they left their job. Many said they thought were entitled to it because they had created the data for their employer. Yet, according to The National Law Journal, the Economic Espionage Act (EEA) gives business owners “the right to sue in federal court under the EEA for not only the theft of trade secrets data, but also their use.”
To help avoid the need to go to court, however, there are several things you can do to protect your business from employee data theft.
- Educate clients and employees about insider data theft, which is a crime that can result in large civil financial penalties. The more you talk about it with your clients, the more the message will also be heard by your staff. If you work with defense contractors, moreover, they are required to provide insider threat training to their workforce.
- Have your employees, including senior managers and long-term staff, sign acceptable use policies, nondisclosure agreements, and confidentiality agreements. These agreements may continue to protect you and provide financial penalties for violations.
Always have your agreements prepared by an attorney who is familiar with your industry, your state laws, and your company. Don’t make the mistake of downloading an agreement from the web or copying a buddy’s document. (I’ve seen copied agreements from businesses in New York saying they were based on the laws of Florida.)
- Limit access to critical data. Secure databases, network shares, and cloud services from employees, limiting access to just information they need for their jobs. The less they can get to, the less they can steal. Block exporting data and documents to portable media. Employ data leak prevention software on your own network, which as an MSP you can probably get at low cost or for free as a not-for-resale version.
- Monitor employee activity. When I was an MSP, we used a monitoring tool to record every keystroke our employees typed into their systems. We warned everyone and made it clear there was no expectation of privacy when using company devices. It was amazing to catch employees doing bad things even though they knew they were being watched.
Don’t think that your most senior and trusted managers are exempt. We had the founder of an engineering firm, one of our managed services clients, come to us in tears, saying he had been tipped off that his company president, VP of business development, and chief financial officer were all stealing company data because they were going to start a competing business. We secretly installed monitoring software on their systems. Soon, the owner had documented evidence—that stood up in court—that his trusted team of senior executives had stolen proprietary data.
My MSP business was required to maintain certified employees to qualify for vendor partner programs. I was furious whenever a technician or network engineer quit my company VERY CONVENIENTLY right after taking an expensive industry or vendor certification course. My attorney advised that loan agreements for training costs could be used effectively to recover my costs if an employee left the company.
He created a loan agreement that said our cost of training, including all fees, travel costs, and wages paid for the time spent at training, were a loan to the employee that they were agreeing to pay back if they left our company within a set period of time after the training. Because the certifications stayed with the employees, we required them to sign a loan agreement whenever we paid for a training course. The agreement also covered costs if we received training for free, but would have to pay if the employee left and another person needed to be trained in their place.
According to our loan agreement, if the total cost of the training was $1,000 or less, the loan would be forgiven if the employee stayed a year. If they left within six months, they agreed to pay us back in full, and half if they left within 6–12 months. For training over $1,000, they agreed to pay us back in full if they left within one year; if they left within 12–24 months they agreed to pay back half, and the loan was forgiven after two years. Because of the laws where I was located in New York, our attorney included specific wording I would never have thought of, including that we did not consider the employee to be an apprentice.
I was able to enforce our loan agreement more than once. In one case, a former employee left the state before paying back his $2,000 training loan. I contacted an attorney in his new state, and within days had the full amount paid back.
As you can see, there are good options to noncompetes. Limiting them is a two-edged sword anyway. While it challenges you to provide a desirable work environment and good wages to keep employees from moving to local competitors, it also opens the door for you to hire experienced staff away from direct competitors.
So, take action now to ensure that if employees do take advantage of their (likely) new rights to work for a competitor, your proprietary information and your investments in their training are protected.
Semel Consulting works with Covered Entities, Business Associates, and Subcontractors to properly manage HIPAA compliance.