Among the big stories in legal circles last week was the kerfuffle over a memo circulated by Yahoo’s General Counsel Ron Bell reminding Yahoo employees that they are not to leak or disclose confidential information. The story should serve as an important lesson of the challenges a company faces in building, or in this case, rebuilding, a culture of confidentiality so important to preserving trade secrets.
The story first appeared on September 24, when All Things Digital’s Kara Swisher wrote about the memo. The “Leaks Uncool” memo is generally believed to have been triggered by a recent leak concerning internal communications about Yahoo’s sale of a portion of its stake in the Alibaba Group before it was final. Swisher quoted the following parts:
“It’s never OK to share information in an internal memo EVEN if the company issues public communications about the same subject . . . We will fire employees who leak company confidential information and we will avail ourselves of all other legal remedies to protect those confidences.”
Bell’s memo also added the following line, which has caused the most controversy: “If you do it, you can go to jail and face a very large fine.”
As Swisher’s article notes, Yahoo has had significant problems in the past containing leaks (indeed, in 2009, Yahoo’s then-CEO Carol Bartz went so far as to offer a $1,000 bounty for information on leakers), and she even suggests that past management may have encouraged some of those leaks. Not surprisingly, therefore, as Marissa Mayer and other members of the new management team attempt to steady and rebuild Yahoo, one of the critical tasks they face is rebuilding a culture of security and incrementally moving their employees to fully appreciating and respecting its importance.
Did Bell over overreact? According to Swisher and some commentators quoted in Corporate Counsel, he did. But not in the Trade Secret Litigator’s view. Executives and lawyers will always face a no-win battle with the media, who in this age of shrinking budgets are increasingly dependent on disgruntled employees or rivals looking to settle a score for their sources. (Witness the recent article “How EA’s legal team keeps one eye on former employees” criticizing EA for (gasp) reminding departing employees that they should remember they signed NDAs and should abide by them in their new job).
While you cannot (and should not) completely tune out media criticism, the fact remains that Yahoo, as a technology company, has to reinforce a culture of confidentiality or it will inevitably atrophy. As I have written before, creating a culture of confidentiality and security is the first and most important step in protecting sensitive information. (If you don’t think a culture of confidentiality is important, then you should look at Apple). Unfortunately, to change a company that has been complacent about security some times requires a big stick, or the threat of a big stick, to get people’s attention.
Leave aside all the potential issues relating to regulatory and securities laws that can result from a lax culture of confidentiality. Also set aside, for the moment, all of the issues relating to protection of trade secrets or other intellectual property. A culture of confidentiality remains critical today because of the ever-growing threat posed by hacking and cybertheft.
Friday’s edition of The Washington Post ran a front-page article entitled “In cyberattacks, hacking humans is highly effective way to access systems.” In other words, perhaps the best target for cyberthieves and other malevolent cyber forces may be employees who are careless or uninformed about the risks to which they can subject their employer online.
Reinforcing a culture of confidence therefore serves to protect a company on multiple fronts and if the carrot doesn’t work, then you should not hesitate to use the stick.