Category Archives: Uncategorized

Employment Law Myth Busters – The “Unenforceable” Non-Compete

Man is signing Non compete agreementNon-compete and other restrictive covenants are commonly used by employers in many industries to protect their trade secrets and legitimate business interests.  While employees may be willing to sign them when they take a new position, they are often frustrated by them when it comes time to look for a new job. Some employees take to Google to see if their agreement is enforceable.  What they find on Google often provides them with false confidence that their non-compete or other restrictive covenant is unenforceable, but relying on Google research in the complicated, fact-sensitive legal morass of non-compete agreements is risky business.  True, a Google search can turn up numerous court opinions that express the view that non-competes are viewed unfavorably by courts as anti-competitive restraints on trade and, as such, are narrowly construed and enforced only to the extent that they protect a legitimate business interest of an employer.  However, those cases may or may not be useful in deciding whether your restrictive covenant is likely to be enforced. First, the law governing non-competition agreements varies from state to state. Thus, an opinion by a court in California applying California law (which bars enforcement of restrictive covenants except under specific, narrow circumstances), for example, is of little help in assessing whether a court in New Jersey or Pennsylvania, where non-competes are routinely enforced, is likely to enforce a restrictive covenant under that state’s laws. Making the analysis even more complicated, courts decide whether to enforce restrictive covenants based upon a thorough review of the specific language used in the agreement; even slight variations in the language of the agreement can lead to vastly different results. In addition, because they are viewed as anti-competitive, a court will generally enforce one only if it is well drafted so that its restrictions narrowly target the business interests at issue and nothing more.  The finer points of enforcing restrictive covenants, such as non-competes, are too detailed to address here, but employees with employment agreements that contain restrictive covenants and businesses that are hiring employees subject to them should not rely on Google to assess their enforceability or their liability for a breach.

Savvy employer takeaways: Employers should have an experienced employment lawyer evaluate the enforceability of their employees’ post-employment restrictions and the enforceability of post-employment restrictions by which prospective employees may be bound.  Employers should also require candidates to disclose whether they are subject to any restrictive covenants before offering them employment. 

Questions? Let me know.

You cannot predict when you are going to have a data breach

ask again later

A pattern I see repeated in all kinds of business disputes is that when a business fails to calculate the risk of something going wrong, it makes it even harder to repair it when does go wrong. Notice, the title of this post refers to “when” you will have a data breach, not “if.” This is not to be alarmist. In fact, many data breaches are harmless. Surprised to hear that? What about an employee using internal records to locate a co-worker’s home address to send a gift? Is that a date breach? Well, it depends on your policies and authorizations, but, even if it is a “breach” it may not be one that causes damages.

The question is what can you do to prepare for the one that does cause damage? Do you segregate data so that any breach will reach a more limited segment of your employees or customers? Do you encrypt data? According to recent reports, Anthem did not encrypt its data and that will cost it. How can you avoid this, plan, plan, oh yeah, and plan.

Your first line of defense should be to gather your crisis response team and open the crisis response playbook? You don’t have a team? You don’t have a playbook? If that’s the case, you aren’t ready to be in the game. Here’s what you need to know to get started:

Assembling a crisis response team:

  1. Identify key information holders within your organization (who will manage customer relationships, public relations, legal compliance, technology compliance, data security, and restoration of business functions?).
  2. Identify outside resources that will be needed (who has the knowledge of applicable laws in each state/country you operate or can coordinate counsel, who has the expertise to identify and stop leaks, who has the media relations that will help get your message out?)
  3. Establish a chain of command and a division of duties so everyone knows their role and who is coordinating the response.

Creating a response playbook:

  1. Develop a set of compliance procedures.
  2. Identify contingency plans to using backup data or otherwise accessing key information.
  3. Develop an exhaustive checklist to ensure you do not overlook potentially crippling problems.

When you create a crisis response plan, focus on the short term, so you know what to do right away. In the months following a data breach there will be time for information gathering and refinement and a good crisis response plan will put you in the best position to confront those medium term problems in due course.

Questions? Let me know.

%d bloggers like this: