Skip to content

What the FTC Ruling on Non-Competes Means for Security Teams

We could soon see the end of non-compete agreements. While this is a move that will have positive ramifications for employees, businesses need to understand how this change impacts data security.

The non-compete debate

The debate around non-compete agreements has heated up over the past few years. In 2020, President Biden campaigned about how he planned to eliminate non-competes, then taking the first major step in July 2021 by issuing his Executive Order on Promoting Competition in the American Economy. On Thursday, the Federal Trade Commission (FTC) made a bold move, proposing a new rule that would prohibit employers from imposing non-compete agreements on their workers – a practice it called “exploitative and widespread.” The rule does not take effect immediately – the public has 60 days to offer comment on the proposed rule. But businesses should still prepare for what this could mean from a data protection perspective. 

Data loss to the competition

We could hold a spirited debate arguing the pros and cons of non-competes, but the intention vs. the reality doesn’t really matter for security teams. What does matter is the idea of data ownership and the impact of data loss from employees leaving organizations. It’s no surprise that 2 out of 3 people admit to taking data with them when they leave their jobs. Why does this happen? Most people feel an inherent ownership of the data they create while employed. They have emotional ties to it. Despite the fact that legally their employers generally own the intellectual property created by its employees over the course of their employment. Having a non-compete in place may not have been the silver bullet but it does provide some aspect of a deterrent control so that important company data does not leave to your competition. With or without these deterrents in place, it’s incredibly important for security teams to have the right visibility to data leaving with employees. 

This proposed FTC rule is a critical reminder that competition exists and that today’s organizations need to focus much more heavily on maintaining a robust data protection program. This includes:

  • Upfront employee agreements around data protection 
  • Separation agreement reminders to reinforce that employees do not own the data created while employed
  • The proper tools to detect data exfiltration by departing employees
  • Role-based trainings, especially on departure dos and don’ts
  • Systems that detect the movement of sensitive data and offer you the controls to respond

By having a holistic data protection program in place internally, security teams can have peace of mind that important competitive data is not leaving with employees.

You might also like: