FTC Regulation Changes for Non-Compete Agreements

The Federal Trade Commission (FTC) has recently proposed significant changes to regulations governing non-compete agreements. Traditionally, these agreements have restricted employees from joining competing firms or starting similar businesses within a certain period after leaving a company. Let’s explore the implications of the FTC’s regulatory adjustments, particularly focusing on how the elimination of non-compete clauses could impact an organization’s competitive advantage.

What is Data Exfiltration?

Before we dive into the FTC’s proposed change, let’s make sure we understand a simple concept.  The term “data exfiltration” refers to the unauthorized transfer of data from a computer system or network.  This can include personal data, financial information, intellectual property, or other confidential data.  It’s common to assume that this occurs only when a malicious external hacker extracts sensitive information from an organization’s network or systems through malware or other forms of cyberattacks.  However, employees, contractors, and even business owners who already have access to sensitive data may have easy-to-use, discrete, and potentially untraceable methods of transferring this sensitive data out of the organization.  Studies have shown that 40% of serious data breaches were conducted by insiders trusted by the organization.  


FTC’s Regulatory Shift

Non-compete agreements have been a staple in employment contracts, particularly in industries where proprietary knowledge and trade secrets are a company’s cornerstone. Employers have leveraged these agreements to protect their competitive edge by limiting the movement of employees who might otherwise share sensitive information with competitors.

The FTC’s new stance aims to promote labor mobility and innovation by banning or limiting non-compete clauses. This move is predicated on the belief that such restrictions have previously hindered employee wages and career advancement opportunities. The proposed changes are expected to empower employees, enhance competition, and potentially increase the overall wage growth across various sectors.


The Impact:  Increased Risk of Data Exfiltration

Although the expected benefits from this significant policy change may positively impact the economy at the macro scale, employers must consider key risks to their organization’s proprietary information, competitive advantage and reputation:

1. Employee Mobility and Knowledge Transfer:

  • The increased mobility of employees between competitors can lead to inadvertent or deliberate sharing of confidential information.  This information includes customer databases, business strategies, and proprietary processes, all of which are vulnerable during transitions between employers.
  • The absence of non-compete agreements means companies must rely heavily on non-disclosure agreements (NDAs), which are often less specific and harder to enforce.

2. Challenges in Protecting Trade Secrets:

  • Trade secrets and other intellectual properties will become more vulnerable as employees may not fully appreciate the boundaries of what constitutes confidential information versus industry knowledge.
  • Legal enforcement of intellectual property rights might not be swift enough to prevent the damage caused by data loss.

3. Implications for Human Resource Policies:

  • Companies may need to redesign their HR policies to include rigorous exit procedures and audits to ensure data protection when employees leave.
  • Training programs focusing on data security awareness and the legal consequences of data breaches will become crucial.


Mitigation Strategies

Mitigating data exfiltration involves a combination of both technical and organizational strategies.  Organizations have several critical actions that can significantly reduce the risk of data exfiltration:

1. Enhanced Data Security Protocols:

  • Implementation of advanced cybersecurity measures, such as multi-factor authentication, end-to-end encryption, and secure access protocols, will be vital.
  • Regular audits of data access and usage by employees can help detect and mitigate unauthorized information sharing.

2. Revised Contractual Agreements:

  • Strengthening NDAs and including clauses that specifically address data security expectations and the consequences of breaches.
  • Employing restrictive covenants that legally bind employees to protect sensitive information without overly restricting their career mobility.

3. Employee Education and Culture of Confidentiality:

  • Regular training sessions on data security, emphasizing the importance of maintaining confidentiality and the legal implications of data breaches.
  • Creating a company culture that promotes ethical behavior and respect for intellectual property.

Take Action

While the FTC’s regulatory changes aim to boost labor mobility and economic fairness, they introduce significant challenges for data security. Companies must adapt by enhancing their internal data protection measures, revising legal agreements, and fostering a strong culture of confidentiality. These strategies will be crucial in mitigating the risks associated with the increased movement of employees between competitors in a landscape devoid of non-compete agreements.

NOVO has a track record of protecting our customers’ data through the implementation and management of Microsoft solutions that mitigate data exfiltration risks. 

Cornerstones of protection include:

  • Azure Information Protection enables data classification and labeling, ensuring sensitive data is recognized and handled securely.
  • Microsoft Defender for Cloud provides advanced threat detection and alerts, helping identify suspicious activity within cloud and on-premises environments.
  • Endpoint security through Microsoft Defender for Endpoint safeguards devices by identifying and isolating potential threats, while Microsoft Intune manages and secures devices across the organization, enforcing security policies and limiting data transfer.
  • Microsoft Purview, with its data loss prevention (DLP) capabilities, monitors and controls the movement of sensitive data, preventing it from being shared inappropriately or leaving the organization’s control.