3 July 20236 minute read

Step one: Identifying your trade secrets

Can you identify your business’ most valuable information, how it is stored and who has access to it? Are you sure? It may surprise you that even some of the most sophisticated companies in the world don’t have a proper handle on their information “crown jewels” or trade secrets until someone tries to take them. Now is a good time to review your business’ approach to protection of its trade secrets and other confidential information and make sure you have done everything you can to protect them.

Why now? Data is one of the most valuable assets any business has. Industrial espionage is becoming more prevalent (and sophisticated) and cyber attacks are common in all sectors but particularly information heavy industries such as life sciences and financial services. Don’t scrabble around after an incident to work out what’s been taken and how to get it back (speed is everything in a trade secret dispute as information leaks faster than water through a sieve). Make sure you have a robust policy and systems in place to protect your data assets.

Trade secrets and other confidential information are valuable business assets and important for innovation (often as important as patents, especially in fast moving industries such as fintech, AI and process industries where reverse engineering is difficult). However, they are often overlooked by a business in favour of other forms of intellectual property such as patents and trademarks which are easier to manage because they are registered rights. But with a little effort it is still possible to manage your trade secrets effectively.

What is a trade secret? Many everyday examples are obvious (such as the Google algorithm) but other forms are less clear. Everyday commercial information such as lists of suppliers can also be protected under the Directive, as the holder could suffer considerable damage if the information is lost. The Directive defines a trade secret in very general terms so many forms of business information, both technical and commercial, are included. The key is that the information should not be generally known, have commercial value because of its secret nature and, most importantly, that the holder has taken reasonable steps to keep it secret. As you can see that definition can cover a multitude of different types of information.

Over the 5 years since the deadline for implementation of the Directive, there has been lots of attention on the meaning of “reasonable steps”. In the upcoming articles of this series we will look in detail at how various courts have interpreted these words and what protections a business should take, bearing the case law in mind. As a minimum every business should:

  1. Identify and isolate its most valuable information across the business. Carry out an audit an audit to identify what information is most worthy of protection.
  2. Prioritize protection: Focus your efforts on securing the most valuable information identified in the audit.
  3. Identify and isolate third party valuable information. How is this kept separate from the business’ own information? How is it stored and used? As strategic alliances become more and more common it’s even more important to be able to do this, especially in a research context.
  4. Know who has access to the valuable information identified above both physically and electronically. Is sensitive information locked away? What is your IT permissions policy, is there a “need to know” policy restricting access or does everyone in the business have access? General access can often be an issue in SMEs or fast growing companies.
  5. Have a written confidential information policy and systems for protection and regularly review them to keep them fit for purpose. Don’t just rely on NDAs and confidentiality provisions in your contracts and hope for the best. A layered and systematic approach to protection is usually the most effective.
  6. Document appropriately: Maintain accurate records of the creation and disclosure of confidential information. This documentation provides a clear record of what's developed and shared, both internally and externally.
  7. Train your employees (when they join and regularly afterwards) on the importance of confidential information. Employees are the biggest threat to confidential information and most misappropriation cases will involve an employee somewhere along the line. Some will misuse proprietary information intentionally for personal gain while others simply do not understand its value. Whilst it is impossible to guard against all bad actors, avoid innocent or negligent misuse through educating your workforce on what can and can’t be shared with others and best practice for protection.
  8. Remember the importance of exit interviews. They should not just be a formality. Make sure that all confidential information is returned, and access terminated when an employee leaves.
  9. Review your strategic partnerships. Do you have a right to audit the other party’s protection measures? Do you exercise that right? What are the consequences if their protections are not adequate? Do you follow up when the partnership expires or terminates? Has all relevant information been returned or destroyed?
  10. Have a plan in case of suspected misuse. Once you suspect misuse, the clock is ticking to recover that information and minimise damage to the business. Knowing in advance what to do and who to contact in case of any problems, will save valuable time.

We have focused on the importance of the first step in any protection programme - identifying your most valuable information and the practical means to protect it. What else does the law offer? In our next article we will take a look at the options available.

DLA Piper’s Trade Secrets Scorebox is based on EU law and helps businesses assess the maturity of their trade secrets protection. It provides the user with an overview of the best course of action to implement, improve, maintain, and monitor the organization’s trade secrets protection strategy. If you would like more information, please contact Roberto Valenti, Ewa Kurowska-Tober or Alexis Fierens.

Print