This chapter is from the book
This chapter is from the book
This chapter is from the book
Trade Secrets
Trade secrets were briefly mentioned previously in this chapter; however, this topic deserves a bit more detailed discussion. This author has been involved as an expert witness in multiple trade secrets misappropriation cases. One of the defenses that is used against allegations of trade secret misappropriation is that the trade secret was not identified. At a minimum, you should mark documents confidential; you should preferably mark trade secrets as such. It is possible a court will still uphold that something without such markings is a trade secret, particularly if the information is something a reasonable person should know is a trade secret. Appropriately marking information, however, removes any ambiguity.
The second defense against allegations of trade secret misappropriation is often that the data was not secured properly. Essentially, the concept is that if one truly views something as a trade secret, then it will be guarded more closely than other data.
The journal CSO recommended several possible choices for protecting trade secrets:14
Once data has been classified and labelled, there are a wide range of possible protection choices, depending on your use cases. These could include ERMS (Enterprise Rights Management System) persistent encryption, file encryption, document passwords, etc.
Document passwords are one of the options that CSO lists for protecting trade secrets. It should also be noted that CSO does not suggest an organization must implement all of the choices but rather select from the choices those that are a good fit for the organization. Document passwords are well suited for protecting confidential data in a document.
The U.S. Small Business Administration recommends even less substantial security measures, such as simply locking trade secrets in a cabinet (if it is a paper copy) or limiting access to files on a computer:15
2. Keep Trade Secrets Confidential
Identification is only step one; reasonable efforts for protection are step two. You don’t have to keep your secrets in Fort Knox to protect them; marking them “confidential” and keeping them out of the public eye is sufficient because it is reasonable under the circumstances. But merely stamping “confidential” on a piece of paper won’t protect a trade secret if you don’t treat the paper like a secret worth keeping.
For trade secrets on paper: keep them stored in a locked file cabinet
For trade secrets on computer: limit access to the electronic files
Limiting access to files on a computer is accomplished via passwords for the computer. It is further enhanced if one also has the document password protected. It can be further enhanced with file or drive encryption, but this is not required.
A symposium by attorneys on protecting trade secrets made the following comments on security of trade secrets:16
Reasonable Efforts to Protect Trade Secrets
To be protectable as a trade secret, a plaintiff must prove that the trade secret is information that derives economic value (actual or potential) because it is not generally known and that such information is the subject of reasonable efforts to maintain its secrecy. Often the toughest aspect of a plaintiff’s trade secret action is proving that the trade secret was the subject of “reasonable efforts” to maintain its secrecy. The secrecy requirement has been shown or fulfilled in many ways, including by:
Restricting access to the information (e.g., locking it away in a secure place such as a vault or via computer or network security);
Limiting the number of people who know the information;
Having the people who know, or who come into contact with the trade secret, directly or indirectly, agree in writing not to disclose the information (e.g., sign non-disclosure agreements (in the case of third parties) or confidentiality or employment agreements (in the case of employees and consultants/contractors)); and/or
Marking any written material pertaining to the trade secret as confidential and proprietary and following up (as practical) in writing if verbal disclosure.
The Contracting Excellence Journal has the following to say about protecting trade secrets:17
1. Identity and access management
Courts so far have looked at some very basic forms of identity and access protection in trade secrets cases including password protection, “need to know” access and secure server storage.
2. Data security measures
Particular cybersecurity protections that deal with how confidential data may or may not be stored or transferred have been cited in a few cases as important “reasonable efforts” in protecting trade secrets, for example, USB use restrictions and electronic and physical distribution controls.
3. Perimeter and network defenses
Attempts to access a company’s trade secrets by competitors, “hacktivists,” malicious ex-employees, and even nation-states, can take the form of hacking of the company’s external networks or internal equipment. Evidence of “reasonable steps” taken to prevent this kind of trade-secret theft include firewalls, data encryption and online use restrictions.
4. Communication
Companies’ communications with training of their employees in cybersecurity and other aspects of trade-secret protection are vital best practices. A few courts have recognized certain types of electronic communications to employees as helpful “reasonable efforts,” for example, pop-up warning indicating potential risks.
5. Monitoring
Cybersecurity is obviously not just a one-time exercise in putting particular protections in place for all time, but an effort that needs to be monitored, measured and improved over time. Courts have started to recognize some elements of ongoing cybersecurity monitoring as relevant for protecting trade secrets, for example, email monitoring.
This article outlines cybersecurity measures that are reasonable for protecting trade secrets. Use of firewalls, some level of data encryption, some level of access control, and restricting access are the essentials of their recommendations.