Trade secrets are an important area of intellectual property protection that should not be overlooked. Trade secret protection applies more broadly than you might think, provided you take reasonable steps to safeguard your secrets.
Information that can constitute a trade secret is surprisingly broad. Generally, any information that derives actual or potential economic value from not being generally known by others can be a trade secret. In other words, a trade secret is proprietary information that gives a company a competitive edge. Given this broad definition, trade secrets can cover much more than just a secret formula for a well-known fizzy beverage. Types of information that may be accorded trade secret protection include customer lists, supplier lists, business plans, financial data, advertising strategies, programs, processes, methods and formulas.
Although whether any given piece of information is eligible for trade secret protection is a fact-intensive analysis, one critical factor in ensuring you take reasonable measures to protect your trade secrets. Here are eight initial steps a business should consider in protecting its trade secrets:
The first step in protecting your trade secrets is to identify what they are. Make efforts to identify your most important trade secrets proactively, because without doing so, it is very difficult to ensure that measures are in place to protect them. Even simple steps, such as labeling information as “Confidential” or “Trade Secret” goes a long way toward protecting your trade secrets and other sensitive information.
Indiscriminate access to trade secret information—even if limited to employees—can lead to the loss of trade secret status. Accordingly, consider distributing trade secret information only to a limited number of employees within your company on a need-to-know basis. For example, if the trade secret information consists of customer lists, in addition to limiting access to employees who need to use those lists (such as sales personnel), consider further limiting each sales person’s access to include, for example, only those customers within that individual’s sales territory.
For trade secrets of particular significance, work to minimize the extent to which the entirety of the trade secret information is shared with a given employee or groups of employees. Instead, where practicable, share different parts of the trade secret information with different employees, so that few (if any) employees have access to the entire trade secret. For example, if the trade secret is a process, consider disclosing only portions of the process to individual employees, so as to minimize disclosure of the entire process to any one individual. For example, if a financial institution does statistical modeling of the risks and profitability of its customers, it could have different groups of statisticians model those separately and avoid concentrating all of that knowledge in the same group of employees. One well-known example of compartmentalization has been implemented by Kentucky Fried Chicken, which reportedly has employed two different companies to make, each half of its secret spice mixture, thus ensuring that no one company has the formula for the entire spice mixture.
Given that the majority of trade secret disputes involve either a current or former employee, requiring employees to execute confidentiality agreements prohibiting disclosure of confidential information should be considered. Policies concerning the handling of confidential information can also be included in employee manuals. In addition, once any employment or business relationship terminates, consider requiring that all confidential information be either returned or destroyed.
When entering into a relationship with a third party—whether it be a proposed M&A agreement, a due diligence, a joint venture or an agreement with an independent contractor—consider using a non-disclosure agreement. These agreements often address a variety of issues concerning confidential information, including identifying the information being protected, who owns the confidential information, who has access to the information and terms governing the parties’ relationship in the event of a dispute or breach. Non-disclosure agreements should be carefully tailored to the specific contours of the business relationship between the parties.
In view of data breaches that have received widespread public attention, data security is already a top priority for most Chief Technology Officers and other IT professionals. Dedicated data security measures should be considered with respect to trade secret information, which would likely start with limiting access to trade secret information to particular users—a simple precaution that many companies fail to implement. Encrypted, password protected laptops can guard against the unauthorized use of data from stolen laptops. Measures to guard against the wholesale copying of a company’s proprietary source code are also important. In addition, special measures to track and log each time a user access particularly sensitive information can allow for additional monitoring and control of the access and use of confidential information.
Don’t overlook physical security. Measures should be taken to ensure that hard copies of trade-secret information and actual access to hard drives and servers housing trade-secret information are kept secure. These measures should be reasonable in view of the operations of the business and the confidential information being protected. A fundamental way to protect information would be to keep materials such as customer lists, financial information and other valuable information in a locked cabinet or other secure location. Limiting access to sensitive areas to particular employees via key-cards or other security measures should also be considered.
The ultimate analysis that courts employ in determining whether confidential information has been adequately protected is whether reasonable measures have been taken to shield the information from public view. Thus, based on the facts surrounding the trade secret and your company’s business, additional measures should be considered with this general guideline in mind. Limiting access to visitors where trade-secret processes are being used is one example. Vetting speeches and articles written by employees who have access to trade-secret information may also be important, in order to avoid inappropriate disclosure. And finally, if your company wishes to take advantage of trade-secret protection for a given set of information, none of that information should be disclosed in any patent application that will be published, because doing so could result in the loss of secrecy of the trade secret.