Blog
Crafting a Comprehensive Trade Secret Strategy
Authors
-
- Name
- Person title
- Principal
Despite the value trade secrets create for companies that hold them, they are often-overlooked intellectual property assets. But, unlike patents, trade secrets require their owners to take affirmative steps to maintain the intellectual property protection they provide. Without a comprehensive trade secret strategy, trade secret owners risk the loss of their intellectual property assets and expose themselves to the risk of trade secret misappropriation litigation.
What Are Trade Secrets?
Generally, trade secrets refer to confidential information that confers a competitive advantage on its holder by virtue of being unknown by others. The Defend Trade Secrets Act (18 U.S.C. § 1839) outlines three key qualities that differentiate trade secrets from other information:
- Secret: The information is not generally known or readily ascertainable
- Reasonable measures to preserve secrecy: The owner of the information has taken reasonable steps to ensure that the information remains secret
- Value: The information has actual or potential value arising from the fact that it is not generally known
The scope of trade secret protection is broad, encompassing virtually any type of proprietary information, including financial, business, scientific, technical, economic, or engineering information; patterns; plants; compilations; program devices; formulas; designs; and prototypes, among many others. DTSA § 1839.
Trade Secret Risks
The consequences of trade secret theft, misuse, and misappropriation can be severe; once a trade secret is disclosed to a third party or the public, its value is significantly diminished. This can occur in several common scenarios, such as where a departing employee takes their former employer's trade secrets to a new employer or where a partner in a joint venture continues to use another partner's contributions after leaving the venture. Employees often consider trade secrets as their own; in many cases, well-meaning employees unwittingly expose their employers to trade secret misappropriation litigation by using their former employers' trade secrets in the course of their current duties. There is also evidence that executive-level trade secret theft is common. According to one poll, over 70% of CEOs admit to having taken intellectual property from one employer to another. Such unauthorized use of another company's intellectual property assets can expose a company to trade secret misappropriation litigation.
Strategies for Minimizing Trade Secret Risks
The ideal strategy for protecting trade secrets is to implement reasonable measures aimed at maintaining their secrecy. However, there is no bright-line rule for determining the reasonableness of the measures used. Reasonableness depends upon the context — i.e., the nature and value of the trade secret, the nature of the industry, and the environment in which the trade secret exists. Generally, reasonable measures should be "adequate under the circumstances," but go further than those used for ordinary confidential information. Bay Fasteners & Components, Inc. v. Factory Direct Logistics, Ltd. Liab. Co., No. 17-CV-03995, 2018 US Dist LEXIS 46155, at *10 (ND Ill Mar. 20, 2018). The most commonly used trade secret protection strategies include non-disclosure agreements (NDAs), physical security measures, and technical security measures.
Onboarding Employees
Employee transitions are one of the primary sources of trade secret disputes. When hiring and onboarding employees, companies must simultaneously avoid contamination from any trade secrets the new employee brings with them while protecting their own trade secrets from theft by the new employee.
Avoiding contamination begins at the interview stage; revealing confidential information about former employers or clients during an interview is a red flag that a candidate is careless with trade secrets. If the new hire is bound by a non-compete agreement (and the relevant state enforces such agreements), ensure that you understand its scope and that the new hire complies with its restrictions. To prevent trade secret contamination, educate new hires on (1) the importance of keeping former employers' trade secrets secret, and (2) how to separate those trade secrets from know-how. Also, require new hires to certify that (1) they will not disclose a former employer's confidential information, (2) they are not in possession of any non-public information from a former employer, and (3) they will not share ideas derived from former employers.
To protect your trade secrets from misappropriation by a new hire, contractual measures are the most straightforward strategy. Confidentiality agreements, non-solicitation clauses, and non-competition clauses can all establish evidence of reasonable measures to preserve secrecy and create breach of contract claims for future trade secret misappropriation. Instituting a company-wide trade secret protection policy is also helpful. The policy alone, however, is not enough. Employees must know about it and implement it. Tell new employees what trade secrets are, educate them about their importance, and train them to carry out trade secret protection strategies through practical guidance. For example, explain to sales representatives that CRM data is confidential trade secret information. Additionally, IT departments should appropriately restrict information access rights.
Specific trade secret protection efforts like those for onboarding employees should be part of a larger culture of trade secret respect that is baked into a company's culture. For example, continually emphasize that information should be shared sparingly and only on a need-to-know basis, and keep trade secret protection top-of-mind by providing ongoing education, training, and reminders. As technology changes and the company grows, your trade secret protection strategy will need to evolve with it.
Employee Departure
The major trade secret risk during employee onboarding is contamination; the flip side of that coin is employee departures, which tend to increase the risk of trade secret theft.
Exit interviews can be an effective tool for preventing departing employees from disclosing your company's trade secrets to their future employers. During the exit interview, provide the employee with a copy of the agreements they signed during the onboarding process and seek their reaffirmation. Give the employee specific examples of the trade secrets they had access to, and have them sign a document acknowledging (1) they have been told what the trade secrets are, and (2) what their obligations are with respect to them. Memorialize the interview by creating an internal memo documenting what was discussed. Finally, if you find out where the employee is going, consider sending a friendly but cautionary letter to their new employer stating that all businesses have mutual benefit from everyone respecting each other's trade secret rights.
When you learn of an employee's intended departure, direct your IT department to conduct an investigation into their recent access and download activity. Suspicious activities that can indicate possible trade secret theft include:
- A spike in the number of files being accessed
- A shift in the time of day files are being accessed
- Access from a different IP address than usual
- Connection of external devices
- Unusual deletion patterns
Even if no suspicious activity is detected, consider creating a forensic backup of the employee's devices and accounts so that evidence is not lost. Obtain all company-issued equipment that the employee might have in their position and ask them to certify that they are not in possession of any other company property or information (including on personal devices and email accounts, in cloud storage accounts, at home offices, etc.). Upon the employee's departure, direct your IT department to deactivate their access to company information as quickly as possible.
Corporate Collaborations
Personnel-related issues are far from the only source of trade secret risk. Most companies share and receive information with other companies (e.g., suppliers, customers, service providers, etc.), raising the prospect of both contamination and trade secret theft. Before sharing any sensitive information with another company, make sure appropriate NDAs are in place. When collaborating with another company, develop clear boundaries; these benefit both the trade secret holder and the collaborator. Information disseminated in corporate collaborations should be tightly controlled and given only on a need-to-know basis.
Reverse Engineering
Reverse engineering is the process of working backward from an available product to understand what its parts are, how it functions, and how it was made. These activities are generally legal. However, their legality comes with caveats, depending upon how the product was obtained and applicable contractual restrictions. Reverse engineering of products obtained on the open market via direct or secondhand purchases generally poses few trade secret risks. But reverse engineering of any product obtained subject to a negotiated NDA or a mass market license (e.g., EULA, Terms of Use, etc.), may pose the risk of a breach of contract claim. To minimize the trade secret risks associated with reverse engineering, keep the following in mind:
- DO acquire the product legally and honestly
- DO check any contracts and licenses for relevant provisions
- DO document your reverse engineering activities
- DO be aware that patents create strict liability, regardless of your independent reverse engineering efforts
- DON'T allow a target company's ex-employees to be involved
- DON'T reverse engineer in violation of a contract or ask someone else to reverse engineer in violation of their contract
For even more information about creating and implementing trade secret protection strategies, please see our webinar "Crafting a Comprehensive Trade Secret Strategy."
Co-Authored by: Esha Bandyopadhyay
The opinions expressed are those of the authors on the date noted above and do not necessarily reflect the views of Fish & Richardson P.C., any other of its lawyers, its clients, or any of its or their respective affiliates. This post is for general information purposes only and is not intended to be and should not be taken as legal advice. No attorney-client relationship is formed.