Most people know something about its older, more established siblings: the patent and the trademark (and the less heralded stepbrother, the copyright), but what exactly is a trade secret and why does it matter?
I. WHAT IS A TRADE SECRET?
A trade secret is another form of intellectual property ("IP") (other key forms of IP being patents, trademarks, and copyrights). A trade secret can really be anything commercially valuable to the business if it gives the business a competitive advantage as long as it's treated and protected in the right way. A company's unique methodology or process, a formula, detailed customer lists, marketing plans, recipes, code, or designs are examples. Although one of the most famous examples is the formula to Coca-Cola, which has never been filed as a patent, but rather is kept under lock and key (and lasers and dogs, no doubt) somewhere in the Coke empire (i.e. is commercially valuable, gives them a competitive advantage, and is kept secret). While some of these can be patentable or copyrightable, a company may choose to protect them as trade secrets instead so that the information does not end up in the public record. II. HOW DO I PROTECT A TRADE SECRET? First and foremost, treat it like it's a valuable secret. How extensive the measures you take may depend on just how valuable the information is to the company that you're trying to protect, but here are some basic practices: A. Identify. Take time to identify what your trade secrets are, and with at least a degree of specificity. B. Mark. For any documents containing trade secrets, mark it "confidential," "proprietary," or the like. C. Secure. Encrypt, password-protect, and use other reasonable safeguards, including but not limited to the following: 1. Don't access through an unsecured network.
2. Don't print it out and leave it on your desk for anyone to see and take.
3. Shred when discarding paper copies.
4. When emailing, use encrypted email or document encryption or at least password protection.
5. Don't store on an unsecured or vulnerable drive.
6. Implement technical safeguards including multifactor authentication, anti-virus software, firewalls.
7. When discussing, avoid public places and avoid recordings.
8. When needing to disseminate documents that contain some trade secrets to those who are not privy to the trade secrets, redact the trade secret portion.
9. Keep your systems, applications, browsers up to date with the latest updates and vulnerability patches.
10. Make sure there's secure backup for disaster recovery.
11. Have a written information security policy, which include practices under these guidelines. D. Limit Access. This is critical because as soon as you give free access (or someone else does), the trade secret can be compromised. 1. Only allow those employees within the organization who have a reasonable need-to-know of the information to have access to it.
2. Keep the access controls to company shared drives up to date (update with changes in job duties, people leaving and starting).
3. Only share the extent of the information those given access actually need to know. Not much more. 4. When an employee leaves, make sure they do not take copies of company documents, nor continue access to networks or shared drives.
5. Do not delay between a termination (or receiving notice) and restricting an employee's access to sensitive information.
6. Don't allow employees to print out or make copies when not reasonably necessary.
7. Don't share with those outside your organization unless they have a need-to-know, only share to the extent they need to know, and are bound by contract to confidentiality provisions (see "Contract" section below).
8. For those outside your organization that you're sharing with, make sure you have a comfort level on their security safeguards that they have implemented and practice. E. Contract. Dealing with trade secrets in your contracts is critical. This is often the area where a company slips up. 1. Make sure all employee contracts have clauses protecting company confidential information (such as non-disclosure), including trade secrets, and make sure that obligation is written to survive termination of their employment.
2. When employees leave, remind them of their continued obligations under their employment agreement to protect company trade secrets (and other confidential information). Any termination letters provided to employees can reference those obligations.
3. Before sharing trade secrets with anyone outside your organization, including service providers and business partners, make sure they are bound either by professional duty (lawyers, accountants) or they are bound by written Confidentiality Agreement or NDA provisions in their contract with your company. Make sure those provisions sufficiently provide the level of protection you need, including a survival period that you're comfortable with from termination of their engagement. F. Communicate and Train. Like any important program, your people need to understand the policy and why it’s important. 1. Whoever you're sharing these trade secrets with, make sure you communicate that it's confidential, proprietary, or sensitive information.
2. Regularly train your staff (and train all new staff) on handling company trade secrets, and include what are the company trade secrets so they know what to protect. This can be a part of your information security program.
3. Document that you have trained your staff by having them each sign an acknowledgment that they have read and understood the relevant policies.
4. Implement a process for your employees to know who to contact and what to do when they suspect a leak. III. WHAT TO DO WHEN I DISCOVER A LEAK? Take immediate action to contain the leak and contact your lawyer without delay. Delaying will hurt your ability to defend your trade secret protection. Work with your lawyer to send a cease and desist letter if you suspect any leak or misuse (misappropriation) of your trade secret. IV. OTHER HELPFUL TIPS. Provide your employees with the Whistleblower Immunity notice under the federal Defense of Trade Secrets Act(DTSA), which can be provided in their employment agreements. Without this, you will not be able to recover attorneys fees and exemplary damages when trying to assert a misappropriation of trade secret claim under the DTSA against that employee in the future.
V. DISCLAIMER AND CONSIDERATION.
The above are general guidelines only (not legal advice tailored for any particular business), based mostly on the federal DTSA law as of the date when this guidance was drafted. Each state also has its own trade secret laws, which although they are mostly similar to the DTSA, may have some differences as well. A claim may be brought under the applicable state law. A claim may be also brought under DTSA if there is a nexus between the trade secret and interstate commerce.These guidelines are of general nature and do not take into account the company's particular business to which this is disseminated. The above is not intended as legal advice.
Nicole Kim is a Partner who leads the Triumph Tech Transactions team. She frequently advises clients on intellectual property matters, including treatment of trade secrets in contracts and operations. For additional information, please contact Triumph Law.
Comments