Zimpapers Logo

Aleck Ncube, Intellectual Property
Just what is a trade secret? Put simply, a trade secret is information that you do not want the competition to know about. The law generally protects not just secret formulas and designs, but even simple facts, such as the features that might be introduced in the next iPhone, or which country a business intends to go into next. International cyber -attacks with the intent to steal intellectual property (IP) continue to dominate the news, leaving many firms scrambling to shore up their computer networks to thwart such hacks.

However, the greatest threat may be already within a company. In more than 85 percent of the trade secret lawsuits in Federal courts of the United States, the alleged miss-appropriator was either an employee or a business partner.

How do you secure company trade secrets from both external threats and potential thieves already inside the company?

Increasingly, the courts are saying that SMEs need to take “reasonable steps” to protect confidential corporate assets, and these efforts include not only securing computer networks but also embedding trade secret protection into business operations and processes. Determining the extent of “reasonable steps” can be challenging since governments have been vague about the term’s definition. Laws and legislation also continue to evolve. However, research into court cases reveals the eight key elements of an effective trade secret protection plan. The eight categories of a comprehensive trade secret protection plan include: creating agreements, policies, procedures and records to establish and document protection;

Confidentiality and non-disclosure agreements with employees and business partners constitute a great first line of defence and have won praise from the courts. In addition, the courts have said a company’s overall corporate policy is important for maintaining confidentiality as evidence that it protects trade secrets. SMEs should also develop procedures to make sure corporate policies are followed, and that protections and compliance are documented.

The implementation of specific procedures to support aspects of company confidentiality policies are often cited favourably in cases. Such procedures range from asking employees to return confidential information when leaving a company to marking documents as confidential, or not letting any single employee or third party have access to a full process, formula or other type of sensitive information. Policies, procedures and records also need to be followed consistently to qualify as “reasonable steps”.

-Establishing physical and electronic security and confidentiality measures;
Most companies know that physical and electronic security is very important for protecting intellectual property, and courts are increasingly requiring it.

For example, Japanese courts have found that a company must “implement physical and electronic access restrictions” in order for information to be deemed “kept secret” and thus protected by Japan’s unfair competition rules for trade secrets. SMEs should also incorporate confidential information protection into physical and information technology (IT) security system planning as well as restricting system access, and should regularly assess and improve their systems.

– Assessing risks to identify and prioritise trade secret vulnerabilities;
It is difficult to make a case supporting trade secret theft without first identifying the information deemed to be confidential. As a first step, trade secrets should be documented in an internal registry. Next, an assessment of the risks should be made in the event that they are stolen. Which areas are most at risk of breaches and leaks? Which departments are most vulnerable? Once identified, SMEs should take additional measures to secure those critical areas.

SMEs that have included particular material in a trade secret registry have been determined by courts as making “reasonable efforts” to maintain that confidentiality.

– Establishing due diligence and ongoing third-party management procedures;
Third parties, including those in joint ventures, suppliers, distributors and even customers, can have access to SMEs trade secrets for manufacturing, product development or other collaborations. As these partners are a potential source of misappropriation, it is vital to have processes in place to protect confidential assets. Third-party non-disclosure agreements can be considered a reasonable protection effort but agreements are not enough. SMEs should also include trade secret protection as part of their due diligence criteria, conduct ongoing reviews of processes in place for keeping information confidential and regularly communicate with third parties about expectations around trade secret protection.

– Instituting an information protection team;
Training is essential for employees and third parties so that both groups know what is expected of them when handling such information. Failure to take these simple steps — which can fall outside basic corporate training — has resulted in some SMEs not gaining the protection of the law.

– Training and capacity building with employees and third parties;
Problems arise when no one within a company has overall responsibility for protecting trade secrets and other confidential information. Courts do not look favourably at companies that have not put a person or group in charge of trade secret protection. Best practices also point to establishing a cross-functional team with representation from those who can ensure that trade secret protection policies are being followed.

– Monitoring and measuring corporate efforts;
Unfortunately, trade secret protection might only be addressed at key milestones such as a new joint venture. In reality, such protections should be ongoing. Efforts to protect trade secrets should be monitored annually and procedures updated often to maintain consistency and ensure compliance.As an SME grows, procedures and policies change. Trade secret protection plans should also evolve. In trade secret breach cases, the courts have examined corrective actions as criteria to determine whether the company has taken “reasonable steps” to protect its trade secrets.

– Taking corrective actions and continually improving policies and procedures.
Today, cyber threats, the digitisation of information, complex supply chains and movement of employees between companies and continents put a company’s valuable trade secrets at increased risk.To protect critical business information, companies need to boost security and, importantly, put systems in place to ensure trade secret protection. This approach helps SMEs both mitigate risks and also meet the “reasonable steps” requirement in the event that trade secrets are compromised. Not doing so can risk an SMEs’s revenues, reputation and competitive edge.

Aleck Ncube is an Intellectual Property scholar based in Bulawayo. He can be contacted on +63712374408 Skype: Matintas1 Twitter: @aleckncube Alternative E-mail: [email protected]