Topics covered in this Part:
Protection against misappropriation and leakages of trade secrets
Protection against contamination with third parties’ trade secrets
Step-by-step trade secret protection plan and examples
Situations with high-risk of misappropriation or contamination, exiting employees and hiring new employees
Strategic exploitation and valuation of trade secrets
1. Overview
Companies typically focus their attention on traditional IP registered rights, such as patents or trademarks, or other forms of protection, such as copyright for protecting their creative and innovative output. However, trade secret protection can extend beyond all of those. It can protect virtually any valuable information at relatively little cost. Almost all businesses rely on some sort of trade secret information, but many of them are simply unaware of their assets. Manufacturing processes, chemical compounds, prototypes, source code for software, food recipes, the process of making a perfume, customer lists, information on clients and their preferences, business models and marketing strategies: potentially, they can all be trade secrets.
Trade secrets can provide important benefits to their holders, in many different ways. They can be used by the trade secret holders, providing them with an advantage over their competitors. They can also be licensed or assigned, lead to public and private funding, attract investors and be shared in a joint venture. They may also give access to tax relief in some countries.
Trade secrets are therefore important assets for most companies, regardless f their size or industry sector. However, to reach their full potential, trade secrets need to be identified and protected. In practice, this is where trade secret management comes into play.
The ultimate goal of trade secret management is the maximization of the benefits that trade secrets confer on their holders in order to gain and sustain a competitive advantage over other competitors.
To pursue this goal, companies should focus on four main areas:
Protection of trade secrets against misappropriation and leakages. To preserve secrecy and maintain the company’s competitive advantage, the trade secret holder should establish mechanisms for controlling access to confidential information.
Protection against contamination from third parties’ trade secrets. To prevent from being targeted by third parties’ trade secret misappropriation claims; information that comes into companies from outside should be treated cautiously.
Strategic exploitation of trade secrets. Companies should manage trade secrets in such a way that they increase enterprise value. This means understanding how trade secrets can be strategically used and exploited in the business.
Valuation of the trade secrets. Understanding the value of trade secrets that companies hold is important for taking informed decisions regarding both trade secret protection and exploitation.
Against this backdrop, Part IV proceeds as follows. Section 1 provides an overview of the above four main areas. Section 2 provides guidance for setting up a trade secret protection plan aimed at preventing misappropriation and leakages of trade secrets. Section 3 addresses how to approach specific critical situations where the risks of misappropriation and leakages (i.e., outbound risks) are particularly high. Section 4 addresses the issue of protecting the company from contamination with third parties’ trade secrets. Section 5 highlights certain scenarios where risks of contamination with others’ trade secrets (i.e., inbound risks) cannot be ignored. Section 6 discusses how trade secrets can be strategically exploited, and stresses the importance of continuously aligning strategic use of trade secrets with business needs. Finally, Section 7 provides basic principles on trade secret valuation.
1.1 The subject matter of trade secret management
It is important to begin by clarifying terminology. Although “trade secrets” and “confidential information” are often used interchangeably in business, strictly speaking the former is a subset of the latter. In general, “confidential information” refers to information that is not publicly known and is kept confidential by its holder. Thus, it extends to information that is personal to an individual. Confidential information will qualify as a trade secret only if it meets the requirements under the applicable national law of each country (many of which may be based on Article 39 of the TRIPS Agreement).
In general, a trade secret refers to any confidential information which provides an economic benefit to the trade secret holder because that information is generally unknown to competitors, and the holder made efforts to keep the information secret. Trade secrets can be found in the most unexpected of places in your business.
Company A produces substance X following a certain production process. Since it is an outdated process, many companies do not use it anymore. Company B, the major competitor of Company A, produces the same substance X, using a last-generation process. Company A does not want Company B and other competitors to know that it still uses the old process. Company A is sure that if Company B knew it, it would use this information to show how Company B is innovative compared to Company A. The old process itself does not qualify as a trade secret because it is widely known. But still, Company A has an interest in keeping secret the fact that it continues to use the old process. Therefore, Company A includes in its employee confidentiality contracts clauses that bind the employees to keep the information regarding specifically the production process of substance X confidential.
1.2 Protection of trade secrets against misappropriation and leakages
To protect trade secrets, the holder should set up a comprehensive protection plan that addresses at least two different questions:
How to protect the company’s trade secrets, to prevent trade secret leakages through employees and misappropriation by third parties.
How to avoid third-party liability arising from the mismanagement of other’s trade secret information that the company has legitimately acquired.
Company A creates a bestselling sparkling drink. Competitors would like to know the recipe so that they can produce a similar product. Company A should take care to protect its beverage recipe from accidental leakages and willful misappropriation.
Company A develops a new and effective process to manufacture a certain product. However, Company A is not a manufacturing company, and therefore licenses the secret process to Company B. Company B is authorized to use the trade secret within the limits of the license agreement. Company B has to manage properly Company A’s trade secret, in compliance with the license agreement and the law. For instance, if an employee of Company B disclosed the information to third parties (accidentally or willfully), Company B could be liable for the unauthorized disclosure of the trade secret.
For the information to be protected by trade secrets, in accordance with their applicable national laws, courts typically require, among other things, that the information has been subject to “reasonable steps” taken by the holder to keep it secret. Accordingly, using their own efforts and resources, trade secret holders should implement reasonable protection measures against trade secret misappropriation.
Reasonable protection measures
The reasonable protection measures are usually determined in relation to the value of the information, the level of misappropriation risk, and the cost of implementing various measures.
For example, theoretically and technically, intrusion to internal network systems can be prevented by cutting off any connection among computers or to external networks. But this sort of “extreme” protection is almost always impractical for modern businesses, which must communicate regularly with external actors, such as customers, vendors and joint venture partners. Indeed, it is widely believed that it is nearly impossible – from a practical and economic point of view – to protect each piece of information indefinitely, with the highest level of protection possible and under all the circumstances.
Therefore, reasonable protection measures do not always (and almost never) mean the strictest protection in the absolute, but instead the most effective protection according to the company’s own risk environment and the specific circumstances of a given transaction. The level of protection can be set by identifying the trade secrets, understanding their value, weighing the risks inherent in the business, and prioritizing protection of the most important secrets, reaching a level of protection for each trade secret that is effective, proportionate and appropriate, according to the relevant circumstances.
Following this approach, the trade secret holder could decide not to protect certain information at all, or to protect it with less robust measures because the high cost (in terms of money or inconvenience) makes it impractical. For example, a company may decide that it is important to allow broad and comprehensive access to an engineering database for all its engineers, to gain the benefit of collaboration among them, rather than to maximize security by limiting each engineer’s access to the specific database that relates to their current work.
In this Guide, Sections 2 and 3 of this Part will focus on the protection of trade secrets from a management perspective, while protection of trade secrets in view of filing an action in court against trade secret misappropriation will be addressed in Part V: Trade secrets in litigation.
1.3 Protection against contamination with third parties’ trade secrets
The second area of responsibility for trade secret management concerns the issue of how to avoid being contaminated by third parties’ trade secrets. In other words, trade secret management addresses not only the “outbound” risk of leakage and misappropriation of the company’s own trade secrets, but also the “inbound” risk of third parties’ trade secrets entering the company unnoticed and being mixed up with the company’s own information assets.
Contamination consists in the unwanted acquisition of trade secrets of third parties. It occurs, for example, when new employees bring with them information and documents of the former employer, and use them in the new employment, without knowledge of the new employer. Thus, the company has been “contaminated” with the other company’s information.
Avoiding contamination with others’ trade secrets is a distinctive area of trade secret management, representing potential harm to the integrity of a company’s information assets, rather than possible loss of control. The company should design its trade secret management program such that it also protects against such risks of contamination.
Company A hires a product designer formerly employed at Company B. The product designer brings with him or her documents belonging to Company B and, once in the new role at Company A, he or she uploads the documents of the former employer in the data management system of the new employer. Also, eager to impress the new employer, the new employee uses them to inform the development of a new product for Company B. In such scenario, Company A runs a serious risk of being sued by Company B for trade secret misappropriation, together with the product designer.
Another example of potential contamination frequently arises when one company engages with another to explore a possible business transaction, such as a merger or a license and in the course of which discloses trade secrets. Here, the exposure to the other’s sensitive information is voluntary and typically falls under the provisions of a confidentiality, or non-disclosure agreement. Unfortunately, the managers involved in such transactions may not be sufficiently aware of the risks involved in negotiating the terms of such agreements, or in complying with their terms. A great deal of preventable trade secret litigation arises due to insufficient management attention to these transactions.
Sections 4 and 5 will discuss the inbound risks of contamination and mitigation measures that may be taken, with more examples and practical tips.
1.4 Strategic exploitation of trade secrets
Once trade secrets are adequately protected against loss or contamination, they should be actively managed to support and increase the value of the enterprise. This is a crucial step toward commercialization that realizes the potential for competitive advantage represented by the information.
Like other IP, the trade secret holder should choose the best way of exploitation suitable for its business. For example, trade secrets can be used exclusively by the trade secret holder, allowing the holder to offer a superior product or service or improve profit margins relative to its competitors. They can also be licensed, assigned, lead to public and private funding, attract investors, be shared in a joint venture or other form of collaborations.
Since trade secrets are an integral part of IP assets, their strategic exploitation should be considered in conjunction with other IP rights, such as patents. The value of trade secrets and risk of losing control over them constantly change together with the business activities and needs of the company and the evolution of external conditions, such as competition in the market, technological development and regulatory changes. Thus, the optimal exploitation of trade secrets is a dynamic concept that should be assessed, reviewed, and updated regularly so that it is constantly aligned with the changing business strategy of the trade secret holder.
In making an informed choice among different types of IP protection, both legal factors (for example, eligibility of protection, the scope of rights and their duration and geographical coverage), described in Part III: Basics of trade secret protection of this Guide, as well as business factors (such as costs, resources, market conditions and reputational effect) should be taken into account.
It is also possible that a rational business may decide to relax trade secret protection measures and also not to seek any alternative protection. Maintaining trade secrets is not an end in itself. They have value only to the extent that they provide a competitive advantage to the business, whether it is for technological competitiveness, monetary rewards or reputational advantage.
Section 6 will discuss in detail how trade secret holders may strategically approach exploitation of their trade secret assets by a third party.
1.5 Valuation of trade secrets
The exploitation of trade secrets is closely related to valuation of trade secrets, which can be very difficult for want of any meaningful market. But some form of valuation, either absolute or in relation to other assets, is often necessary, even if it is inherently inexact. For example, having some sense of the information’s value may help to: (i) understand if it is worth investing expensive technological protection measures in the secret information; (ii) sell or license them to a third party; or (iii) quantify the damages suffered because of an unauthorized disclosure or improper use of the trade secrets.
Section 7 will illustrate primary valuation methods for IP assets, with their different strengths and shortcomings.
2. How to protect trade secrets from misappropriation and leakages? Trade secret protection plan
A trade secret protection plan can be broken down into the following four steps:
Step 1: Identify and value your “potential” trade secrets
Step 2: Determine the risks for your trade secrets
Step 3: Identify and apply reasonable measures to protect trade secrets
Step 4: Monitor and react to misappropriation and leakages.
The following sections will explain these four steps in detail. The outline of the four steps is contained in Sample checklist A: Implementation of trade secret plan – what steps to take, below.
2.1 Step 1: Identify and value your “potential” trade secrets
The first step to set up a trade secret protection plan is identifying the company’s "potential" trade secrets.
Many organizations are unaware of the existence and the value of their information assets until they carry out a process to identify and catalog them. Companies may be surprised to discover extremely valuable assets that they didn’t know they had. Thus, an internal review to identify potential trade secrets should be performed regularly.
The sub-steps to identify potential trade secrets are the following:
Identify the company’s valuable information
Carefully review the company’s competitive position to identify the information that helps the business run successfully and gives it an advantage over competitors. Consider the following steps:
Interview senior managers and key employees working in various functional areas and business units of the company. Questions could include:
What makes your work different from those of competitors?
What is the key to the success of your office or your team?
What do you think competitors would like to know about your work?
What do customers appreciate the most about the company’s products or services?
What causes you to lose sleep at night for fear that the competition may learn your secrets?
Analyze data on production, sales, customer satisfaction. This may provide useful information on the positive impact of new product or service offerings, business plans or marketing strategies. Particular attention should be paid to research and development, sales and business development functions, where there is often a higher concentration of valuable information.
Analyze competitors’ products and customers’ preferences to better understand how your secrets provide differentiated value over the competition. The result of this inquiry should consist of a broad set of the company’s valuable information.
Select important trade secrets
Only a subset of the information collected under the first sub-step may justify implementing specific protective measures. In selecting information for particular focus, it is generally better to be over-inclusive, since both the risk and value factors can be dynamic, and you will want to preserve the option of caring for a larger set of assets. If the information is not known by the vast majority of your competitors, this should be sufficient to consider it a trade secret.
This “broad” approach could lead to over-classification, but some level of inconvenience is preferable to losing control of information that may later turn out to be critical.
Create a catalogue of the trade secrets
It is generally helpful to record trade secrets in some way so that decision-making can be easier and more predictable. However, trade secrets often consist of information which cannot be easily and quickly identified. Also, in large enterprises, information assets could be widespread among hundreds of employees, each developing, managing and using the know-how relevant for their respective functions, which can change over time. Therefore, for management purposes, it is generally sufficient to draft a broad catalogue of trade secrets identified by category, including a brief description of why they are valuable for the company. The goal of such a catalogue is not to explain in detail all the company’s information assets, but to raise awareness of these assets and improve decision-making about their protection.
The Super Tennis Racket Company is one of the biggest tennis racket producers worldwide. Its management, appropriately advised by the legal team, decides to monetize its information assets. To that end, the company appoints Louise to carry out a process to identify the company’s trade secrets. Louise is the head of legal of The Super Tennis Racket Company, who has worked in the field for many years and knows the industry very well. As the initial step of the company’s protection plan, Louise does the following:
Louise interviews the head of the manufacturing department who reports that since the company installed new machinery named “The Serve Machine 1100” to manufacture tennis rackets, product defects have reduced by more than 20% and the number of rackets produced per day has increased by 10%. Thereafter, Louise checks data from the customer care department: since “The Serve Machine 1100” has been installed, requests for replacements of rackets under warranty have reduced by 20%.
Louise asks Will, the head of the research and development team, about “The Serve Machine 1100”: it was developed internally by The Super Tennis Racket Company. Louise asks Will to check if anything similar is on the market. The answer is no: “The Serve Machine 1100” is different. No one else uses something similar.
Louise fills in the trade secret catalogue as follows:
Item: Tennis racket manufacturing machinery “The Serve Machine 1100.”
Details: Since its installation: (i) defective products have decreased by 20%; (ii) production has increased by 10%; (iii) requests for replacements of rackets under warranty has reduced by 20%. Developed internally. After preliminary search, nothing similar is on the market. Drawings and specifications remain secret. Valuable asset.
Louise hands over the catalogue to the management of The Super Tennis Racket Company, to discuss further steps. The management reviews the catalogue and realizes that “The Serve Machine 1100” is an important asset for the company.
Further steps are needed.
2.2 Step 2: Identify the risks for your trade secrets
After having assessed and catalogued the most important trade secrets, the holder should determine the risks that they face in the operation of the business. Understanding those risks is crucial to identifying the measures needed to mitigate them.
The major risks for trade secrets could be organized as follows:
Third parties’ acquisition or misuse of the trade secret. Businesses often attempt to gain access to information about their competitors. In general, lawful means of access may include reverse engineering and independent discovery.
(1)See Part III: Basics of trade secret protection of the Guide. In general, reverse engineering is a process of working backward from an available product, such as studying, analyzing or disassembling the product to understand its components, composition, design, functions or manufacturing process. Competitors might also employ improper means, such as espionage or corruption of employees. Reducing that sort of risk is a primary objective of any trade secret protection plan. See Part III: Basics of trade secret protection of the Guide. In general, reverse engineering is a process of working backward from an available product, such as studying, analyzing or disassembling the product to understand its components, composition, design, functions or manufacturing process.Leakages and accidental disclosures of the trade secret One of the major risks of trade secrets is simple accidental loss because of negligence or mismanagement by those who “know” the trade secrets, e.g., employees or third party collaboration partners. Leakages and accidental disclosures can result from the practical difficulties of protecting the trade secret. For example, if exploitation of the information requires many people to know it, leakages may be more likely to occur. Other risks could be related to the specific medium on which the trade secret is fixed. Studies have shown that the greatest risk of secrecy loss is through mishandling by employees, which reflects the importance of proper communication and training of the workforce.
Trade secret misappropriation claims by third parties. Given the high mobility of employees and of collaborations and other sharing arrangements in modern business, most companies face some risk of being accused of misappropriation. Such claims could arise either because the company is charged with directly misappropriating the trade secret, or because of unwanted contamination (see more extensively on contamination in Sections 4 and 5). Possible consequences of third-party claims include: (i) the need to defend against such claims, possibly in court; (ii) the need to stop, if the claims are grounded, the use of the trade secret (including the sale of the products and services using it); (iii) payment of compensation; or (iv) risk of criminal prosecution.
Potential risks, loopholes, and gaps in the protection of trade secrets can be identified through interviews with key managers and with those who deal with the trade secrets within the company on an everyday basis. External specialized consultants and security tests can help identify vulnerabilities.
For a thorough risk assessment, it is important to understand:
the likelihood that the potential risks materialize, and
their potential impact, i.e., the severity of their consequences.
(2)James Pooley, Trade Secrets § 9.03 [4], (Law Journal Press 1997-2023, updated).
Indeed, annulling all possible risks is often impossible. What can realistically be done is to mitigate those risks, in particular prioritizing those with the highest probability of occurrence and with the most negative consequences. Managers, businesspeople, and representatives of those who will be impacted in their day-to-day work by the potential measures should be involved in the risk assessment and in the design of the protection program. Risk management measures are, in the end, the result of a balance of interests, where the need for security will be balanced with the need for efficiency and cost constraints.
The results of the risk assessment analysis should produce a risk assessment report that identifies the potential risks, the likelihood of their occurrence, their consequences and the priority level for intervention.
Louise provided the management of The Super Tennis Racket Company with the trade secret catalogue, and they realized the importance and the value of “The Serve Machine 1100” for the company. The company therefore asked Louise to assess security risks related to the “The Serve Machine 1100.” After some investigation, her findings are the following:
Risk 1 – Potential leakage
“The Serve Machine 1100” is very different from other tennis racket manufacturing equipment. However, the features that make their machinery so special can be easily identified and understood by a junior engineer or an experienced factory worker from an external analysis of the machinery. “The Serve Machine 1100” is located in an open area of the plant, where employees of all the departments have access. The Super Tennis Racket Company includes in all contracts of employment generic confidentiality clauses.
Risk assessment
A high number of people have access to “The Serve Machine 1100” and a good part of them have also the knowledge to understand its peculiarities, even though most of them have no “need to know” about it to do their job.
Many of the employees have been working with The Super Tennis Racket Company for many years, and likely they simply have forgotten that they signed a confidentiality clause many years ago.
The level of protection currently in place at The Super Tennis Racket Company to protect the secrecy of “The Serve Machine 1100” likely does not meet the “reasonable steps” standard required by law. Therefore, in case of misappropriation of the technical features of “The Serve Machine 1100,” it may not be possible to seek trade secret protection in court.
The potential consequences of leakages could be very severe: competitors could acquire the technical information necessary to replicate the “The Serve Machine 1100,” or such information could be publicly disclosed and destroy the secret entirely.
Risk 2 – Potential misappropriation
Roksana, a mid-level engineer on the research and development team who helped to develop “The Serve Machine 1100,” revealed that she was recently contacted by the competitor The Bad Player for a job interview. At the interview, an engineer of The Bad Player asked Roksana how The Super Tennis Racket Company was able to improve the quality of its rackets. Roksana understood that The Bad Player was trying to have her disclose confidential information on the production process. She refused to answer and left the meeting. However, Roksana had the impression that The Bad Player clearly understood that there is a specific reason why the tennis rackets of The Super Tennis Racket Company have so significantly improved their quality, even if, apparently, they are not yet aware that the reason is “The Serve Machine 1100.”
Risk assessment
The Bad Player tried to acquire information on The Super Tennis Racket Company by targeting its employee. The Bad Player will likely try again to secure access to the information.
The level of protection applied by The Super Tennis Racket Company is currently low, and therefore the chances that The Bad Player could reach its goal are high.
The consequences are similar to those of Risk 1.
The Bad Player has a bad reputation for its unfair business behavior. There is the risk that if The Bad Player succeeds in misappropriating the information, it could file a patent application in order to try to subsequently exercise exclusive rights conferred by a patent and prohibit The Super Tennis Racket Company from using “The Serve Machine 1100.”
Risk 3 – Potential contamination
Roksana also referred to Caspar, an ambitious young engineer at The Super Tennis Racket Company who had also been part of the team that developed the “The Serve Machine 1100.” Caspar arrived at the company directly from the research and development team of The Third Set, another important competitor. Roksana was impressed by how much Caspar contributed to the development of “The Serve Machine 1100,” despite his young age, and suspects that he had been working on something similar at his former employment.
Risk assessment
Currently, there is no reason to believe that Caspar did something unlawful. He could simply be very good at his job.
However, the circumstances related by Roksana suggest that Caspar may have misappropriated trade secrets belonging to The Third Set by using them to develop “The Serve Machine 1100.” Should this be the case, The Super Tennis Racket Company would have been contaminated with The Third Set’s trade secrets and risks facing claims of trade secret misappropriation.
The company is considering investing money: (i) to increase protection of “The Serve Machine 1100”; and (ii) to build two additional versions of “The Serve Machine 1100.”
Before making this investment, additional investigation concerning the potential contamination is recommended.
Louise collects the information above in a risk assessment report. She concludes that the risks for the “The Serve Machine 1100” are overall high and actions must be taken with high priority.
2.3 Step 3: Identify and apply reasonable protection measures
Criteria to identify what protection measures are reasonable
After having identified the company’s trade secrets, catalogued them, and analyzed their value and related risks, it is necessary to decide measures that are reasonable in relation to the value of information, the level of risk and the cost of implementing various measures – the most appropriate actions according to the specific circumstances of the case.
Broadly speaking, protection measures for a company’s own information are directed at preserving secrecy and maintaining control over who has access to the information and what they are permitted to do with it. Considering all circumstances of the case, trade secret holders may take into account the following aspects to determine the reasonable protection measures.
The value of the trade secret
The more relevant the information is to the company’s competitive success, the stricter the protection measures should be. The value of the trade secret is affected, inter alia, by the likelihood that the information remains secret and guarantees over time to its holder a competitive advantage over other competitors.
Characteristics of the organization
In general, the size of the organization affects the measures it can and should take, considering, for example, its resources and the level of complexity in managing secrecy within the organization.
The peculiarities of the business sector and the effectiveness of particular measures
The sector where the trade secret holder operates can also be relevant for the determination of reasonable protection measures. Some measures have general utility in all fields, while other measures are more effective in specific fields.
There are sectors such as personal insurance, where information on clients and their specific needs are key to the business, and therefore, contractual measures binding employees to confidentiality and practical measures related to education and training on trade secret management are of great importance. As a further example, employees in a sales or business development team selling customized industrial machinery components or supplying high quality fabrics according to the preferences of the clients, should be contractually bound to keep business information confidential. In highly technological sectors (such as the pharmaceutical industry, medical devices, automotive manufacturing and information and communication technology) or in sectors particularly exposed to cyber-attacks,
The costs of trade secret protection
the budget of the company is often a critical issue, because protecting trade secrets can require significant investments in security measures. Generally, protecting a trade secret is sensible only if the investments in protection are lower than the expected economic return from the exploitation of the information. In this assessment, the progress of the technology over time should be considered, given the need and the costs of constantly updating relevant security measures. On the other hand, once an investment in general protection measures, such as a video-surveillance system and information technology controls, is made, often it can cover the cost of protecting multiple trade secrets at once, and newly acquired trade secrets can be protected by measures already in place. The costs may differ depending on the measure and the trade secret to protect.
Document management measures (such as a document marking policy) are generally low cost.
Logistics and organizational measures (such as a concierge service or video surveillance) may require high expenses, but they simultaneously protect trade secrets, physical assets and people.
Providing the company with secrecy policies, codes of conduct, codes of ethics and specific procedures can be expensive, since external consultants and lawyers may need to be involved. Basic policies and codes, however, can be drafted by the company’s in-house legal team or otherwise prepared within a budget.
Training aimed at raising employee awareness regarding the importance of information security and their own responsibilities has variable costs according to the complexity, duration and recurrence. Basic training may be provided at low cost by the company’s internal resources. In general, good training on confidentiality may be the most cost-effective way to reduce risk of information loss.
Contractual measures have variable costs depending on their complexity and the need to involve external lawyers to draft them. However, after an initial investment to get a fair insight on a set of standard contracts and confidentiality clauses, companies may have sufficient internal resources to adapt them according to each specific case.
Information technology security measures entail costs that vary significantly, depending on the size and the needs of the company. Small businesses that conduct business on electronic devices can follow practical tips to keep IT systems safe and secure at low cost.
The need to maintain work efficiency
Some protection measures or their combination may affect the efficiency and fluidity of access to information within the company. A policy requiring multiple authorizations from multiple individuals every time the trade secret needs to be accessed may diminish the value of trade secret information by overly restricting its deployment in the business. Therefore, the need to protect trade secrets should be balanced with the need to exploit them efficiently through internal information flows. In this regard, it can be useful to interview the people involved in the workflows to assess possible alternatives and what measures can be realistically implemented without losing work efficiency.
Company A has collected through the years a great deal of information on clients and preferences regarding customized industrial components that the company manufactures. Company A used this information to set up a very valuable database. The idea is that the business development and marketing teams can access the database to study the sales history of each specific client to make targeted offers to acquire new clients and improve customer service. However, for any access to the database, users have to: (i) ask for authorization from their supervisor, which is granted on average after two days; and (ii) explain the reasons for the requested access. To avoid cyber-intrusions, the database is saved only locally on a computer located in a dedicated room at the fifth floor of the headquarters of the company. The room is locked, and the key must be requested from the head of IT security, who requires signing a written confidentiality undertaking.
What are the results of this super-safe protection program? The business development and the marketing team, rather than having to comply with all these rules and procedures, simply performs their tasks without using the database, or creates a work-around that gives them access to some of the information, but without any ability of management to track that access. An important resource that could have provided a competitive advantage to the company remains unused, while sensitive data is used in insecure ways.
Balancing all the criteria above should suggest whether it is appropriate to protect any given trade secret and where to set the proper level of protection. Deciding that less valuable information should not be protected can be perfectly coherent with efficient management. Indeed, from a practical and economic perspective, it is generally not possible to protect all information with the same efforts, and it is therefore reasonable for the company to select only a subset of the information to actively protect.
Implementing protection measures
Finally, once the holder has identified the reasonable protection measures for each category of trade secrets, the last step is to implement those measures. Because they were developed thoughtfully in relation to perceived value and risk, those measures will also meet the flexible “reasonable steps” standard of protection according to law.
Usually, a trade secret protection plan consists of the implementation of a combination of operational and contractual measures. The following typical protection measures will be addressed in this section.
Operational measures
Setting up clear trade secret management roles and decision-making processes: define clear roles and responsibilities within the company with regard to trade secret management and decision-making processes.
Document management measures: handle information and documents properly inside the organization (e.g., policies regulating document classification and marking, a life cycle of documents and access authorization processes).
Logistics and organizational measures: control and monitor access to the places where trade secrets are stored and used.
Education and training of employees: provide education and training for employees, based on internal policies and a code of conduct or ethics, to raise awareness of their responsibilities in protecting trade secret assets.
Information technology measures: use information technology security measures to secure trade secrets in transit and in storage.
Contractual measures
Internal with employees: conclude contracts between the trade secret holder and the people internal to the organization, to bind them to confidentiality and other contractual obligations to preserve secrecy.
External with suppliers, clients and partners: conclude contracts with external parties, such as consultants, contractors, vendors, customers, distributors, sales agents, actual or potential business partners, to bind them to confidentiality and other contractual obligations directed at limiting access to, or use of, the trade secrets.
Setting up clear trade secret management roles and decision-making processes
Trade secret management involves many critical management decisions, which might have to be taken quickly in some cases (e.g., reacting to trade secret misappropriation to prevent further dissemination or disclosure of the trade secret).
Therefore, roles and responsibilities of managers in the organization should be clearly allocated and the decision-making processes must be clearly set. For example, the following steps can be taken.
Establish clear roles and responsibilities
Make clear who has the responsibility for taking trade secret management decisions. Responsibility can be split according to the importance of the trade secret and the decision to make. High-level management might be involved in the most relevant decisions only. For example, whether to mark a specific document as confidential or not is something that can be handled internally within the business unit. Instead, whether to license the trade secret to a third party should require authorization from high-level management.
Clarify and streamline the trade secret management decision-making process
Specify when authorization for taking a trade secret management decision is necessary and how such authorization can be obtained. Consider setting up an ordinary procedure and an accelerated procedure, the latter to be used only when authorization is needed on an urgent basis.
Appoint a “Trade Secret Officer”
Identify and train a person(s) to be available to employees when they need clarification, guidance or supervision in uncertain situations (“Trade Secret Officer”).
Have an emergency plan in place
Set up an emergency plan, listing people to be contacted inside the company (executives and the Trade Secret Officer) and outside the company (legal and IT resources). Define the steps to be immediately taken or avoided in case of an incident. This plan can cover situations where the company finds misappropriation of its trade secret and where contamination with a third party’s trade secrets is suspected.
Document management measures
Trade secrets often consist of information included in various kinds of records, for example, emails, memorandums, reports, business plans, contracts, client lists, technical documents, minutes of meetings, etc. They should be handled properly to avoid both accidental disclosure and unlawful acquisition, use and/or dissemination.
The main goals of internal document management measures are: (i) to make trade secrets recognizable by labeling; (ii) to make trade secrets difficult to misappropriate or circulate; and (iii) to make documents containing trade secrets traceable to easily identify authors of misappropriation or leakage.
In general, a golden rule for document management measures is that they should be as simple as possible, because if measures are too complicated, the risk is that the employees will simply ignore them, or bureaucracy slows down the operations. Some examples of document management measures are the following.
Document marking
Document marking is not always necessary to claim trade secret protection. However, it is highly advisable to adopt a document marking policy. Statements such as “Confidential - Property of Company X,” “Access limited to …” or similar wording can be printed on documents.
Reference to the confidentiality level of the document (low, medium, high, etc.) and basic instructions on how to handle them (for example, not to be shared, not to be printed, not to be brought outside the company, not to be saved on certain media, to be encrypted) can also be included.
The task of marking documents with confidentiality labels should generally lie with the employee creating the document or circulating it within or outside the company. However, employees with specific training may be appointed to help others to classify the information. Certain documents, such as engineering drawings and customer lists, may have confidentiality marking applied as a matter of course. Employees should be invited to refer to a Trade Secret Officer or their supervisors in case of doubts.
Keep document marking rules simple
Keep simple the confidentiality classification and the instructions for use of documents falling within the different categories of confidentiality. This means that only a limited number of confidentiality classification levels should be envisaged, typically no more than two or three. For example: (1) non-confidential; (2) confidential; and (3) highly confidential. Too-complex rules might be simply ignored or wrongly classified.
Apply document marking rules consistently
Inconsistent marking is misleading and can increase the risk of accidental disclosure of trade secrets by employees.
Prefer over-designation to under-designation
Instruct employees to designate documents as confidential when in doubt. In general, over-classification of information as secret should be preferred over under-classification in trade secret management. Providing employees with standard instructions to mark by default as confidential certain categories of documents could be helpful. For example, employees could be required to designate all unpublished documents containing technical details of products under development or all unpublished patent applications.
Provide clear rules on how to handle documents according to their marking
These rules should be summarized in user-friendly guidelines, easily available and accessible to employees.
Anika, a salesperson of Company A, collected information on client preferences for customized products. This information might be useful for the company’s cross-selling activities. Company A has an interest in circulating the information internally. However, the information could be trade secret and therefore should be managed and shared carefully.
Correctly, Anika marks them as confidential. The internal “Company A’s document marking policy” provides a specific discipline for documents marked as “Confidential.” For example, they shall be stored separately on the data management system, in a dedicated folder that requires authorized access.
According to the policy, Anika sends an email to the Trade Secret Officer, notifying her actions, so that the Trade Secret Officer may consider whether additional actions are needed.
Regulating the creation, use and end life of documents
A significant risk to trade secret information is the accidental leakage of a document that contains it. Companies should set specific rules and adopt measures that regulate how documents (including electronic records) are handled, limiting the risks of accidental loss of control.
Ban or limit copies of confidential documents, in paper or digital format.
Track unique copies of the confidential documents so that individuals can be held accountable if documents are accidentally lost. For example, create a register of unique copies listing who has received a copy of the document marked progressively, or use a watermarking system.
Oblige to store paper, prototypes, samples, etc. in safe or locked locations.
Regulate what happens to confidential documents after they have served their purpose. For example, require the recipient to return or destroy the information and provide certification of the destruction.
Manage properly the disposal of confidential documents. Confidential documents should be collected separately and securely shredded.
Regulating access to documents and information
In general, the more employees that are aware of a trade secret, the higher the chances that the company loses control over it. To reduce the risk of accidental or voluntary disclosure of trade secrets, the simplest approach is to restrict access to the trade secret and related documents. In general, access should be granted on a need-to-know basis, limited to the specific information and documents that are necessary for the individuals to perform their respective tasks. This principle should be applied in a balanced way so as not to unnecessarily hamper efficient knowledge sharing within the company. In a factory line, for example, a sensitive solution could be dividing a series of operations between employees so that individual employees do not know or understand the information needed for the whole process.
The company might also need to provide access to confidential documents and information to third parties. This happens frequently, considering that more and more often companies need to outsource specific activities, or collaborate on the development of new products. When there is such a need, information should be shared only as necessary. Also, access should be granted only to people or entities subject to confidentiality agreements or clauses and after obtaining approval from a person responsible for trade secret management.
Company A is a business consulting firm with around 500 employees. Company A has many clients. Every project is typically followed by three to five people, led by a partner. Kenzo is a partner at Company A and won a pitch for Project X.
According to the firm’s policy, Kenzo opens a new folder in the data management system for Project X, the Project X Folder. At the opening of the Project X Folder, Kenzo selects the four employees of the firm who will work with him on Project X. They will be the only ones authorized to access the Project X Folder. Any subsequent request to access the Project X Folder shall be authorized by Kenzo.
All the documents and emails related to Project X shall be stored in the Project X Folder. Once Project X is completed, access to the Project X Folder is automatically disabled to Kenzo and his team.
If access to the Project X Folder is needed again, a specific and justified request must be addressed to a specific management team.
Logistics and organizational measures
The locations where companies store documents and protypes, perform research and development activities, keep servers, etc. should be supervised and access should be regulated and monitored. Logistic and organizational measures create physical barriers between a misappropriator and trade secrets.
These measures include:
Concierge service, entry–exit registration and video surveillance at the entrance of the company’s facilities.
A specific procedure applied to visitors, including escort to the appointment area, or providing them with a name tag. Employees should be instructed to report immediately if any unknown person is located at the company’s facilities.
Restriction on items that people can bring into the premises, such as cameras or smartphones. In very highly sensitive areas, visitors and employees may be required to wear work uniforms with no pockets and to carry items in transparent bags.
Badges or other automatic identification means to access the companies’ facilities for employees.
Restricted access by external visitors to the whole premises or to certain areas limited to employees only (e.g. production facilities and research and development laboratories). Access may be subject to confidentiality undertakings.
Logistics and organizational measures are usually the first point of contact with the company. Employees and visitors will recognize that the company is vigilant and ready to react if rules are broken. Therefore, it has a deterrent effect, dissuading any unlawful attempts and an educational effect on employees, encouraging the formation of a culture of confidentiality.
Education and awareness of employees
One of the most common reasons for trade secret loss is the simple accidental loss of information by those who are entrusted with trade secrets.
If employees are unaware of what a trade secret is, whether a certain piece of information is a trade secret or not, or why trade secrets are so important for the company, they could carelessly talk about them in a conversation with friends in a public place, or they could disclose information on posts and comments on social networks proudly promoting their company’s (or their personal) successes.
This sort of behavior can put trade secrets in danger. To reduce such risks, the primary focus of the company should be the education of employees, with the aim to raise their awareness of the importance of trade secrets in their day-by-day work. Employees should understand that the company operates in a competitive environment, and that trade secrets are a key asset, the loss of which could be extremely harmful. Employees at all levels should be encouraged to treat trade secrets with great care in a joint effort to protect the company’s competitive position.
Basic training and education of employees can generally be provided with limited costs, but with substantial effect on employees’ attention to the company’s trade secrets. With higher investments, it is possible to set up a more structured, continuous education program.
Implementation of internal policies, codes of conduct and codes of ethics
One way to educate employees is to provide them with a set of documents explaining how to behave, such as specific policies, codes of conduct and codes of ethics. They should serve as reminders and as a checklist for their responsibilities in the management of trade secrets, including in the remote working environment, if applicable. For example, such documents may include:
specific rules such as a clean desk policy, a duty to return materials and documents after meetings, a duty not to store company’s documents on personal devices, and a duty not to share information with third parties
reference to local laws concerning secrecy and employees’ related duties and liability.
Employees should have the opportunity to access these materials anytime (such as by posting them on the company intranet) and to ask clarifications. In addition, employees should be reminded periodically of their existence and content.
General training, tests and awards for employees
Various means exist to raise employees’ awareness of trade secret management. The common goal is to engage employees and provide them with instructions and key messages.
Education should be continuous and varied. It should start with on-boarding of the employee, through an initial basic confidentiality training, and should continue throughout the employment lifecycle.
Different forms of training can be envisaged: providing employees with notices, instructional posters or videos, checklists, a list of “dos and don’ts,” role play, a simulation of external threats to trade secrets such as automatically generated phishing emails, and best practice competitions with awards to individuals or teams of employees.
To create a corporate culture around trade secrets, the involvement of executives in these activities is recommended.
High-level executives and engineers should be provided with specific training that is relevant to their particular risk environment. Also, people without a direct employment relationship, such as consultants and contractors, should receive equivalent instructions.
Special training for high-risk business units
Certain functions within the company may tend to over-share sensitive information with outsiders. Usually this happens with good intentions, such as promoting the company or its products. However, this sort of behavior can be risky when trade secrets are at stake.
Here are some areas of activities that inherently have higher risks of trade secret loss, and thus special attention may be necessary:
Marketing activities: people in marketing naturally like to use information about new or future products, or new features in these products, to boost promotional events or capture the interest of potential customers.
Business development activities: business development activities imply similar but broader risks compared to marketing activities, since the employee is focused on new business relationships and the need to generate interest in prospective partners about the company’s prospects. Here, in addition to general education regarding confidentiality, there may be a need for imposing discipline around the negotiation of, and compliance with, non-disclosure agreements.
Scientific publications: in technical fields, scientists often have been trained to consider success as early publication of the results of their work in scientific journals. This inclination needs to be checked not only with basic training but with clear requirements for pre-publication submission of papers to ensure that valuable secrets are not compromised.
(5)See also Part VI: Trade secrets in collaborative innovation of this Guide for use of trade secrets in academic institutions for collaborative research.
Obviously, marketing, selling and publishing activities are all important for the business, and should be promoted and stimulated. However, proper precautions need to be taken to be sure that they are managed in a way that protects the company’s trade secrets. To such end, possible measures include:
Provide specific training: provide those who are involved in high-risk activities with specific training and rules to help them do their jobs with discipline and respect for the company’s trade secrets.
Set up an approval process for external disclosures: set up a special approval process to double-check that no sensitive information is disclosed in planned business, scientific or marketing presentations and related materials.
Information technology (IT) security measures and IT management tools
Most companies’ trade secrets are stored and transmitted in globally connected digital systems that are inherently insecure. Thus, most larger companies acquire and deploy adequate IT security protections. Also, because both protective technology and risks are evolving extremely rapidly, IT security measures should be periodically reassessed.
IT security measures may include:
Require authentication to access the company’s IT devices, tools and systems: this may include password policy (requiring strong passwords, periodically updated), multi-factor authentication and other methods of authentication.
Use up-to-date operating systems, anti-viruses, anti-spyware software, malware, firewalls.
Implement automatic encryption and daily back-up.
Keep access records for systems, folders and files, along with downloads and outgoing communications.
Provide specific folders (protected by password and/or encrypted and stored in the company’s system or in a secure cloud storage site) for storing confidential files.
Set strict rules for use and custody of electronic devices (phones, computers, tablets) provided by the company.
Prohibit, discourage or properly regulate the use of personal cloud services and removable devices, possibly prohibiting the use of personal devices (laptops, tablets, phones, thumb devices) for work-related purposes.
Regulate the use of the internet as well as of devices and services connected to the internet, e.g., if appropriate and feasible, disable external connections to folders/systems that include trade secrets, issue a social media policy and ban access to certain websites.
Have a cyber-attack response plan in place. The plan can include a wide range of measures, whose primary goals are stopping the attack and containing its consequences.
There are also IT tools that aim at assisting internal trade secret management. For example:
Software designed to manage trade secrets. These tools (often referred to as DLP or data loss prevention) can have different functions:
Help companies to collect, organize, study and report their trade secrets as well as trade secrets entrusted to them by third parties.
Track progress in the implementation of trade secret protection measures.
Provide good evidence, if needed, that trade secrets are properly managed and protected, which can be useful in court to meet the “reasonable step standard” that qualifies information as a trade secret.
IT audits to regularly monitor employees’ activities and detect unlawful behaviors of departing employees, in compliance with local labor laws.
IT tools able to provide evidence of the existence of the trade secret at specific point in time (time stamps).
(6)The Korean Intellectual Property Office (KIPO) launched its Trade Secret Certification Service in 2010, which received more than 188,509 cases by the end of 2022. This service takes the hash values of electronic documents and combines them with authorized time values, thereby creating time stamps. Time stamps are then registered with the Korea Institute of Patent Information (KIPI) to prove the existence of original copies of trade secrets, as well as their initial dates of possession (see https://www.kipo.go.kr/en/HtmlApp?c=91022&catmenu=ek02_06_01).
Part VII: Trade secrets and digital objects of this Guide contains more about security measures to protect trade secrets in digital formats as well as specific challenges and risks associated with protection of digital trade secrets.
Contractual measures
Trade secret holders should consider contractual measures for protection purposes. They can supplement the lack of other measures and are often crucial in litigation.
In drafting contracts, it is often better to refer to “confidential information” rather than to trade secrets, since the former term is more easily and broadly understood. A primary function of contracts is to define the relationship as one of confidence, and so using broader terminology reinforces that notion without predetermining what a court might find to constitute a legally protectable “trade secret.”
Types of contractual measures
Types of contractual measures include confidentiality clauses and non-disclosure agreements (NDAs).
Confidentiality clauses (typically included in contracts of employment or with third parties) point out that the recipient of the information in the course of the contractual relationship shall keep such information confidential, shall not disclose to third parties and shall use it for the agreed purposes only. Confidentiality clauses may appear in any type of commercial contract, including supply agreements, sales agreements and licenses.
NDAs (or confidentiality agreement) are legally binding contracts that establish a confidential relationship between the parties, who agree that confidential information they may obtain within the contractual relationship will not be made available to third parties or used for purposes other than those specified in the contract. These agreements by definition contain a confidentiality clause or clauses.
Obviously, NDAs and confidentiality clauses must be properly drafted. Assistance of lawyers is advisable. Some general key considerations when drafting an NDA include the following:
Clearly identify which information is subject to confidentiality. Confidentiality obligations are effective if it is clear what information is subject to confidentiality. Therefore, provide in the contract a definition of “Confidential Information,” including provisions for identifying as confidential information which is communicated verbally.
Define the scope of rights to access, use and disclose trade secrets, and impose strict control measures and penalties against breach of confidentiality by recipients.
Point out what is the authorized use of the information disclosed. Specify for which specific purposes the information disclosed can be used, such as for consideration of a potential merger or license.
Include exceptions to confidentiality. Clarify what is not considered confidential information, and exclude it from the scope of the confidentiality obligation. For example, information that is shown to be generally known or has entered the public domain through no fault of the recipient, or which the recipient can demonstrate was developed independently of the disclosed secrets should be excluded from the “Confidential Information” covered by the NDA.
A possible contractual definition of “Confidential Information” could be the following: “For the purpose of this Agreement, “Confidential Information” means trade practices, business plans, price lists, supplier lists, customer lists, marketing plans, financial information, software, designs, prototypes, formulas and all other information or compilations thereof which relate to [subject matter] that A will designate as confidential at the time of the disclosure to B.”
In addition to confidentiality clauses and NDAs, there are contractual measures that can be used, in some jurisdictions, for the purpose of indirectly protecting trade secrets. For example, Non-compete agreements or clauses (also non-competition agreements and clauses) and/or Non-solicitation agreements or clauses may be available in some jurisdictions.
Non-compete agreements or clauses are restrictive covenants where typically one party (for example, the employee) agrees not to enter competition with the other party (for example, the employer) when they leave the company. Usually, they are limited in type of activity, geographic coverage and duration.
Non-solicitation agreements or clauses are restrictive covenants where typically one party (for example, the employee) agrees to be prohibited from diverting the company's clients or recruiting its employees upon leaving the company. Their allowability varies from one jurisdiction to another. These agreements that are typically concluded between an employer and its employee will be addressed further in the next section.
Although acquiring information through reverse engineering is generally considered as not constituting misappropriation of trade secrets, many countries, such as most Member States of the European Union, do not prohibit trade secret holders to enter into a contractual agreement that prohibits reverse engineering. In general, the United States of America enforces anti-reverse engineering clauses in contracts between business entities. The extent to which contractual clauses can prevent reverse engineering also varies among national laws.
Contracts with employees
Depending on national approaches, the law or the contract may imply that the person receiving the trade secret cannot use it, except for the uses agreed between the parties, and must maintain confidentiality. This is true at least for employees, since an obligation not to disclose the employer’s trade secrets is generally implied in the duty of loyalty and fidelity of the employee.
Despite legal confidentiality obligations, providing (additional) contractual confidentiality obligationsis highly advisable, at least for the following reasons:
NDAs and confidentiality clauses provide more certainty, compared to implicit obligations stemming directly from the law, which vary among countries.
NDAs and confidentiality clauses have additional effects against trade secrets misappropriation from employees and third parties. Companies that ask their employees to sign NDAs send a clear message that the company cares about its trade secrets. Actively signing NDAs may create deterrent to breach of confidentiality obligations.
NDAs and confidentiality clauses generally make enforcement easier. The trade secret holder could often raise in court a contractual claim and a non-contractual claim based on the national/regional trade secret laws. The two claims will likely overlap to some extent, but depending on the national approaches, there could be differences in terms of burden of proof, remedies, and statutes of limitation. Having two shots raises the chances to hit the target. In addition, courts are more likely to find liability when confidentiality obligations are clearly set forth in a contract.
Including confidentiality clauses in employment agreements is recommended. To be on the safe side, it is highly advisable to always specify in the contract of employment that confidentiality obligations last beyond the termination of the contract of employment, and check if such clause is admissible under the applicable law.
Non-compete agreements restricting the possibility of the employee to compete with the employer contain a more pervasive contractual restriction than confidentiality clauses or NDAs.
There are generally no issues when the non-compete agreement refers to the period when the employment is in force. The enforceability of the non-compete agreement after the termination of the employment, however, requires attention due to its wide-ranging effects. A non-compete agreement may prevent employees from using not only trade secrets, but also their general knowledge, skills and experience, conflicting with the mobility of workers.
Accordingly, some countries prohibit non-compete agreements, save in exceptional circumstances. If not forbidden, non-compete agreements are nonetheless generally subject to certain limitations and boundaries. They typically must be “reasonable” in geographic coverage, duration and scope. A non-compete agreement lasting one or two years, covering the geographic area and the kind of work performed by the employee in his or her previous employment is generally acceptable in several countries.
Considering the many variations in national approaches
NDAs, non-compete agreements and/or confidentiality clause should be signed at the very beginning of the relationship between the parties before any exchange of confidential information. Remedying their absence at a later stage is possible, pointing out that the confidentiality obligations undertaken by the parties apply also to information exchanged previously. However, the risk of discussing confidentiality obligations ex post is that disagreements could emerge on the terms of the agreement, while confidential information has already been exchanged. In such a situation, the party who disclosed a trade secret or confidential information would not have much contractual power to impose its preferred conditions.
Contracts with third parties
(8)See Part VI: Trade Secrets in Collaborative Innovation) of the Guide, in particular, Section 2 on use of NDAs and confidentiality clauses in collaborative activities.
In the modern economy trade secret holders may need to share their trade secret information with third parties for, for instance, collaborative research, joint venture activities, manufacturing or distribution arrangements, franchising, fundraising etc. To achieve a specific business need, trade secret information may be shared with external consultants, contractors, vendors, distributors, sales agents, commercial and technical partners, and also potential business partners. These relationships are of temporary nature, and the third parties may have worked, be working, or work in the future, with competitors. Therefore, the need to protect confidentiality can be greater with third parties than employees. Trade secrets must be particularly protected toward third parties, with whom the trade secret holder cooperates.
It is recommended to include by default confidentiality clauses in all contracts entered into with third parties. Alternatively, signing a separate NDA focusing on confidentiality and exchange of confidential information is advisable when: (i) the exchange of confidential information is needed before the signing of the contract, for example, to draft it properly; (ii) the regulation of the exchange of confidential information is more complex and deserves to be addressed separately in more detail; (iii) the contractual relationship between the parties is already established in a contract that does not include a confidentiality clause, or (iv) the disclosing party needs to disclose a highly valuable trade secret that deserves additional commitments.
If a trade secret holder discloses their trade secret information to, for instance, a consultant who will use that information to deliver its service, the contract should specify that the consultant shall not use the disclosed trade secret information for any other purpose. In addition, the trade secret holder must make sure that the consultant will not use trade secret information of any other person for performing the contracted work (see Section 5.2).
The general advice regarding contractual measures (see Section 2.3 above) also applies to confidentiality clauses and NDAs with third parties. For example, NDAs should be signed, and contractual clauses should be introduced, in the beginning of the working relationship, and if applicable, non-compete agreements may be set-up. In particular, they should point out:
what kinds of information are protected
how they are protected
what are the restrictions on their access and use
if applicable, how and to what extent the recipient is authorized to share them with other third parties
what is the duration of the confidentiality obligation, and any obligation after the termination of the contract, and
what happens to the confidential documents when the collaboration terminates.
The Super Tennis Racket Company analyzes the risk assessment report concerning “The Serve Machine 1100” and decides to take the following measures.
Measures against risk 1 – potential leakage
Specific employees will be assigned to “The Serve Machine 1100,” and these employees only will be authorized to access the dedicated area.
Access to the dedicated area will be possible only through automatic doors that can be opened by swiping the authorized employees’ personnel badges.
The entrance to the dedicated area will be controlled by a video-surveillance system.
Measures against risk 2 – potential misappropriation (measures applicable also to mitigaterisk 1)
The legal department will send a communication to all employees reminding them of their confidentiality obligations included in their contracts of employment.
The legal department will provide basic training to all employees on the importance of the company’s information assets, as well as the need for preserving them and for all employees to play their part.
All employees assigned to “The Serve Machine 1100” will receive specific training on the importance of the secrecy of “The Serve Machine 1100” and will be required to sign specific NDAs.
The team that developed the “The Serve Machine 1100” will receive specific training on the importance of maintaining the secrecy of their work at the R&D department. Also, they will be trained on the risks of being targeted by competitors to access the company’s trade secrets, and will be required to sign specific NDAs on their activities.
Measures against risk 3 – potential contamination
Louise carried out further investigations. While the IT team checked Caspar’s activities on his computer, nothing suspicious emerged. Caspar has never uploaded external documents of dubious origins on The Super Tennis Racket Company’s data management system.
Louise talks with Caspar to better understand the situation. Caspar assures her that he had not misappropriated any trade secrets or confidential documents from his previous employers. He also assures her that, while employed at The Third Set, he had never worked on anything similar to “The Serve Machine 1100.”
The research and development team that worked on the development of “The Serve Machine 1100” will collect all the documents that can be used to show the independent development of the machinery, to be ready to react to any misappropriation claim from The Third Set or other competitors.
2.4 Step 4: Monitor and react to misappropriation and leakages
General principles for an efficient reaction
Even with a strong and efficient trade secret protection plan and a careful trade secret management policy in place, misappropriation of trade secrets can occur. In general , trade secret misappropriation means acquisition, use or disclosure of trade secrets through unlawful, improper, or dishonest means (see Part III: Basics of trade secret protection of this Guide).
Also, accidental disclosure by, or leakages from, the trade secret holder may also happen, due to negligence or a simple mistake. For example, accidental disclosure can occur when a confidential document is mistakenly sent via email to the wrong recipient.
Three important general principles should be kept in mind for an efficient reaction to leakages and misappropriations.
Do not get emotional: reactions to leakages and misappropriation of trade secrets should be considered as an integral part of trade secret management, which is largely based on risk management. The important thing is to be ready and prepared to react, avoid further damages, counterattack at the right time and recover.
Consider that speed of reaction is crucial: a good reaction can be useless if it comes too late. One of the major risks of misappropriation or leakages is that the trade secret is publicly disclosed and loses its entire value. A timely reaction may prevent further disclosure or misuse, or at least limit its negative consequences.
Have a response plan ready: a response plan should be in place before the incident occurs. Appoint one or more persons responsible to take actions in the emergency. Everyone in the company should be instructed to report immediately any threat to trade secrets.
In general, trade secret holders may take the following steps to react to misappropriation or leakages.
Understand the situation and stop the misappropriation or leakage
Preserve the trade secret value
Cure the reason for the breach
Handle the reputational damage and liability
These typical steps that are taken within the trade secret holder’s organization will be detailed, below.
Understand the situation and stop the misappropriation or leakage
To avoid deleterious power vacuums and blame-shifting when the misappropriation occurs, the trade secret management policy should provide initial indications and guidance to those who are in charge of handling the situation.
In general, there are three initial steps that should be taken, both in terms of trade secret management and potential trade secret litigation.
Collect and preserve evidence of the possible trade secret misappropriation or leakage. It is good to have as many options as possible for reacting at a later stage. For example, while the trade secret holder may decide, in the beginning, to pursue an out-of-court solution by sending a warning letter, if the alleged misappropriator does not react, the trade secret holder could decide to move to litigation, if evidence of misappropriation is well preserved.
Investigate what happened. In particular, understand how the misappropriation was possible and who carried it out. Obviously, investigations should be carried out in a confidential manner so as not to alert the alleged misappropriator, who could take countermeasures or destroy evidence.
Detect the weaknesses that caused the misappropriation/leakage. If needed, take emergency measures to mitigate immediate harms and avoid further violations. A comprehensive and detailed review of the trade secret protection plan will be possible at a later stage.
Obviously, the three steps above could interrelate with each other. For example, preserving the evidence likely implies a first initial understanding of the situation. However, waiting too long before taking action bears the risk that evidence could be lost or altered.
Preserve the trade secret value
After adopting evidence preservation measures, understanding what happened, and taking an initial step to prevent further unlawful acquisition and/or use of the trade secret, the company has to decide how to react to the misappropriation.
The company should not lose its focus on the ultimate goal of trade secret management: the maximization of the benefits of the trade secrets to gain and sustain a competitive advantage. This goal does not change because of the leakage or the misappropriation. What changes, however, may be the way to achieve it.
If the leaked trade secrets have not yet been made public, the holder could consider the following options:
Amicable resolution: get in contact with the misappropriator to agree on immediate return/destruction of any physical materials carrying the trade secret information, stop using and disseminating the trade secret information and settle any possible dispute. This could satisfy the goal to quickly stop the dissemination or misuse of the information
Seeking an amicable solution could be a good option to consider for business and commercial reasons. In cases where the parties cannot quickly resolve the dispute, they may be able to agree on a mediator to help them find an amicable solution.
Litigation: immediately start litigation, also with the purpose of obtaining a preliminary injunction from the competent courts to enjoin and prevent further violations (see Part V of this Guide (Trade secrets in litigation) for court remedies in litigation). Litigation, however, often leads to a settlement of the dispute between the parties.
If the misappropriated trade secrets have already been made public, the trade secret holder has lost legal protection for the information. In this scenario, one option is to start litigation to obtain damages, if the other party is not willing to compensate the harm voluntarily. However, there are other possibilities to settle the dispute, such as establishing an amicable business relationship as a licensing partner, a distributor, a business partner or an external consultant, which can be used as a means to provide compensation.
Cure the reason for the breach
After the incident, review the trade secret protection plan and its implementation, and identify its potential weaknesses. If needed, amend or improve the protection plan to avoid any similar episode in the future. The reason for the breach can be identified with different means, e.g., internal due diligence, software designed to manage and protect trade secrets, or “stress tests” of the IT system.
Consider whether it is appropriate to start disciplinary actions against employees, or contractual action against third parties, who are responsible for the trade secret leakage or misappropriation. The incident can also be an opportunity to educate and train employees: for example, the lessons learned and areas for improvement to avoid such incident in the future.
Handle the reputational damage and liability
Trade secret misappropriation can give rise to contractual and tort liability. This is the case where, for example, leakage of a trade secret occurred because a licensee of the trade secret under the confidentiality obligation disclosed it. In addition, a misappropriation could give rise to a duty of communication towards clients, suppliers and public authorities. Legal professionals may provide appropriate advice in these situations.
Suffering a misappropriation/leakage of its trade secrets can negatively impact the reputation of the company, its goodwill and public perception. Taking advantage of the situation, competitors may emphasize the inability of the company to protect its trade secrets or those of its partners or customers. Therefore, quickly setting up a communication campaign, targeted to the general public or limited to certain entities, authorities, clients or commercial partners as well as to employees, can be important. A PR communication could be a good way to start to rebuild your reputation, letting the market know that you care about trade secrets, and how significantly you improved the management and protection of confidential information after the incident.
In some countries,insurance products to mitigate the risks relating to trade secret misappropriation and leakages are available.
It took some time and effort, but The Super Tennis Racket Company has finally implemented all the measures it had identified as reasonable to protect the features, design and specifications of “The Serve Machine 1100.”
Louise is now on vacation. She scrolls the home page of her social network account and while scrolling, she sees that Kai, a worker assigned to “The Serve Machine 1100,” posted a picture on his social network account. In the picture, there is Kai with a couple of colleagues to celebrate the birthday of one of them. In the background, there is “The Serve Machine 1100.”
Louise reports the incidence immediately to the “Report TS threats” email. Kai is quickly contacted and asked to remove the picture.
Following the internal investigation, the company takes the following actions:
The picture was taken in the room dedicated to the “The Serve Machine 1100,” and all the employees in the picture were authorized to be there.
Luckily, the research and development team assures that no relevant details of “The Serve Machine 1100” can be seen in the picture. The picture did not disclose any secret information. The trade secret is still a secret.
To avoid similar episodes in the future, management decides to introduce a no-phone rule in the room dedicated to “The Serve Machine 1100.”
The management sends a serious email to Kai, reminding him of his confidentiality obligation, the severe breach of the policy that he committed and the risk that the company faced because of his negligent conduct. However, the company decided not to take other actions against Kai, considering that, in the end, the company suffered no damages.
The management sends another email to the whole company, explaining what happened, including the negative impact that this episode could have had on the company. The new no-phone rule in the room dedicated to “The Serve Machine 1100” is notified to all the employees. The management also stresses that more severe actions will be taken if something similar should ever happen again.
2.5 Sample checklist: Trade secret management plan
This section provides an outline of four steps detailed in Sections 2.1 to 2.4 in the form of a sample checklist. It may be used by businesses to help in setting up a trade secret management plan to identify and protect trade secrets against misappropriation and leakage. However, it is neither an exhaustive list nor a boilerplate list that must be implemented by all readers. The sample checklist should be adapted to the specific needs of each business, depending on, for example, their size, resources, business sector and market environment.
1. Identify and value your "potential" trade secrets
Identify the company’s valuable information. Consider the following steps:
interview key employees and managers
analyze data on production, sales, customer satisfaction
analyze competitors’ products and customer preferences to understand which product features drive success in the market.
Select important trade secrets. Usually, only a subset of the information collected under the sub-step above is worth implementing special protection measures. In case of doubt, prefer a broader selection of information than a narrower one.
Create a catalogue of the trade secrets, using high level descriptions.
2. Identify the risks for your trade secrets
Identify the potential risks for your trade secrets. Consider the following major risks:
third parties’ acquisition of the trade secret
leakages and accidental disclosures of the trade secret from the holder or third parties entrusted with the trade secret
third parties claim that you misappropriated their trade secrets.
Determine the potential impact (severity of the consequences).
Produce a risk assessment report identifying potential risks, likelihood of occurrence and their consequences, as a basis to prioritize the interventions needed.
3. Identify and apply reasonable protection measures
Decide what are the reasonable secrecy measures to apply. Consider the following factors:
the characteristics of the organization (the size, resources etc.)
the peculiarities of the business sector (e.g., nature and extent of risk of leakage, loss of control or contamination) and the effectiveness of particular measures in that sector
the costs (in terms of money and efficiency) of particular trade secret protection measures.
Having identified the reasonable secrecy measures to the relevant trade secrets, consider implementing the operational and contractual measures.
3.a Implement operational measures
Set up clear trade secret management roles and decision-making processes:
establish clear roles and responsibilities for taking trade secret management decisions
clarify and streamline the trade secret management decision-making process
appoint a “Trade Secret Officer”
set up an emergency plan in place for critical situations that might arise.
Set up document management measures:
apply a document marking policy
regulate the creation, use and end life of documents:
ban or limit copiestrack unique copies for the most sensitive documents
require storage of confidential material in safe and locked locations
regulate what happens to documents containing confidential information after they have served their purpose
manage properly the disposal of confidential documents.
Implement logistics and organizational measures:
create physical access barriers, for example:
measures at the entrance of the company’s facilities
a specific procedure for visitors
restriction of items that people can bring into the premises
badges and other identification means
restricted access to the whole or limited areas by external visitors.
3.b Education and awareness of employees
Implement internal policies, codes of conduct, codes of ethics.
Create a corporate culture around trade secret by providing general trainings, tests and awards to employees.
Provide specific trainings and supervision to people involved in high-risk business units.
3.c Implement information technology (IT) security measures
IT security measures may include:
require authentication to access the company’s IT devices and systems
use up-to-date software, automatic encryption, daily back-up etc.
keep access records for systems, folders etc.
provide specific folders for storing confidential information
set rules for use and custody of company’s IT devices
regulate the use of cloud services and removable devices
regulate the use of the internet
have a cyber-attack response plan in place
as appropriate, consider IT tools that aim to assist trade secret management.
3.d Implement contractual measures
With entities inside the company:
require employees to undertake confidentiality obligations, in the form of confidentiality clauses or non-disclosure agreements
require employees having access to strategic information to sign specific non-disclosure agreements and, if appropriate and possible, non-compete and/or non-solicitation agreements.
With entities outside the company:
require suppliers, customers and commercial or technical partners to undertake confidentiality obligations, in the form of confidentiality clauses or non-disclosure agreements.
4. Monitor and react to misappropriation and leakages
Understand the situation and stop the misappropriation by:
collecting and preserving relevant evidenceinvestigating what happened
detecting the weaknesses that caused the problem, mitigating immediate harms and avoiding further violations.
Consider how to deal with the source of the problem, e.g., seek amicable resolution or litigation.
Review the trade secret protection plan and its implementation, improving it to avoid future incidents Handle reputational damage and liability by:
considering any contractual and tort liability considering any duty of communication towards clients, suppliers and public authorities
mitigating any negative impact on the reputation, goodwill and public perception of the company by, e.g., a communication campaign.
3. Situations with a high risk of misappropriation
3.1 Exit of employees and risks of misappropriation
(9)The outline of measures that may be taken in situations with a high risk of misappropriation is found in Section 3.3 below.
Leakage of trade secrets can occur through different channels, such as from current employees, former employees and retirees, external contractors, hackers etc., however, it is well known that trade secret leakage by employees changing jobs is one of the high-risk situations that many companies confront.
Usually, employers and departing employees have conflicting interests. Former employers may want to prevent their employees from passing on the knowledge acquired through their former employment to new employers. Employees, however, may want to advance their career at the new employer, or start their own business, based on what they have learned at their former employers. New employers do not want to get into trade secret misappropriation disputes with the former employers due to the recruitment of new employees and also wish to prevent contamination of their own information assets (see Section 5 regarding contamination with former employers’ trade secrets).
Trade secret law, labor law and antitrust law etc. are the legal instruments that aim at balancing these various interests. Confidentiality clauses, non-disclosure, non-compete and non-solicitation agreements are also typical legal tools that may be used to mitigate the risks of disputes stemming from employees’ mobility (see Section 2.3). However, to what extent the former employers can prohibit the employees’ job mobility and the use of their knowledge after the job exit, and to what extent the employees have the freedom to choose a new job and use their knowledge,vary significantly among jurisdictions. Also, this depends on the circumstances of each case.
Therefore, assistance from experts who are familiar with the applicable law is indispensable. Broadly speaking, information that is general knowledge and skill of the employee is not a trade secret that can be claimed by the former employer.
While contractual measures, together with training and educational programs about trade secret protection, may have a deterrent effect for preventing potential disputes over misappropriation of former employers’ trade secrets, there are also additional measures, some of which should be taken before the employee leaves the company, while others should be taken after the employee has left the company.
Measures to take before an employee’s exit
Where an employee submits their resignation, several measures can be taken to mitigate the risks of misappropriation.
First, depending on the circumstances of the case, consider foreclosing the employee’s access to trade secrets and confidential information as soon as the employee communicates his or her resignation. The company should make a risk assessment, considering various issues case by case, such as: (i) the need to continue the projects being managed by the employee; (ii) the costs of keeping the employee on the payroll; and (iii) the risks run by letting the employee have access to the information asset of the company until their last day of work.
In addition, the departing employees should be reminded of their obligation to return or destroy any confidential documents or other materials. Such obligation should be found in the confidentiality clauses of employment contracts.
Exit interviews are also an important action to mitigate the risk related to employees leaving the company. Whether employees resign or they are let go by the employer, schedule exit interviews to remind employees of their legal confidentiality duties and their specific contractual obligations. Information regarding the departing employees’ reasons for resignation and the employees’ new job generally provide the degree of caution required by the company.
Exit interviews can have an important psychological and deterrent effect. The departing employees will perceive and remember that the company cares about its trade secrets and it is ready to react to protect them, if forced to do so. Therefore, the risk of misappropriation or misuse of the employer’s trade secrets likely decreases. Exit interviews are low-cost measures that can help the trade secret holder to demonstrate to a court that it had taken “reasonable steps” to keep the information secret.
To identify any leak as quickly as possible and stop any further dissemination or unauthorized use of the trade secret, companies generally check the IT devices, tools and systems used by employees leaving the company to identify any anomaly in their behavior. Usually, the period between the notice of termination and the last several days of work is critical, as departing employees may download files from their devices and systems, send them to personal email addresses, upload them on personal cloud accounts, or simply print or collect them in hard copies. Since scrutinizing employees’ activities is a delicate operation that must be done in compliance with the applicable labor law, privacy rules and IT forensics best practices, the assistance of (external) experts is recommended.
Reducing turnover of employees is another way of mitigating risk. Establishing a good working environment through, for example, investments in employees’ welfare, promotion of better work–life balance and communication between management and employees, may have a positive effect on the retention of employees.
Measures to take after an employee’s exit
Following the termination of employment, consider possible measures aimed at keeping the departing employees aware of to their obligations.
For instance, depending on the circumstances, if there are high concerns of misappropriation related to the new employment, it may be appropriate for the former employer to send a communication to the departing employee and/or to the new employer. Once such a communication is received, the former employee and the hiring employer will likely adopt a higher level of caution, as they will be unable to claim that they were not aware of the trade secrets. These communications should be sent with great care and drafted with the assistance of a lawyer, because they could be perceived as, or actually amount to, defamation or retaliation under applicable national laws.
Also, in the post-employment period, it is important to be attentive to “signals” that may indicate potential risk of trade secret misappropriation and require further investigation. For example, it is advisable to monitor the activities of the competitor who hired the former employee or the activities of the business that the former employee set up after their resignation. If the competitor releases, shortly after the joining of the new employee, a new product having features that can be achieved only by using the secret process developed by the former employer or files a patent application that claims an invention deriving from the trade secrets, this should reasonably raise serious concerns.
In addition, keep an eye on whether other employees depart in the same period. If they all join the same competitor, particular care is needed. The competitor could have targeted a specific work group inside the trade secret holder’s organization to recreate it within its own company (so called “poaching of employees”), therefore trying to also appropriate the former employer’s know-how.
Reaction to misappropriation carried out by a former employee
If a former employee downloaded a large amount of the company’s confidential documents before moving to a competitor and the competitor releases, shortly thereafter, a new product based on the technology protected by trade secrets, it may justify a strong inference of trade secret misappropriation by the former employee.
In reality, however, whether improper dissemination of trade secret information by the former employee has actually occurred is often ambiguous, and the former employer has a good reason to be concerned about the risk of misappropriation of trade secret information carried in the head of the former employee.
Therefore, determining misappropriation by former employees is a complex question that requires special investigation, assessment of circumstantial evidence and tactical consideration.
Having said this, the general rules concerning reaction to misappropriation (see Section 2.4) can be adapted to the specific exit of employee scenario as well.
Do not get emotional: the previous co-worker relationship with the former employee usually heightens emotional reactions when a suspicion of trade secret misappropriation arises. Stay calm and stick to your trade secret protection plan.
Collect and preserve evidence: if possible, freeze the evidence of the misappropriation or the leakage. This usually needs the involvement of technical forensics experts and legal counsel.
Investigate the situation and collect information: investigation and collection of information should be carried out with great care to avoid destruction of evidence, such as metadata related to specific records. For a better understanding of the situation and/or to limit any negative consequences, one possible course of action is to seek the former employee’s explanation about their behavior and demand their cooperation to limit the damage. However, this might not be the best option, if the strategy of the employer is, for example, to file litigation and seek preliminary injunction and seizure orders against the new employer of the former employee (see Part V: Trade secrets in litigation of this Guide).
Preserve the trade secret value: consider whether to take any legal action against the former employee, taking into account the seriousness of the violation. Amicable resolution with the former employee and/or their new employer should be an alternative way of settling the case.
After the initial actions, the trade secret protection plan should be critically reviewed to identify any weaknesses that caused the misappropriation. For example, inclusion of stronger confidentiality clauses in employment contracts, introduction of (higher) penalties in case of breach, and improvement of education and awareness of employees or introduction of stricter access restrictions to documents and information.
In general, if an employee or a former employee is involved in trade secret misappropriation, your reaction may have an impact on other employees’ behaviors. You need to send a clear message: the company cares about trade secrets and violations of the company’s rights will not go unpunished.
The Super Tennis Racket Company implemented all the measures it had planned to protect its “The Serve Machine 1100.” “The Serve Machine 1100” becomes a key asset of the company. The company knows it and protects it diligently.
One day, bad news arrives: their competitor, The Bad Player, has hired Anna, a member of the research and development team that developed “The Serve Machine 1100.” At her exit interview, Anna had said that she was leaving to help her mother on the family’s farm. However, after Anna’s departure, The Super Tennis Racket Company learns from several people that she had started a new position at The Bad Player.
Louise is not worried. The company knew this could have happened. It was a calculated risk, and the company knows exactly what to do.
Louise and The Super Tennis Racket Company react as follows:
In accordance with the trade secret protection plan of The Super Tennis Racket Company, the IT team had checked the company’s devices used by Anna at the time of her exit and found nothing suspicious. No confidential documents have been downloaded. However, Louise asks the IT team to carry out a deeper analysis. It comes out that during the last few days before her departure, Anna opened an impressive number of documents, just for a few seconds each, on her business laptop. Many of them concerned the “The Serve Machine 1100” and there was no work-related reason for her to open them, since she was working on other projects at the time.
After some internal investigation, Louise finds out that Hester, a colleague of Anna, entered Anna’s room to say goodbye to Anna on her last day. Hester found Anna taking pictures of the laptop screen with her personal smartphone. Anna appeared clearly uncomfortable and said that she was taking pictures of some personal photos left on the laptop. Clearly, Anna must have opened the documents concerning “The Serve Machine 1100” to take videos or pictures with her smartphone.
The Super Tennis Racket Company hires an external computer forensics expert and asks them to freeze the evidence of the operations carried out by Anna in the last days of work at The Super Tennis Racket Company. This is good evidence that can be filed in court.
The Super Tennis Racket Company is ready for the counterattack. The company files a lawsuit against The Bad Player and Anna for trade secret misappropriation. The Super Tennis Racket Company asks the Court to take urgent measures to: (i) inspect Anna’s electronic devices and The Bad Player’s data management system to detect The Super Tennis Racket Company’s trade secret information and documents; and (ii) prohibit Anna and The Bad Player from using the misappropriated trade secrets and documents.
The Super Tennis Racket Company obtains and enforces the court order. The Bad Player and Anna did not expect such a prompt reaction. The Super Tennis Racket Company’s documents are found on Anna’s smartphone and The Bad Player’s data management system. The Court further orders the destruction of the misappropriated documents and prohibits both Anna and The Bad Player from using the misappropriated information.
The trade secret is safe (the secrecy of the valuable information is still intact), and The Super Tennis Racket Company can continue to enjoy the commercial benefit derived from the trade secret information relating to “The Serve Machine 1100.”
The Super Tennis Racket Company releases a public statement. The Super Tennis Racket Company was a victim of a trade secret misappropriation attempt. However, the trade secret protection plan set up by the company worked efficiently and the company knew what to do. The threat was neutralized. Competitors and employees are warned. The Super Tennis Racket Company knows how to protect its trade secrets.
3.2 Risk of misappropriation when trade secrets are shared with external parties
A critical risk for trade secret holders arises when they share their confidential information with other parties outside the organization. Sharing of trade secrets with others may be necessary when, for example, conducting collaborative research or manufacturing with another organization, or outsource specific activities to another organization.
Since Part VI of this Guide focuses on trade secret-related issues in collaborative innovation, including handling of each party’s trade secrets that are brought into collaborative innovation and trade secrets that are generated through the collaborative activities, this section merely highlights several general issues that trade secret holders should consider when sharing their trade secrets with others.
Best practices for trade secret holders
For trade secret holders, they should be particularly mindful of the following general best practice.
Carefully choose your partner.It is important to select properly your potential partners. They have to be trustworthy. Signing a contract does not assure you that the other party will duly perform its obligations. You can certainly file a breach of contract action in court, but compensation for damages could hardly fully restore your loss. This is particularly true if the trade secret has been disclosed to the public, resulting in the loss of legal protection. In addition, obtaining damages generally requires long and expensive litigation. Therefore, the first golden rule is to know well and have trust in your partners before disclosing your trade secret information to them.
Use NDAs and enter into solid contracts. Enter into an NDA with potential partners (including customers and suppliers) at the very beginning of the business relationship, i.e., when starting negotiations. For trade secret holders, it is preferable to oblige the recipient to observe confidentiality permanently.
Once you have chosen a good partner, sign a good contract. Contracts can be a very important tool to regulate collaboration with other parties. See Section 2.3 with respect to confidentiality clauses in contracts with third parties and NDAs.
Carefully share your information and monitor its use. At the end of the collaboration, the recipient party should be reminded of its confidentiality obligations and the ownership of the respective information. Ask the recipient to return or destroy confidential documents in its hands and to certify such destruction.
Provide the recipient party only with the information that is strictly necessary to perform its tasks. You may also monitor the work of the recipient and its use of the information that has been shared. During the collaboration, mark any document shared as confidential and use wording that identifies the trade secret holder. In addition, secured databases that track accesses to shared documents may be used instead of emails.
Require recipients to adopt high standards of protection. Require the recipient party to adopt at least the same standard of protection you would apply to protect your own trade secrets. Preferably, if there are specific steps that you believe could provide more reliable and predictable protection, require the recipient to follow those steps.
Carefully define the rights of each party in any newly created work. When a trade secret holder shares the confidential information with another party who uses that information for creating something else (e.g., a new invention), it is very important that both parties agree, in advance, who has legal control over the shared trade secret and who has the rights in the newly created work.
Similarly, a party who receives the information might make improvements or modifications to it. Typically, trade secret holders try to negotiate owning such information as improved or modified by the recipient.
Periodical review and update. Since business relationships can change with time, review the obligations in agreements with third parties, and update them, as necessary.
Obligations of recipients of trade secret information
Turning to the recipient of trade secret information, receiving such information from the trade secret holder comes with the obligation to properly protect, use, and manage it in accordance with the terms and conditions of the contract and the law. This is not a light responsibility, since these contracts usually stipulate the liability of the recipient party if it does not fulfill its obligations contained in the contract or mismanages the trade secrets received. In particular, trade secret holders usually allow recipients to use the trade secret information only for a certain purpose. Therefore, the recipient companies should make sure that their employees who are exposed to that secret information will not use it for other purposes. In addition, the recipient should take reasonable steps to keep the information secret.
Consequently, a comprehensive trade secret management strategy covers proper management of trade secrets that are generated by the company as well as trade secrets of another company that the company is authorized to use.
If you are authorized to use trade secrets of a third party, to reduce the risk of mismanagement of the third party’s trade secrets:
identify your right and obligation regarding the use of the trade secrets and the standard of protection to maintain the secrecy of the trade secret information
monitor compliance with the obligation stipulated in the contract
store confidential documents and information of the third party separately from your company’s trade secrets to avoid contamination (see Section 4, below, on preventing contamination by trade secrets held by others).
3.3 Sample checklist: Departure of employees and sharing trade secrets with other parties
The following sample checklist summarizes the measures that can be helpful for reducing the risk of misappropriation and leakage of trade secrets in two specific situations described in Sections 3.1 and 3.2, namely, departure of employees and sharing trade secrets with external parties. As indicated in Section 2.5, it should be used as a sample that requires adaptation to the specific needs of each reader.
Departure of employees
Before the employees’ departure
Assess the risk of allowing departing employees to access trade secrets until the last day of their work
Schedule exit interviews to:
remind employees of their legal and contractual obligations of confidentiality
ask about the employees’ new job and their ability to comply with their confidentiality obligation
Consider checking the company’s IT devices and systems used by the employees (beware of applicable privacy and other laws)
Remind the employees to return any documents or other materials that contain confidential information (enforce the relevant contract clauses)
Implement measures that reduce the turnover of employees
After the departure of employees
Consider, if appropriate, sending a communication to the departed employees and/or their new employers, flagging the need to respect the former employer’s trade secrets
Monitor the activities of the new employers or of the business set up by the former employees
Monitor whether other employees depart in the same period. Pay particular attention if they all join the same competitor
Sharing information with other parties and joint cooperations
For trade secret holders
Choose a contractual party that is trustworthy
Use non-disclosure agreements with potential partners when starting the negotiations
Enter solid contracts with confidentiality clauses. For example:
require the recipients to adopt a high standard of protection
carefully define the rights of each party in the newly created work
Carefully share your information and monitor its use. For example:
share only information that is strictly necessary to perform the agreed tasks
monitor the work of the recipients and their use of the shared information
mark shared documents as confidential
use protected databases that track access to shared trade secret information, instead of using emails
At the end of the collaboration, remind the other party of its confidentiality obligations and who owns particular information
Remind the recipient to return or destroy confidential documents in its hands and to certify such destruction (enforce the relevant contract clauses)
For the recipients of others’ trade secrets
Identify your rights and obligations
Monitor compliance with limitations on authorized use
Store any received confidential information separately from your trade secrets
4. How to avoid contamination with third parties’ trade secrets
4.1 The paths of contamination
In addition to reducing the outbound risk of leakage and misappropriation of its own trade secrets, the trade secret holder should also address how to avoid the inbound risk of contamination with others’ trade secrets.
Contamination means receiving others’ trade secrets that you did not want, or you did not expect to receive. The previous Section discussed how to protect trade secrets as internal assets of the company from external leakages and misappropriation from external parties. In this Section, we address how to protect the company’s internal information assets from the potential taint of third parties’ trade secrets.
Contamination could occur, for example, when Company A transmits to Company B its trade secrets, willfully or accidentally, while Company B is not interested in receiving this information. Contamination with third parties’ trade secrets could also be the result of a chain of dissemination of trade secrets through more than one party. Once the information finds its way into the company, it can spread very quickly and widely. The information might be used within the company in multiple projects, re-elaborated or incorporated in some new products, transferred to someone else, taken as an inspiration or used as a basis for a new business plan or a marketing campaign.
Third parties’ trade secrets may enter a company through different paths. In particular:
Through new employees: frequently, contamination occurs because new employees who take information and documents of the former employer use them to perform their duties in the new job, without any knowledge of the new employer.
Through lawfully acquiring trade secret information of another party: contamination may occur when a company is engaged in a business transaction with another party where the latter’s trade secrets are shared during, for example, licensing or merger negotiation.
Through competitive intelligence: contamination could occur when a company gathers business information of competitors (competitive intelligence).
(10)Competitive intelligence is a legal business practice, involving systematic collection and analysis of information from multiple sources. However, if a company acquires trade secret information of competitors through unfair, improper or otherwise considered unlawful means, such investigation constitutes misappropriation of the trade secret.
Frequently, people interact with others in the same business sector, receive marketing proposals, discuss business offers and negotiate agreements, sharing a great deal of information in the process. Thus, the risk of contamination is a real one.
4.2 Risks of contamination and mitigation
Risks and potential harm of contamination
Generally, third parties that receive trade secrets in good faith are not liable for the use of the information in good faith, i.e., the damages caused by the use of others’ trade secrets cannot be claimed. However, depending on national law,
The consequences of contamination could be very severe. The potential harms for the contaminated company could include:
Loss of investment if a contaminated company relying on the third party’s trade secret has to suddenly cease its use.
The objective difficulties in isolating the third party’s trade secret and cleaning the contamination, once the information has spread over the organization.
The risk of the trade secret holder claiming that the contaminated company is accountable also for the use of the trade secret prior to the notice from the trade secret holder, because the company ought, under the circumstances, to have known that the trade secret had been misappropriated. Thus, the trade secret holder might seek injunctions prohibiting sale of the relevant products of the company and/or claim damages.
Mitigation of the contamination risks
The consequence of contamination with third parties’ trade secrets could be very serious for the company, and handling the contamination once occurred is extremely burdensome. Therefore, prevention is key to avoid greater damages.
The following general actions could be considered to mitigate the risks of contamination.
Invest in the education and training of employees: employees who are well aware of the importance of trade secrets are also able to understand the importance of not letting third parties’ information spread within the company. Thus, education and training should focus not only on protection of the company’s trade secrets, but also on rejecting unwanted third parties’ information.
Keep track of the origin of valuable information: preserving evidence of the date and the circumstances of the acquisition of trade secrets can help to prove that they were present in the organization before the alleged contamination, or that they have been acquired lawfully.
For example, the trade secret holder may demonstrate that certain know-how was developed independently by tracking its research and development activities. In addition, the circumstances of the acquisition of a third party’s trade secret may provide indirect evidence for the company to claim that the contamination occurred without its fault.
Monitor the data management and communication system: monitor the data management and communication system to detect any abnormal operations or data flows to outside and within the organization. Note, however, that monitoring information that enters the organization is much harder, since much information flow into the organization is often made by nonelectronic means.
To mitigate the risk of receiving sensitive information of competitors through competitive intelligence, a code of conduct and ethics that forbid unlawful and unethical practices should be applied vigorously. For example, companies may instruct their employees and business partners not to use false identitiesto gain access to restricted material on websites, at restricted sessions at industry conferences, when ordering a competitor’s product, or when using a competitor’s service.
Additional mitigation measures that may be taken to minimize the risk of contamination by hiring new employees and through receiving information from collaborators and business partners are explained in Section 5.
4.3 Reacting to contamination
Once the company realizes it has been contaminated with third parties’ trade secrets, the company should consider following the general steps outlined below.
Understand the situation: What is the trade secret that was injected in the company? How was it injected? When did it happen? Carry out an internal investigation to locate third parties’ trade secrets and secure them to ensure that the company does not use them or stops using them.
Company A notes that some files with the letterhead of its competitor Company B appear in the data management system of Company A. They include client lists, customer preferences and lists of products purchased in the past. Company A asks its IT team to check who uploaded the documents in the data management system and when. In the meantime, Company A disables access to the documents until the situation is clarified.
Involve a legal expert and understand the possible consequences: the consequences of the contamination will depend to great extents on three factors:
the relevance and value of the trade secret;
whether the trade secret has been used by the company, the extent of the use and the extent of its spread within the company; and
whether the company has innocently received and used the trade secret.
Depending on the above, different scenarios may arise:
No use of the received information: in the less problematic scenarios, the information has never been used and it has not spread within the company. To avoid any inadvertent use of such contaminating information in future, you may isolate and delete such information, or contact the legitimate holder of the information to arrange for its return.
Reception in good faith: if the information has been used, but the company received it in good faith, the company is generally not liable for the past use of the trade secret. The company should check whether it acted diligently to prevent the contamination (for example, whether the company carried out entry interviews and collected entry undertakings from new employees, among others). However, in many countries, once the company acknowledges that the trade secret information was unlawfully acquired, it should generally stop using the information, otherwise it becomes liable for continuing use.
Willful or negligent actions: in the case where the company knew, or negligently ignored, the fact that it acquired the information unlawfully, the company could be found fully liable, also for past acts (see more extensively Part V: Trade secrets in litigation of the Guide).
5. Situations with a high risk of contamination
5.1 Hiring a new employee
Hiring new employees from competitors is one of the two major paths of contamination
To mitigate the risk of contamination through hiring employees, in addition to those described in Section 4.2, several additional measures can be considered.
When hiring new employees, companies may use an on-boarding checklist, requiring them to confirm that they have complied, and will continue to do so, with the confidentiality obligation toward their former employers, such as the return or destruction of any sensitive document and information that belonged to the former employers.
At the entry interview with new employees , the company should clearly instruct that they shall not contaminate the company with the trade secret information of their former employers.
These measures are particularly important when hiring high-level employees, who were most likely exposed to highly valuable trade secret information of their former employers.
5.2 Receiving information from collaborators and business partners
(14)See Part VI: Trade secrets in Collaborative Innovation of this Guide, in particular, Section 2.
In general, knowledge is an essential resource of a company to grow and develop. However, somewhat counterintuitively, receiving trade secret information belonging to others may involve a risk that its future activities will be limited simply because it now “knows” others’ trade secrets.
While many scenarios can be conceived, two concrete examples are described below. The first scenario is a situation where a company receives an unsolicited proposal that is seemingly very attractive for advancing its business. The second scenario is a situation where a company engages in a business transaction with another company.
Scenario 1: unsolicited proposals
Let’s imagine that a company has significantly invested in an R&D project but has been struggling with a specific problem for some time, causing a delay in the project. An external individual contacts the company with an unsolicited proposal, offering a meeting to show, under an NDA, their idea that allegedly solves the problem. Should the company sign the NDA and receive the information?
Maybe they shouldn’t be too hasty. A proper risk assessmentshould be conducted, particularly if the company has been conducting its own parallel projects on the same or similar subject and is autonomously developing its own trade secrets. Once it receives the trade secret information of others, it may be very difficult for the company to keep that information separate from its own trade secret information.
To avoid this type of inbound risk of contamination, taking into account the risks of receiving the information and its value, one possible mitigation measure is to ask the disclosing party to undertake a non-confidentiality agreement, and refuse to receive any information before thenon-confidentiality agreement is signed.
Scenario 2: business transactions
Another scenario where there is a very high risk of contamination with others’ trade secrets is business transactions with other parties (such as external consultants, contractors, potential business partners). These transactions typically involve a transfer of trade secret information from one party to another, and thus can inject in the company the unwanted or unexpected trade secrets.
For example, Company A outsourced some research to the research Company B to improve its product. By chance, Company B had already carried out similar research for Company C, a competitor of Company A. On that occasion, research Company B received from Company C useful information, including trade secret information of Company C. Research Company B wants to impress Company A, so it uses such information and suggests in its report to Company A some improvements of the product that in fact takes advantage of Company C’s trade secrets.
Has Company A misappropriated Company C’s trade secrets? While the answer will depend on the applicable law and the exact circumstances, in general, the decisive point is whether Company A knew or ought to have known that Company B’s suggestions were based on third parties’ trade secrets. However, even if Company A is considered to be an innocent recipient of the information, Company A might still be required to stop the use of the information. This would mean that Company A could potentially not sell its new product, losing its investments and suffering reputational damage.
Company A could have prevented that unfortunate situation, or at least could have reduced the risks, if it had considered the following measures:
In the contract with the research Company B, Company A should have made clear that the company is not interested in receiving anyone else’s trade secrets.
For the other party to be held accountable for any damages caused by the contamination, the agreement should include contractual guarantees or indemnification clauses so that the other party will be liable for any damages caused by the contamination. In the example above, the contract should have provided that in case where the information provided by the research Company B belonged to third parties and was illicitly transferred to Company A, research Company B will compensate Company A for any losses or damages that it might incur.
For research Company B, to reduce the risk of being held responsible for contaminating its client with trade secrets of another client, the company should address conflicts of interests in advance, discuss them with its clients, and set up measures to keep information received from different clients separated.
For Company C, as soon as it is aware that Company A acquired its trade secrets through the service of Company B, it should: (i) notify Company A that its trade secrets have been unlawfully transferred; and (ii) take actions against research Company B that breached its confidentiality obligations, asking for an immediate halt to any further dissemination, return and/or destruction of any documents containing the trade secrets, and compensation for the damages suffered, as detailed in Section 2.5.
Company A would like to improve its business model and be more competitive. It therefore seeks the advice of a consulting firm.
In the past, the consulting firm had advised Company B, a competitor of Company A, on similar matters. At that time, Company B had provided the consulting firm with internal information relating to the market where both Company A and Company B operate. The consulting firm found the information very useful to build a customized strategy leveraging Company B’s strengths.
The consulting firm provides Company A with an advisory opinion that uses much of the information provided by Company B to the consulting firm at that time. To increase competitiveness of Company A, the advisory opinion also suggests that Company A implement a new production process.
Management of Company A is very happy with the advisory opinion. They circulate it internally to the various departments of the company and the management approves the new business plan that will guide the company through the next three years. Also, the management approves investment in new machinery and staff training.
After a few months, Company B learns that the consulting firm used its trade secrets to advise Company A. Company B sends a warning letter to Company A, demanding not to use the information that was included in the advisory opinion, including the secret production process.
Company A was innocently unaware that the information belonged to Company B.
Having received legal advice from its lawyers, Company A decides that it has to stop using the production process. This means losing its investment in machinery and staff training. But it cannot take the risk of litigation and an injunctive order by a court.
Regarding Company A’s use of other information relating to the market analysis that originated from Company B and was included in the advisory opinion, the situation is more complex. Company A deletes all the documents that include the misappropriated information and informs Company B accordingly. However, the information was used in developing the three-year business plan of the company, which in turn has been extensively used by many departments of Company A. On that matter, Company A and its lawyers conclude that it is no longer possible to “isolate” the trade secrets of Company B and clean the contamination. An open discussion and good faith negotiations with Company B is the only way to avoid litigation. Company A’s lawyers approach Company B to discuss a possible amicable settlement of the dispute.
Separately, Company A will also take action against the consulting firm responsible for the contamination.
For Company B, the example shows the importance of due diligence when choosing a party to whom its valuable information will be disclosed, well-drafted confidentiality clauses to protect its trade secrets, and detection of misappropriation as early as possible to minimize damages.
5.3 Sample checklist: Hiring employees and receiving trade secrets of others
The following sample checklist summarizes the measures that can be helpful for reducing the risk of contamination with third party’s trade secrets in two specific situations described in Sections 5.1 and 5.2, namely, hiring new employees and receiving confidential information from external parties.
Hiring new employees
Assess the risks of being sued by former employers of the new employees.
Take general actions to mitigate the risks. For example:
train all employees on the importance of not to contaminate the company with others’ trade secrets
keep track of the origin of valuable information
monitor the data management communication system to detect abnormal flows of information.
Use an on-boarding checklist, requiring new employees to confirm their compliance with their confidentiality obligations to former employers.
Receiving information from collaborators and business partners
Carry out a risk assessment of receiving confidential information from others, particularly where the company is working on the same or similar subject matter.
Make clear to collaborators and business partners that the company is not interested in receiving anyone else’s trade secrets.
Include contractual guarantees or indemnification clauses in contracts so that another party will be held liable if it contaminates the company with a third party's trade secret.
6. Strategic exploitation of trade secrets
6.1 Exploiting the economic value of trade secrets: modalities
Similar to other intellectual property assets, based on strategic analysis of the value of a trade secret and the competitive advantage that it may bring to the company’s business, the trade secret holder may determine the best way (or ways) of exploiting their trade secrets. There are different ways that trade secret owners can exploit the economic value of trade secrets.
Exclusive exploitation by the trade secret holder
Trade secret holders may use the protected information exclusively by themselves. They may choose to exclusively research, develop, manufacture and sell products and services having features covered by their trade secrets. They choose to do so because the success of their business comes precisely from the fact that a trade secret holder is the only one who possesses that information and thus can use it.
Non-technical trade secret information, such as sensitive business information relating to customers and vendors, pricing, business strategies etc., is often used exclusively by trade secret holders. However, there can be a situation where sharing confidential business or commercial trade secret information with another business partner makes more sense: that is, when sharing such information brings more competitive advantage to the trade secret holder than keeping such information by itself, as illustrated below.
Allowing certain use of trade secrets by others under the control of the trade secret holder
Trade secret holders may allow certain parties to use their trade secrets for certain purposes, during a certain period, within a certain geographical area, and under any other conditions (for example, payment of a licensing fee).
As already illustrated in some examples described in this Part, there are various situations where trade secret holders choose to share their sensitive information with their business partners, suppliers and customers. Under certain circumstances, sharing of trade secret information may lead to improvement of business efficiency, higher quality of products and services and greater commercial success.
For instance, to generate revenue and/or gain business efficiency, trade secret information may be shared with:
business partners for collaborative R&D, marketing, and other projects
local manufacturers of the company’s products in foreign countries
franchisees pursuant to franchise agreements, and
external contractors who carry out certain outsourced business processes of the company.
The licensing conditions are agreed between the parties on a case-by-case basis. The degree of authorized scope of use of the trade secrets as well as the terms of payment (e.g., percentage of profits, fixed license fee or lump-sum payment) are essential elements in licensing agreements. To require the licensee to maintain secrecy of the trade secret information, the licensor may:
seek the right to audit the licensee’s compliance with the terms of the licensing agreement, and/or
require confidentiality of the licensed trade secret information even after termination of the agreement.
In particular, with respect to franchise agreements, the franchisor may consider the possibility of granting franchisees to access a tangible product that pertains to trade secret information (sauces with special ingredients) rather than disclosing the trade secret information as such (detailed information about the ingredients).
In addition, a company may be inclined to share its trade secret information with external consultants or advisory service providers who need the company’s sensitive information to deliver high quality services to the company.
Due to the fact that secrecy is a prerequisite for trade secret protection, the common challenge for exploiting trade secrets through licensing is to sufficiently define the licensed trade secrets and to manage the risk of breach of non-disclosure or of confidentiality before and during the negotiation of the license and after the conclusion of the license (see Section 2.3 on contractual measures, 3.2 on risk of misappropriation by sharing information with an external party and Section 4 on avoiding contamination with others’ trade secrets).
Assignment of trade secrets
Trade secrets can be assigned, or put differently, the legitimate control over the trade secret information can be transferred to another party.
Oftentimes, the very reason for carrying out certain corporate operations, such as mergers and acquisitions, is the willingness of the investor to acquire know-how and trade secrets held by the target company. Starts-ups are often acquired because of their significant assets in IP rights, including trade secrets.
Fundraising
Depending on the applicable national law, trade secret holders may negotiate, create and perfect security interests in trade secrets. They may serve as an additional means to raise capital from private or public institutions. Unlike other IP assets, maintaining the secrecy of trade secrets is required for their securitization.
Tax and accounting
Under certain conditions and in some jurisdictions, trade secrets may be:
included in the company’s accounting, thus contributing to the overall corporate value
considered for transfer pricing purposes, if used throughout the same group
(17)Transfer pricing accounting occurs when one division provides goods or services to another division of the same company and charges the latter division. Using the differences in the tax rates among countries in which the parent company and subsidiaries locate, transfer pricing is utilized to reduce the tax of the parent company. covered by a tax relief measure, such as “innovation box” or “intellectual property box,” which is a special corporate tax regime to incentivize corporate research and development activities.
6.2 Continual alignment of the exploitation strategy with business needs
Dynamic notion of trade secret exploitation
Trade secrets are an integral part of IP assets. Typically, in the technology sector, a small or medium-sized company may own several patents, copyrighted materials that may or may not be public, industrial designs of their products and trademarks that distinguish their products. In addition, it may hold trade secret information surrounding their products and their commercial activities. Therefore, strategic use and exploitation of trade secrets cannot be considered in isolation. Rather, they should be considered in conjunction with other IP rights.
The protected subject matter of registered IP rights is usually “cast in stone” at the time of registration, or in the case of copyright, at the time of creation. However, trade secrets can evolve together with business activities, which constantly generate new valuable information.
At the same time, trade secrets are more vulnerable than other types of IP. Even if it does not have a statutory limited term of protection, a lifespan of a particular trade secret may be short, depending on its nature (such as the next month’s product introduction) or handling of information that can potentially lead to premature disclosure. Once the trade secret information is leaked, its value for the trade secret holder can be significantly reduced or its legal protection is entirely lost if it is widely disclosed. Trade secrets can also be lost when the information no longer has value derived from secrecy.
This means that the information in the company’s trade secret pool is constantly changing within the IP portfolio.
In addition, the strategic use and exploitation of trade secrets should be considered in conjunction with the changing market and company’s business needs, since they also have an influence on the value of a particular trade secret information in the company’s pool.
Consequently, the “strategic” management and exploitation of trade secrets is a dynamic concept, both in terms of its value and its risk of loss of protection.
Therefore, there is aneed to regularly review trade secret assets in the context of the overall IP portfolio, and to align the trade secret management and exploitation strategy with the evolving business needs in an ever-changing market. The review may be conducted broadly in three steps:
Assess any changes in the pool of trade secrets and how the changes affect the company’s competitive advantage (i.e., value of the trade secrets) and risk, in the context of other IP assets.
Review whether the current trade secret protection plan and measures as well as trade secret exploitation strategy are still appropriate.
Update the protection plan, measures and exploitation strategy, if necessary.
Exploitation strategy beyond the trade secret system
In reviewing and updating the trade secret exploitation strategy, one possibility is to seek different or additional revenue stream(s) from the exploitation modalities available in the trade secret system. Some questions that may be addressed are:
Will the trade secret information continue to provide competitive advantages because of its secrecy?
Technological trade secret information can become obsolete at some point in time due to the technological development inside the company or elsewhere.
New technologies may reduce competitive advantages by offering competitors the means to independently create the same information with much less effort and subsequently duplicate the company’s products or services in a shorter time and with less risk.Will the trade secret information continue to remain secret?
Reverse engineering and independent creation of the same information are usually not regarded as trade secret misappropriation in many countries. If a technological gap between the trade secret holder and its competitors diminishes, the likelihood of the competitors lawfully obtaining the information through reverse engineering or independent creation of an invention increases. It may lead to the trade secret no longer having value, and even worse, the competitors might obtain patents on the invention and may seek to preclude the company from using the trade secret.(18)In many countries, the prior-user exception to patent rights may allow the trade secret holder to continue using the information, although the scope of the exception may be limited.
Another possibility for trade secret holders is that, instead of maintaining trade secret protection, they may seek revenue stream(s) from the exploitation of other IP rights, such as patents or copyright.
Trade secret to patents
Since trade secret information is protected under confidentiality, it is generally not part of prior art under patent law in many countries.
Trade secret and/or copyright
Copyright protection arises automatically in an original work once it is created and fixed in a medium. As long as the expression of such work is kept confidential and meets the requirements for trade secret protection, it can be protected by both copyright and trade secret law. However, depending on business needs, the trade secret holder may be able to switch from such dual protection to the combination of patents and copyright protection in case of software. It may also considersshifting to copyright protection only, if, for example, open source software is in line with strategic business direction.
Renouncing trade secret protection
Finally, it is also possible that the rational business consideration leads to the conclusion that the company will relax trade secret protection measures and also not seek any alternative protection. Maintaining trade secrets is not an end in itself. They should support a competitive advantage of the business, whether it is for technological competitiveness, monetary rewards, or reputational advantage. If you renounce trade secret protection without seeking patents, you may consider actively publishing that information so that your competitors will not be able to obtain a patent on that subject.
7. Valuation of trade secrets
7.1 Trade secret valuation – what is it for?
To make various business decisions around management and exploitation of IP in diverse circumstances of business transactions, having an idea of the value of your IP assets, including trade secrets, will be helpful. Valuation of trade secrets provides trade secret holders with additional information that may assist them to take informed decisions relating to trade secret management, enforcement, and licensing, or even switching from trade secrets to patent protection. For example:
Cost-benefit analysis for internal IP management
IP valuation may allow trade secret holders to analyze costs and benefits of trade secret protection of certain information, and to maintain their IP portfolio in line with their strategic business goals. This is particularly so if there exists an alternative means of protection (e.g., patents).
Licensing and franchising
Before entering negotiations on licensing of IP assets, including trade secrets, having a thorough understanding of their relative value will help trade secret holders make more informed decisions on the terms and conditions of the licensing agreement, including royalty rates. In franchising, both franchisor and franchisee need a thorough understanding of the value of the relevant IP assets.
Settling disputes
Knowing the value of information assets can have a positive effect on making strategic decisions when those assets are threatened or misappropriated. For example, the trade secret holder may need to decide whether to pursue litigation, to opt for alternative dispute resolution, or to offer a license to the alleged infringing party. Valuation also plays an important role in calculating damages suffered due to the unauthorized acquisition, use or disclosure of the trade secret.
Attracting partners
For business collaboration and transactions, such as a joint venture, strategic alliance, merger or acquisition, valuation can facilitate better understanding about how the assets of all parties contribute to the partnership.
Secure financing
Venture capitalists and other potential investors look for maximum return and minimum risk. Therefore, they need to know the value of the company's IP before investing in it. To use trade secrets as collateral to obtain financing, their valuation separately from the company’s other assets may be necessary.
In the context of IP management, it is important to distinguish the price and value of an IP asset, although they can be used interchangeably in our daily conversation. “Price” is typically defined as what a buyer is willing to pay, in an arms-length transaction, based on the perceived value of the product.
On the other hand, “value” is an abstract, but deterministic quantity whose calculation is based on a systematic and established set of methods.
Thus, the “valuation” of IP does not determine the price tag for an IP asset, which can be affected by many other aspects of the transaction.
7.2 Valuation methods
The valuation methods that can be used for trade secrets are the same as those applied to IP assets in general. The principal methods for valuation of IP assets are: (i) cost method; (ii) market method; and (iii) income method.
Cost method
The cost method seeks to establish the value of the asset by calculating the cost of creating or replacing a similar asset.
This method values trade secret information by aggregating the expenditures incurred or that would be incurred in developing or creating the asset or a similar product or service, such as costs relating to labor, materials, equipment, R&D, testing etc. It seeks to determine the value of a trade secret at the time of misappropriation by aggregating the direct expenditures and opportunity costs involved in its development. It also considers technological and economic obsolescence that may affect its value.
Strengths of the cost method
The cost method can be used in situations where the misappropriator is currently not generating any income, such as technology at an early stage of development.
It can also be useful when development costs can be easily calculated and the cost of reproduced is low (e.g., software).
If the income stream or the economic benefits of the IP asset cannot be reasonably or accurately quantified, the cost method may also be helpful.
Weaknesses of the cost method
The cost method focuses on past expenses rather than on future profits, and therefore it does not necessarily reflect the market potential of the asset. This is particularly true for trade secrets created through experimental research and development, where huge investments can produce many failures, while they can also lead to revolutionary inventions with huge commercial success. Accordingly, the cost method does not fit well in certain sectors, such as pharmaceuticals.
A value assessment based on costs could produce misleading results and underestimate or overestimate the value of the trade secrets.
Market method
The market method seeks to determine the value of an asset by comparing it with a comparable asset available in the market. The value is determined by comparing both the assets in similar transactions under comparable circumstances.
The key to such assessment is to find a good comparable in the market, i.e., similar transactions that concern similar products or service, which could be considered as a reference. Once a comparable is identified, adjustments that take into account the differences in the two situations are generally needed.
Strengths of the market method
Simple method using market-based information
Can be useful if a good comparable (such as licensing agreements related to the same subject matter) is available.
Weaknesses of the market method
Difficult to find a good comparable for trade secret value, because:
every secret is usually unique
in general, the value of secrets derives from their newness or originality, but they must be not generally known or readily accessible.
Income method
The income method is one of the most commonly used methods for IP valuation. To determine the present value of trade secrets, it focuses on the economic income that the asset is expected to generate in the future.
In determining economic incomes, the following parameters are used:
projecting the revenue flow (or cost savings) generated by the trade secret over its remaining useful life
adjusting the revenues/savings against the investments made for the development of the secret (e.g., costs of labor, materials, capital investment etc.)
discounting the expected revenues to present day value using a “discount rate.”
Strengths of the income method
This method is easiest to use for assets with established cash flows, for those whose future cash flows can be estimated with some degree of reliability, and where a proxy for risk that can be used to obtain discount rates is available.
It captures well the value of trade secrets that generate relatively stable or predictable cash flows.
Weaknesses of the income method
The discounted cash flow (DCF) method does not consider the total risk of the investment. Instead, it only considers the systematic component of that risk in the form of market determined discount rate.
The DCF assumes that the investment in the secret is irreversible, irrespective of future circumstances.
It does not capture the various independent risks associated with trade secrets (e.g., a legal risk of losing protection due to leakage and public disclosure or a risk of independent development of the same information by a competitor). All risks are assumed to be appropriately accounted for in the discount rate and the probability of success.
In summary, regardless of the valuation method used, the valuation process requires gathering varying information about the trade secret as well as an in-depth understanding of the market, industry and specific business, all of which directly affect the utility of the results of the valuation.
In general, valuation of trade secrets is inherently more difficult than other intellectual property due to their confidential nature. More specifically, it is challenging to separate and identify a revenue flow or costs that can be exclusively credited to trade secrets. Each of the three major IP valuation methods has its general strengths and weaknesses. Which valuation method, or a combination of the methods, to be applied should be determined case by case.