Part IV: Trade secret management

Topics covered in this Part:

• Protection against misappropriation and leakages of trade secrets

• Protection against contamination with third parties’ trade secrets

• Step-by-step trade secret protection plan and examples

• Situations with high-risk of misappropriation or contamination, exiting employees and hiring new employees

• Strategic exploitation and valuation of trade secrets

1. Overview

Companies typically focus their attention on traditional IP registered rights, such as patents or trademarks, or other forms of protection, such as copyright for protecting their creative and innovative output. However, trade secret protection can extend beyond all of those. It can protect virtually any valuable information at relatively little cost. Almost all businesses rely on some sort of trade secret information, but many of them are simply unaware of their assets. Manufacturing processes, chemical compounds, prototypes, source code for software, food recipes, the process of making a perfume, customer lists, information on clients and their preferences, business models and marketing strategies: potentially, they can all be trade secrets.

Trade secrets can provide important benefits to their holders, in many different ways. They can be used by the trade secret holders, providing them with an advantage over their competitors. They can also be licensed or assigned, lead to public and private funding, attract investors and be shared in a joint venture. They may also give access to tax relief in some countries.

Trade secrets are therefore important assets for most companies, regardless of their size or industry sector. However, to reach their full potential, trade secrets need to be identified and protected. In practice, this is where trade secret management comes into play.

The ultimate goal of trade secret management is the maximization of the benefits that trade secrets confer on their holders in order to gain and sustain a competitive advantage over other competitors.

To pursue this goal, companies should focus on four main areas:

1. Protection of trade secrets against misappropriation and leakages. To preserve secrecy and maintain the company’s competitive advantage, the trade secret holder should establish mechanisms for controlling access to confidential information.

2. Protection against contamination from third parties’ trade secrets. To prevent from being targeted by third parties’ trade secret misappropriation claims; information that comes into companies from outside should be treated cautiously.

3. Strategic exploitation of trade secrets. Companies should manage trade secrets in such a way that they increase enterprise value. This means understanding how trade secrets can be strategically used and exploited in the business.

4. Valuation of the trade secrets. Understanding the value of trade secrets that companies hold is important for taking informed decisions regarding both trade secret protection and exploitation.

Figure 1. Graphic representation of trade secret management

Against this backdrop, Part IV proceeds as follows. Section 1 provides an overview of the above four main areas. Section 2 provides guidance for setting up a trade secret protection plan aimed at preventing misappropriation and leakages of trade secrets. Section 3 addresses how to approach specific critical situations where the risks of misappropriation and leakages (i.e., outbound risks) are particularly high. Section 4 addresses the issue of protecting the company from contamination with third parties’ trade secrets. Section 5 highlights certain scenarios where risks of contamination with others’ trade secrets (i.e., inbound risks) cannot be ignored. Section 6 discusses how trade secrets can be strategically exploited, and stresses the importance of continuously aligning strategic use of trade secrets with business needs. Finally, Section 7 provides basic principles on trade secret valuation.

1.1 The subject matter of trade secret management

It is important to begin by clarifying terminology. Although “trade secrets” and “confidential information” are often used interchangeably in business, strictly speaking the former is a subset of the latter. In general, “confidential information” refers to information that is not publicly known and is kept confidential by its holder. Thus, it extends to information that is personal to an individual. Confidential information will qualify as a trade secret only if it meets the requirements under the applicable national law of each country (many of which may be based on Article 39 of the TRIPS Agreement).

In general, a trade secret refers to any confidential information which provides an economic benefit to the trade secret holder because that information is generally unknown to competitors, and the holder made efforts to keep the information secret. Trade secrets can be found in the most unexpected of places in your business.

1.2 Protection of trade secrets against misappropriation and leakages

To protect trade secrets, the holder should set up a comprehensive protection plan that addresses at least two different questions:

• How to protect the company’s trade secrets, to prevent trade secret leakages through employees and misappropriation by third parties.

• How to avoid third-party liability arising from the mismanagement of other’s trade secret information that the company has legitimately acquired.

For the information to be protected by trade secrets, in accordance with their applicable national laws, courts typically require, among other things, that the information has been subject to “reasonable steps” taken by the holder to keep it secret. Accordingly, using their own efforts and resources, trade secret holders should implement reasonable protection measures against trade secret misappropriation.

Reasonable protection measures

The reasonable protection measures are usually determined in relation to the value of the information, the level of misappropriation risk, and the cost of implementing various measures.

For example, theoretically and technically, intrusion to internal network systems can be prevented by cutting off any connection among computers or to external networks. But this sort of “extreme” protection is almost always impractical for modern businesses, which must communicate regularly with external actors, such as customers, vendors and joint venture partners. Indeed, it is widely believed that it is nearly impossible – from a practical and economic point of view – to protect each piece of information indefinitely, with the highest level of protection possible and under all the circumstances.

Therefore, reasonable protection measures do not always (and almost never) mean the strictest protection in the absolute, but instead the most effective protection according to the company’s own risk environment and the specific circumstances of a given transaction. The level of protection can be set by identifying the trade secrets, understanding their value, weighing the risks inherent in the business, and prioritizing protection of the most important secrets, reaching a level of protection for each trade secret that is effective, proportionate and appropriate, according to the relevant circumstances.

Following this approach, the trade secret holder could decide not to protect certain information at all, or to protect it with less robust measures because the high cost (in terms of money or inconvenience) makes it impractical. For example, a company may decide that it is important to allow broad and comprehensive access to an engineering database for all its engineers, to gain the benefit of collaboration among them, rather than to maximize security by limiting each engineer’s access to the specific database that relates to their current work.

In this Guide, Sections 2 and 3 of this Part will focus on the protection of trade secrets from a management perspective, while protection of trade secrets in view of filing an action in court against trade secret misappropriation will be addressed in Part V.

1.3 Protection against contamination with third parties’ trade secrets

The second area of responsibility for trade secret management concerns the issue of how to avoid being contaminated by third parties’ trade secrets. In other words, trade secret management addresses not only the “outbound” risk of leakage and misappropriation of the company’s own trade secrets, but also the “inbound” risk of third parties’ trade secrets entering the company unnoticed and being mixed up with the company’s own information assets.

Contamination consists in the unwanted acquisition of trade secrets of third parties. It occurs, for example, when new employees bring with them information and documents of the former employer, and use them in the new employment, without knowledge of the new employer. Thus, the company has been “contaminated” with the other company’s information.

Avoiding contamination with others’ trade secrets is a distinctive area of trade secret management, representing potential harm to the integrity of a company’s information assets, rather than possible loss of control. The company should design its trade secret management program such that it also protects against such risks of contamination.

Another example of potential contamination frequently arises when one company engages with another to explore a possible business transaction, such as a merger or a license and in the course of which discloses trade secrets. Here, the exposure to the other’s sensitive information is voluntary and typically falls under the provisions of a confidentiality, or non-disclosure agreement. Unfortunately, the managers involved in such transactions may not be sufficiently aware of the risks involved in negotiating the terms of such agreements, or in complying with their terms. A great deal of preventable trade secret litigation arises due to insufficient management attention to these transactions.

Sections 4 and 5 will discuss the inbound risks of contamination and mitigation measures that may be taken, with more examples and practical tips.

1.4 Strategic exploitation of trade secrets

Once trade secrets are adequately protected against loss or contamination, they should be actively managed to support and increase the value of the enterprise. This is a crucial step toward commercialization that realizes the potential for competitive advantage represented by the information.

Like other IP, the trade secret holder should choose the best way of exploitation suitable for its business. For example, trade secrets can be used exclusively by the trade secret holder, allowing the holder to offer a superior product or service or improve profit margins relative to its competitors. They can also be licensed, assigned, lead to public and private funding, attract investors, be shared in a joint venture or other form of collaborations.

Since trade secrets are an integral part of IP assets, their strategic exploitation should be considered in conjunction with other IP rights, such as patents. The value of trade secrets and risk of losing control over them constantly change together with the business activities and needs of the company and the evolution of external conditions, such as competition in the market, technological development and regulatory changes. Thus, the optimal exploitation of trade secrets is a dynamic concept that should be assessed, reviewed, and updated regularly so that it is constantly aligned with the changing business strategy of the trade secret holder.

In making an informed choice among different types of IP protection, both legal factors (for example, eligibility of protection, the scope of rights and their duration and geographical coverage), described in Part III: Basics of Trade Secret Protection of this Guide, as well as business factors (such as costs, resources, market conditions and reputational effect) should be taken into account.

It is also possible that a rational business may decide to relax trade secret protection measures and also not to seek any alternative protection. Maintaining trade secrets is not an end in itself. They have value only to the extent that they provide a competitive advantage to the business, whether it is for technological competitiveness, monetary rewards or reputational advantage.

Section 6 will discuss in detail how trade secret holders may strategically approach exploitation of their trade secret assets by a third party.

1.5 Valuation of trade secrets

The exploitation of trade secrets is closely related to valuation of trade secrets, which can be very difficult for want of any meaningful market. But some form of valuation, either absolute or in relation to other assets, is often necessary, even if it is inherently inexact. For example, having some sense of the information’s value may help to: (i) understand if it is worth investing expensive technological protection measures in the secret information; (ii) sell or license them to a third party; or (iii) quantify the damages suffered because of an unauthorized disclosure or improper use of the trade secrets.

Section 7 will illustrate primary valuation methods for IP assets, with their different strengths and shortcomings.

2. How to protect trade secrets from misappropriation and leakages? Trade secret protection plan

A trade secret protection plan can be broken down into the following four steps:

Step 1: Identify and value your “potential” trade secrets;

Step 2: Determine the risks for your trade secrets;

Step 3: Identify and apply reasonable measures to protect trade secrets;

Step 4: Monitor and react to misappropriation and leakages.

The following sections will explain these four steps in detail. The outline of the four steps is contained in Sample checklist A: Implementation of trade secret plan – what steps to take, below.

2.1 Step 1: Identify and value your “potential” trade secrets

Trade secret protection plan (Step 1)

The first step to set up a trade secret protection plan is identifying the company’s "potential" trade secrets.

Many organizations are unaware of the existence and the value of their information assets until they carry out a process to identify and catalog them. Companies may be surprised to discover extremely valuable assets that they didn’t know they had. Thus, an internal review to identify potential trade secrets should be performed regularly.

The sub-steps to identify potential trade secrets are the following:

Identify the company’s valuable information

Carefully review the company’s competitive position to identify the information that helps the business run successfully and gives it an advantage over competitors. Consider the following steps:

Interview senior managers and key employees working in various functional areas and business units of the company. Questions could include:

• What makes your work different from those of competitors?

• What is the key to the success of your office or your team?

• What do you think competitors would like to know about your work?

• What do customers appreciate the most about the company’s products or services?

• What causes you to lose sleep at night for fear that the competition may learn your secrets?

Analyze data on production, sales, customer satisfaction. This may provide useful information on the positive impact of new product or service offerings, business plans or marketing strategies. Particular attention should be paid to research and development, sales and business development functions, where there is often a higher concentration of valuable information.

Analyze competitors’ products and customers’ preferences to better understand how your secrets provide differentiated value over the competition. The result of this inquiry should consist of a broad set of the company’s valuable information.

Select important trade secrets

Only a subset of the information collected under the first sub-step may justify implementing specific protective measures. In selecting information for particular focus, it is generally better to be over-inclusive, since both the risk and value factors can be dynamic, and you will want to preserve the option of caring for a larger set of assets. If the information is not known by the vast majority of your competitors, this should be sufficient to consider it a trade secret.

This “broad” approach could lead to over-classification, but some level of inconvenience is preferable to losing control of information that may later turn out to be critical.

Create a catalogue of the trade secrets

It is generally helpful to record trade secrets in some way so that decision-making can be easier and more predictable. However, trade secrets often consist of information which cannot be easily and quickly identified. Also, in large enterprises, information assets could be widespread among hundreds of employees, each developing, managing and using the know-how relevant for their respective functions, which can change over time. Therefore, for management purposes, it is generally sufficient to draft a broad catalogue of trade secrets identified by category, including a brief description of why they are valuable for the company. The goal of such a catalogue is not to explain in detail all the company’s information assets, but to raise awareness of these assets and improve decision-making about their protection.

2.2 Step 2: Identify the risks for your trade secrets

Trade secret protection plan (Step 2)

After having assessed and catalogued the most important trade secrets, the holder should determine the risks that they face in the operation of the business. Understanding those risks is crucial to identifying the measures needed to mitigate them.

The major risks for trade secrets could be organized as follows:

• Third parties’ acquisition or misuse of the trade secret. Businesses often attempt to gain access to information about their competitors. In general, lawful means of access may include reverse engineering and independent discovery.⁽¹⁾See Part III: Basics of trade secret protection of the Guide. In general, reverse engineering is a process of working backward from an available product, such as studying, analyzing or disassembling the product to understand its components, composition, design, functions or manufacturing process. Competitors might also employ improper means, such as espionage or corruption of employees. Reducing that sort of risk is a primary objective of any trade secret protection plan. See Part III: Basics of trade secret protection of the Guide. In general, reverse engineering is a process of working backward from an available product, such as studying, analyzing or disassembling the product to understand its components, composition, design, functions or manufacturing process.

• Leakages and accidental disclosures of the trade secret One of the major risks of trade secrets is simple accidental loss because of negligence or mismanagement by those who “know” the trade secrets, e.g., employees or third party collaboration partners. Leakages and accidental disclosures can result from the practical difficulties of protecting the trade secret. For example, if exploitation of the information requires many people to know it, leakages may be more likely to occur. Other risks could be related to the specific medium on which the trade secret is fixed. Studies have shown that the greatest risk of secrecy loss is through mishandling by employees, which reflects the importance of proper communication and training of the workforce.

• Trade secret misappropriation claims by third parties. Given the high mobility of employees and of collaborations and other sharing arrangements in modern business, most companies face some risk of being accused of misappropriation. Such claims could arise either because the company is charged with directly misappropriating the trade secret, or because of unwanted contamination (see more extensively on contamination in Sections 4 and 5). Possible consequences of third-party claims include: (i) the need to defend against such claims, possibly in court; (ii) the need to stop, if the claims are grounded, the use of the trade secret (including the sale of the products and services using it); (iii) payment of compensation; or (iv) risk of criminal prosecution.

Potential risks, loopholes, and gaps in the protection of trade secrets can be identified through interviews with key managers and with those who deal with the trade secrets within the company on an everyday basis. External specialized consultants and security tests can help identify vulnerabilities.

For a thorough risk assessment, it is important to understand:

• the likelihood that the potential risks materialize, and

• their potential impact, i.e., the severity of their consequences.⁽²⁾James Pooley, Trade Secrets § 9.03 [4], (Law Journal Press 1997-2023, updated).

Indeed, annulling all possible risks is often impossible. What can realistically be done is to mitigate those risks, in particular prioritizing those with the highest probability of occurrence and with the most negative consequences. Managers, businesspeople, and representatives of those who will be impacted in their day-to-day work by the potential measures should be involved in the risk assessment and in the design of the protection program. Risk management measures are, in the end, the result of a balance of interests, where the need for security will be balanced with the need for efficiency and cost constraints.

The results of the risk assessment analysis should produce a risk assessment report that identifies the potential risks, the likelihood of their occurrence, their consequences and the priority level for intervention.

2.3 Step 3: Identify and apply reasonable protection measures

Trade secret protection plan (Step 3)

Criteria to identify what protection measures are reasonable

After having identified the company’s trade secrets, catalogued them, and analyzed their value and related risks, it is necessary to decide measures that are reasonable in relation to the value of information, the level of risk and the cost of implementing various measures – the most appropriate actions according to the specific circumstances of the case.

Broadly speaking, protection measures for a company’s own information are directed at preserving secrecy and maintaining control over who has access to the information and what they are permitted to do with it. Considering all circumstances of the case, trade secret holders may take into account the following aspects to determine the reasonable protection measures.

The value of the trade secret

The more relevant the information is to the company’s competitive success, the stricter the protection measures should be. The value of the trade secret is affected, inter alia, by the likelihood that the information remains secret and guarantees over time to its holder a competitive advantage over other competitors.

Characteristics of the organization

In general, the size of the organization affects the measures it can and should take, considering, for example, its resources and the level of complexity in managing secrecy within the organization.

The peculiarities of the business sector and the effectiveness of particular measures

The sector where the trade secret holder operates can also be relevant for the determination of reasonable protection measures. Some measures have general utility in all fields, while other measures are more effective in specific fields.

There are sectors such as personal insurance, where information on clients and their specific needs are key to the business, and therefore, contractual measures binding employees to confidentiality and practical measures related to education and training on trade secret management are of great importance. As a further example, employees in a sales or business development team selling customized industrial machinery components or supplying high quality fabrics according to the preferences of the clients, should be contractually bound to keep business information confidential. In highly technological sectors (such as the pharmaceutical industry, medical devices, automotive manufacturing and information and communication technology) or in sectors particularly exposed to cyber-attacks,⁽³⁾The four industry sectors appearing most affected by cyber theft of trade secrets are: manufacturing sector; information and communication technologies; financial and insurance activities; health and medical technology. See European Commission, Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs, The Scale and Impact of Industrial Espionage and Theft of Trade Secrets through Cyber, Publications Office, 2018, pp. 29-30. https://data.europa.eu/doi/10.2873/48055. practical measures in the field of information technology are also very important.

The costs of trade secret protection

the budget of the company is often a critical issue, because protecting trade secrets can require significant investments in security measures. Generally, protecting a trade secret is sensible only if the investments in protection are lower than the expected economic return from the exploitation of the information. In this assessment, the progress of the technology over time should be considered, given the need and the costs of constantly updating relevant security measures. On the other hand, once an investment in general protection measures, such as a video-surveillance system and information technology controls, is made, often it can cover the cost of protecting multiple trade secrets at once, and newly acquired trade secrets can be protected by measures already in place. The costs may differ depending on the measure and the trade secret to protect.

The need to maintain work efficiency

Some protection measures or their combination may affect the efficiency and fluidity of access to information within the company. A policy requiring multiple authorizations from multiple individuals every time the trade secret needs to be accessed may diminish the value of trade secret information by overly restricting its deployment in the business. Therefore, the need to protect trade secrets should be balanced with the need to exploit them efficiently through internal information flows. In this regard, it can be useful to interview the people involved in the workflows to assess possible alternatives and what measures can be realistically implemented without losing work efficiency.

Balancing all the criteria above should suggest whether it is appropriate to protect any given trade secret and where to set the proper level of protection. Deciding that less valuable information should not be protected can be perfectly coherent with efficient management. Indeed, from a practical and economic perspective, it is generally not possible to protect all information with the same efforts, and it is therefore reasonable for the company to select only a subset of the information to actively protect.

Implementing protection measures

Finally, once the holder has identified the reasonable protection measures for each category of trade secrets, the last step is to implement those measures. Because they were developed thoughtfully in relation to perceived value and risk, those measures will also meet the flexible “reasonable steps” standard of protection according to law.

Usually, a trade secret protection plan consists of the implementation of a combination of operational and contractual measures. The following typical protection measures will be addressed in this section.

Operational measures

• Setting up clear trade secret management roles and decision-making processes: define clear roles and responsibilities within the company with regard to trade secret management and decision-making processes.

• Document management measures: handle information and documents properly inside the organization (e.g., policies regulating document classification and marking, a life cycle of documents and access authorization processes).

• Logistics and organizational measures: control and monitor access to the places where trade secrets are stored and used.

• Education and training of employees: provide education and training for employees, based on internal policies and a code of conduct or ethics, to raise awareness of their responsibilities in protecting trade secret assets.

• Information technology measures: use information technology security measures to secure trade secrets in transit and in storage.

Contractual measures

• Internal with employees: conclude contracts between the trade secret holder and the people internal to the organization, to bind them to confidentiality and other contractual obligations to preserve secrecy.

• External with suppliers, clients and partners: conclude contracts with external parties, such as consultants, contractors, vendors, customers, distributors, sales agents, actual or potential business partners, to bind them to confidentiality and other contractual obligations directed at limiting access to, or use of, the trade secrets.

Setting up clear trade secret management roles and decision-making processes

Trade secret management involves many critical management decisions, which might have to be taken quickly in some cases (e.g., reacting to trade secret misappropriation to prevent further dissemination or disclosure of the trade secret).

Therefore, roles and responsibilities of managers in the organization should be clearly allocated and the decision-making processes must be clearly set. For example, the following steps can be taken.

• Establish clear roles and responsibilities

  Make clear who has the responsibility for taking trade secret management decisions. Responsibility can be split according to the importance of the trade secret and the decision to make. High-level management might be involved in the most relevant decisions only. For example, whether to mark a specific document as confidential or not is something that can be handled internally within the business unit. Instead, whether to license the trade secret to a third party should require authorization from high-level management.

• Clarify and streamline the trade secret management decision-making process

  Specify when authorization for taking a trade secret management decision is necessary and how such authorization can be obtained. Consider setting up an ordinary procedure and an accelerated procedure, the latter to be used only when authorization is needed on an urgent basis.

• Appoint a “Trade Secret Officer”

  Identify and train a person(s) to be available to employees when they need clarification, guidance or supervision in uncertain situations (“Trade Secret Officer”).

• Have an emergency plan in place

  Set up an emergency plan, listing people to be contacted inside the company (executives and the Trade Secret Officer) and outside the company (legal and IT resources). Define the steps to be immediately taken or avoided in case of an incident. This plan can cover situations where the company finds misappropriation of its trade secret and where contamination with a third party’s trade secrets is suspected.

Document management measures

Trade secrets often consist of information included in various kinds of records, for example, emails, memorandums, reports, business plans, contracts, client lists, technical documents, minutes of meetings, etc. They should be handled properly to avoid both accidental disclosure and unlawful acquisition, use and/or dissemination.

The main goals of internal document management measures are: (i) to make trade secrets recognizable by labeling; (ii) to make trade secrets difficult to misappropriate or circulate; and (iii) to make documents containing trade secrets traceable to easily identify authors of misappropriation or leakage.

In general, a golden rule for document management measures is that they should be as simple as possible, because if measures are too complicated, the risk is that the employees will simply ignore them, or bureaucracy slows down the operations. Some examples of document management measures are the following.

Document marking

Document marking is not always necessary to claim trade secret protection. However, it is highly advisable to adopt a document marking policy. Statements such as “Confidential - Property of Company X,” “Access limited to …” or similar wording can be printed on documents.

Reference to the confidentiality level of the document (low, medium, high, etc.) and basic instructions on how to handle them (for example, not to be shared, not to be printed, not to be brought outside the company, not to be saved on certain media, to be encrypted) can also be included.

The task of marking documents with confidentiality labels should generally lie with the employee creating the document or circulating it within or outside the company. However, employees with specific training may be appointed to help others to classify the information. Certain documents, such as engineering drawings and customer lists, may have confidentiality marking applied as a matter of course. Employees should be invited to refer to a Trade Secret Officer or their supervisors in case of doubts.

Regulating the creation, use and end life of documents

A significant risk to trade secret information is the accidental leakage of a document that contains it. Companies should set specific rules and adopt measures that regulate how documents (including electronic records) are handled, limiting the risks of accidental loss of control.

Regulating access to documents and information

In general, the more employees that are aware of a trade secret, the higher the chances that the company loses control over it. To reduce the risk of accidental or voluntary disclosure of trade secrets, the simplest approach is to restrict access to the trade secret and related documents. In general, access should be granted on a need-to-know basis, limited to the specific information and documents that are necessary for the individuals to perform their respective tasks. This principle should be applied in a balanced way so as not to unnecessarily hamper efficient knowledge sharing within the company. In a factory line, for example, a sensitive solution could be dividing a series of operations between employees so that individual employees do not know or understand the information needed for the whole process.

The company might also need to provide access to confidential documents and information to third parties. This happens frequently, considering that more and more often companies need to outsource specific activities, or collaborate on the development of new products. When there is such a need, information should be shared only as necessary. Also, access should be granted only to people or entities subject to confidentiality agreements or clauses and after obtaining approval from a person responsible for trade secret management.

Logistics and organizational measures

The locations where companies store documents and protypes, perform research and development activities, keep servers, etc. should be supervised and access should be regulated and monitored. Logistic and organizational measures create physical barriers between a misappropriator and trade secrets.

These measures include:

• Concierge service, entry–exit registration and video surveillance at the entrance of the company’s facilities.

• A specific procedure applied to visitors, including escort to the appointment area, or providing them with a name tag. Employees should be instructed to report immediately if any unknown person is located at the company’s facilities.

• Restriction on items that people can bring into the premises, such as cameras or smartphones. In very highly sensitive areas, visitors and employees may be required to wear work uniforms with no pockets and to carry items in transparent bags.

• Badges or other automatic identification means to access the companies’ facilities for employees.

• Restricted access by external visitors to the whole premises or to certain areas limited to employees only (e.g. production facilities and research and development laboratories). Access may be subject to confidentiality undertakings.

Logistics and organizational measures are usually the first point of contact with the company. Employees and visitors will recognize that the company is vigilant and ready to react if rules are broken. Therefore, it has a deterrent effect, dissuading any unlawful attempts and an educational effect on employees, encouraging the formation of a culture of confidentiality.

Education and awareness of employees

One of the most common reasons for trade secret loss is the simple accidental loss of information by those who are entrusted with trade secrets.

If employees are unaware of what a trade secret is, whether a certain piece of information is a trade secret or not, or why trade secrets are so important for the company, they could carelessly talk about them in a conversation with friends in a public place, or they could disclose information on posts and comments on social networks proudly promoting their company’s (or their personal) successes.

This sort of behavior can put trade secrets in danger. To reduce such risks, the primary focus of the company should be the education of employees, with the aim to raise their awareness of the importance of trade secrets in their day-by-day work. Employees should understand that the company operates in a competitive environment, and that trade secrets are a key asset, the loss of which could be extremely harmful. Employees at all levels should be encouraged to treat trade secrets with great care in a joint effort to protect the company’s competitive position.

Basic training and education of employees can generally be provided with limited costs, but with substantial effect on employees’ attention to the company’s trade secrets. With higher investments, it is possible to set up a more structured, continuous education program.

Implementation of internal policies, codes of conduct and codes of ethics

One way to educate employees is to provide them with a set of documents explaining how to behave, such as specific policies, codes of conduct and codes of ethics. They should serve as reminders and as a checklist for their responsibilities in the management of trade secrets, including in the remote working environment, if applicable. For example, such documents may include:

• specific rules such as a clean desk policy, a duty to return materials and documents after meetings, a duty not to store company’s documents on personal devices, and a duty not to share information with third parties; and

• reference to local laws concerning secrecy and employees’ related duties and liability.

Employees should have the opportunity to access these materials anytime (such as by posting them on the company intranet) and to ask clarifications. In addition, employees should be reminded periodically of their existence and content.

General training, tests and awards for employees

Various means exist to raise employees’ awareness of trade secret management. The common goal is to engage employees and provide them with instructions and key messages.

Education should be continuous and varied. It should start with on-boarding of the employee, through an initial basic confidentiality training, and should continue throughout the employment lifecycle.

Different forms of training can be envisaged: providing employees with notices, instructional posters or videos, checklists, a list of “dos and don’ts,” role play, a simulation of external threats to trade secrets such as automatically generated phishing emails, and best practice competitions with awards to individuals or teams of employees.

To create a corporate culture around trade secrets, the involvement of executives in these activities is recommended.

High-level executives and engineers should be provided with specific training that is relevant to their particular risk environment. Also, people without a direct employment relationship, such as consultants and contractors, should receive equivalent instructions.

Special training for high-risk business units

Certain functions within the company may tend to over-share sensitive information with outsiders. Usually this happens with good intentions, such as promoting the company or its products. However, this sort of behavior can be risky when trade secrets are at stake.

Here are some areas of activities that inherently have higher risks of trade secret loss, and thus special attention may be necessary:

• Marketing activities: people in marketing naturally like to use information about new or future products, or new features in these products, to boost promotional events or capture the interest of potential customers.

• Business development activities: business development activities imply similar but broader risks compared to marketing activities, since the employee is focused on new business relationships and the need to generate interest in prospective partners about the company’s prospects. Here, in addition to general education regarding confidentiality, there may be a need for imposing discipline around the negotiation of, and compliance with, non-disclosure agreements.

• Scientific publications: in technical fields, scientists often have been trained to consider success as early publication of the results of their work in scientific journals. This inclination needs to be checked not only with basic training but with clear requirements for pre-publication submission of papers to ensure that valuable secrets are not compromised.⁽⁵⁾See also Part VI: Trade secrets in collaborative innovation of this Guide for use of trade secrets in academic institutions for collaborative research.

Obviously, marketing, selling and publishing activities are all important for the business, and should be promoted and stimulated. However, proper precautions need to be taken to be sure that they are managed in a way that protects the company’s trade secrets. To such end, possible measures include:

• Provide specific training: provide those who are involved in high-risk activities with specific training and rules to help them do their jobs with discipline and respect for the company’s trade secrets.

• Set up an approval process for external disclosures: set up a special approval process to double-check that no sensitive information is disclosed in planned business, scientific or marketing presentations and related materials.

Information technology (IT) security measures and IT management tools

Most companies’ trade secrets are stored and transmitted in globally connected digital systems that are inherently insecure. Thus, most larger companies acquire and deploy adequate IT security protections. Also, because both protective technology and risks are evolving extremely rapidly, IT security measures should be periodically reassessed.

IT security measures may include:

• Require authentication to access the company’s IT devices, tools and systems: this may include password policy (requiring strong passwords, periodically updated), multi-factor authentication and other methods of authentication.

• Use up-to-date operating systems, anti-viruses, anti-spyware software, malware, firewalls.

• Implement automatic encryption and daily back-up.

• Keep access records for systems, folders and files, along with downloads and outgoing communications.

• Provide specific folders (protected by password and/or encrypted and stored in the company’s system or in a secure cloud storage site) for storing confidential files.

• Set strict rules for use and custody of electronic devices (phones, computers, tablets) provided by the company.

• Prohibit, discourage or properly regulate the use of personal cloud services and removable devices, possibly prohibiting the use of personal devices (laptops, tablets, phones, thumb devices) for work-related purposes.

• Regulate the use of the internet as well as of devices and services connected to the internet, e.g., if appropriate and feasible, disable external connections to folders/systems that include trade secrets, issue a social media policy and ban access to certain websites.

• Have a cyber-attack response plan in place. The plan can include a wide range of measures, whose primary goals are stopping the attack and containing its consequences.

There are also IT tools that aim at assisting internal trade secret management. For example:

• Software designed to manage trade secrets. These tools (often referred to as DLP or data loss prevention) can have different functions:

  Help companies to collect, organize, study and report their trade secrets as well as trade secrets entrusted to them by third parties.

  Track progress in the implementation of trade secret protection measures.

  Provide good evidence, if needed, that trade secrets are properly managed and protected, which can be useful in court to meet the “reasonable step standard” that qualifies information as a trade secret.

• IT audits to regularly monitor employees’ activities and detect unlawful behaviors of departing employees, in compliance with local labor laws.

• IT tools able to provide evidence of the existence of the trade secret at specific point in time (time stamps).⁽⁶⁾The Korean Intellectual Property Office (KIPO) launched its Trade Secret Certification Service in 2010, which received more than 188,509 cases by the end of 2022. This service takes the hash values of electronic documents and combines them with authorized time values, thereby creating time stamps. Time stamps are then registered with the Korea Institute of Patent Information (KIPI) to prove the existence of original copies of trade secrets, as well as their initial dates of possession (see https://www.kipo.go.kr/en/HtmlApp?c=91022&catmenu=ek02_06_01).

Part VII: Trade secrets and digital objects of this Guide contains more about security measures to protect trade secrets in digital formats as well as specific challenges and risks associated with protection of digital trade secrets.

Contractual measures

Trade secret holders should consider contractual measures for protection purposes. They can supplement the lack of other measures and are often crucial in litigation.

In drafting contracts, it is often better to refer to “confidential information” rather than to trade secrets, since the former term is more easily and broadly understood. A primary function of contracts is to define the relationship as one of confidence, and so using broader terminology reinforces that notion without predetermining what a court might find to constitute a legally protectable “trade secret.”

Types of contractual measures

Types of contractual measures include:

• Confidentiality clauses: Confidentiality clauses (typically included in contracts of employment or with third parties) point out that the recipient of the information in the course of the contractual relationship shall keep such information confidential, shall not disclose to third parties and shall use it for the agreed purposes only. Confidentiality clauses may appear in any type of commercial contract, including supply agreements, sales agreements and licenses.

• Non-disclosure agreements (NDAs) (or confidentiality agreement): NDAs are legally binding contracts that establish a confidential relationship between the parties, who agree that confidential information they may obtain within the contractual relationship will not be made available to third parties or used for purposes other than those specified in the contract. These agreements by definition contain a confidentiality clause or clauses.

Obviously, NDAs and confidentiality clauses must be properly drafted. Assistance of lawyers is advisable. Some general key considerations when drafting an NDA include the following:

• Clearly identify which information is subject to confidentiality. Confidentiality obligations are effective if it is clear what information is subject to confidentiality. Therefore, provide in the contract a definition of “Confidential Information,” including provisions for identifying as confidential information which is communicated verbally.

• Define the scope of rights to access, use and disclose trade secrets, and impose strict control measures and penalties against breach of confidentiality by recipients.

• Point out what is the authorized use of the information disclosed. Specify for which specific purposes the information disclosed can be used, such as for consideration of a potential merger or license.

• Include exceptions to confidentiality. Clarify what is not considered confidential information, and exclude it from the scope of the confidentiality obligation. For example, information that is shown to be generally known or has entered the public domain through no fault of the recipient, or which the recipient can demonstrate was developed independently of the disclosed secrets should be excluded from the “Confidential Information” covered by the NDA.

In addition to confidentiality clauses and NDAs, there are contractual measures that can be used, in some jurisdictions, for the purpose of indirectly protecting trade secrets. For example, Non-compete agreements or clauses (also non-competition agreements and clauses) and/or Non-solicitation agreements or clauses may be available in some jurisdictions.

Non-compete agreements or clauses are restrictive covenants where typically one party (for example, the employee) agrees not to enter competition with the other party (for example, the employer) when they leave the company. Usually, they are limited in type of activity, geographic coverage and duration.

Non-solicitation agreements or clauses are restrictive covenants where typically one party (for example, the employee) agrees to be prohibited from diverting the company's clients or recruiting its employees upon leaving the company. Their allowability varies from one jurisdiction to another. These agreements that are typically concluded between an employer and its employee will be addressed further in the next section.

Although acquiring information through reverse engineering is generally considered as not constituting misappropriation of trade secrets, many countries, such as most Member States of the European Union, do not prohibit trade secret holders to enter into a contractual agreement that prohibits reverse engineering. In general, the United States of America enforces anti-reverse engineering clauses in contracts between business entities. The extent to which contractual clauses can prevent reverse engineering also varies among national laws.

Contracts with employees

Depending on national approaches, the law or the contract may imply that the person receiving the trade secret cannot use it, except for the uses agreed between the parties, and must maintain confidentiality. This is true at least for employees, since an obligation not to disclose the employer’s trade secrets is generally implied in the duty of loyalty and fidelity of the employee.

Despite legal confidentiality obligations, providing (additional) contractual confidentiality obligationsis highly advisable, at least for the following reasons:

• NDAs and confidentiality clauses provide more certainty, compared to implicit obligations stemming directly from the law, which vary among countries.

• NDAs and confidentiality clauses have additional effects against trade secrets misappropriation from employees and third parties. Companies that ask their employees to sign NDAs send a clear message that the company cares about its trade secrets. Actively signing NDAs may create deterrent to breach of confidentiality obligations.

• NDAs and confidentiality clauses generally make enforcement easier. The trade secret holder could often raise in court a contractual claim and a non-contractual claim based on the national/regional trade secret laws. The two claims will likely overlap to some extent, but depending on the national approaches, there could be differences in terms of burden of proof, remedies, and statutes of limitation. Having two shots raises the chances to hit the target. In addition, courts are more likely to find liability when confidentiality obligations are clearly set forth in a contract.

Including confidentiality clauses in employment agreements is recommended. To be on the safe side, it is highly advisable to always specify in the contract of employment that confidentiality obligations last beyond the termination of the contract of employment, and check if such clause is admissible under the applicable law.

Non-compete agreementsrestricting the possibility of the employee to compete with the employer contain a more pervasive contractual restriction than confidentiality clauses or NDAs.

There are generally no issues when the non-compete agreement refers to the period when the employment is in force. The enforceability of the non-compete agreement after the termination of the employment, however, requires attentiondue to its wide-ranging effects. A non-compete agreement may prevent employees from using not only trade secrets, but also their general knowledge, skills and experience, conflicting with the mobility of workers.

Accordingly, some countries prohibit non-compete agreements, save in exceptional circumstances. If not forbidden, non-compete agreements are nonetheless generally subject to certain limitations and boundaries. They typically must be “reasonable” in geographic coverage, duration and scope. A non-compete agreement lasting one or two years, covering the geographic area and the kind of work performed by the employee in his or her previous employment is generally acceptable in several countries.

Considering the many variations in national approaches⁽⁷⁾For a country-by-country overview of post-termination of employment restrictions, see, for example, Confidential Information, Trade Secrets and Post-Termination Restrictions, 2023, Bird & Bird. https://www.twobirds.com/en/insights/2023/global/global-guide-on-confidential-information.regarding non-compete clauses/non-compete agreements, companies (in particular, multinational companies) should pay attention to drafting such clauses. Employers should also consider the possible counter effects of including non-compete agreements in their employment contracts of employment, as they may be perceived as unfair by employees, lower their morale or discourage job applications.

NDAs, non-compete agreements and/or confidentiality clause should be signed at the very beginning of the relationship between the parties before any exchange of confidential information. Remedying their absence at a later stage is possible, pointing out that the confidentiality obligations undertaken by the parties apply also to information exchanged previously. However, the risk of discussing confidentiality obligations ex post is that disagreements could emerge on the terms of the agreement, while confidential information has already been exchanged. In such a situation, the party who disclosed a trade secret or confidential information would not have much contractual power to impose its preferred conditions.

Contracts with third parties⁽⁸⁾See Part VI: Trade Secrets in Collaborative Innovation) of the Guide, in particular, Section 2 on use of NDAs and confidentiality clauses in collaborative activities.

In the modern economy trade secret holders may need to share their trade secret information with third parties for, for instance, collaborative research, joint venture activities, manufacturing or distribution arrangements, franchising, fundraising etc. To achieve a specific business need, trade secret information may be shared with external consultants, contractors, vendors, distributors, sales agents, commercial and technical partners, and also potential business partners. These relationships are of temporary nature, and the third parties may have worked, be working, or work in the future, with competitors. Therefore, the need to protect confidentiality can be greater with third parties than employees. Trade secrets must be particularly protected toward third parties, with whom the trade secret holder cooperates.

It is recommended to include by default confidentiality clauses in all contracts entered into with third parties. Alternatively, signing a separate NDA focusing on confidentiality and exchange of confidential information is advisable when: (i) the exchange of confidential information is needed before the signing of the contract, for example, to draft it properly; (ii) the regulation of the exchange of confidential information is more complex and deserves to be addressed separately in more detail; (iii) the contractual relationship between the parties is already established in a contract that does not include a confidentiality clause, or (iv) the disclosing party needs to disclose a highly valuable trade secret that deserves additional commitments.

If a trade secret holder discloses their trade secret information to, for instance, a consultant who will use that information to deliver its service, the contract should specify that the consultant shall not use the disclosed trade secret information for any other purpose. In addition, the trade secret holder must make sure that the consultant will not use trade secret information of any other person for performing the contracted work (see Section 5.2).

The general advice regarding contractual measures (see Section 2.3 above) also appliesto confidentiality clauses and NDAs with third parties. For example, NDAs should be signed, and contractual clauses should be introduced, in the beginning of the working relationship, and if applicable, non-compete agreements may be set-up. In particular, they should point out:

• what kinds of information are protected

• how they are protected

• what are the restrictions on their access and use

• if applicable, how and to what extent the recipient is authorized to share them with other third parties

• what is the duration of the confidentiality obligation, and any obligation after the termination of the contract, and

• what happens to the confidential documents when the collaboration terminates.

2.4 Step 4: Monitor and react to misappropriation and leakages

Trade secret protection plan (Step 4)

General principles for an efficient reaction

Even with a strong and efficient trade secret protection plan and a careful trade secret management policy in place, misappropriation of trade secrets can occur. In general , trade secret misappropriation means acquisition, use or disclosure of trade secrets through unlawful, improper, or dishonest means (see Part III (Basics of trade secret protection) of this Guide).

Also, accidental disclosure by, or leakages from, the trade secret holder may also happen, due to negligence or a simple mistake. For example, accidental disclosure can occur when a confidential document is mistakenly sent via email to the wrong recipient.

Three important general principles should be kept in mind for an efficient reaction to leakages and misappropriations.

1. Do not get emotional: reactions to leakages and misappropriation of trade secrets should be considered as an integral part of trade secret management, which is largely based on risk management. The important thing is to be ready and prepared to react, avoid further damages, counterattack at the right time and recover.

2. Consider that speed of reaction is crucial: a good reaction can be useless if it comes too late. One of the major risks of misappropriation or leakages is that the trade secret is publicly disclosed and loses its entire value. A timely reaction may prevent further disclosure or misuse, or at least limit its negative consequences.

3. Have a response plan ready: a response plan should be in place before the incident occurs. Appoint one or more persons responsible to take actions in the emergency. Everyone in the company should be instructed to report immediately any threat to trade secrets.

In general, trade secret holders may take the following steps to react to misappropriation or leakages.

• Understand the situation and stop the misappropriation or leakage

• Preserve the trade secret value

• Cure the reason for the breach

• Handle the reputational damage and liability

These typical steps that are taken within the trade secret holder’s organization will be detailed, below.

Understand the situation and stop the misappropriation or leakage

To avoid deleterious power vacuums and blame-shifting when the misappropriation occurs, the trade secret management policy should provide initial indications and guidance to those who are in charge of handling the situation.

In general, there are three initial steps that should be taken, both in terms of trade secret management and potential trade secret litigation.

1. Collect and preserve evidence of the possible trade secret misappropriation or leakage. It is good to have as many options as possible for reacting at a later stage. For example, while the trade secret holder may decide, in the beginning, to pursue an out-of-court solution by sending a warning letter, if the alleged misappropriator does not react, the trade secret holder could decide to move to litigation, if evidence of misappropriation is well preserved. 

2. Investigate what happened. In particular, understand how the misappropriation was possible and who carried it out. Obviously, investigations should be carried out in a confidential manner so as not to alert the alleged misappropriator, who could take countermeasures or destroy evidence.

3. Detect the weaknesses that caused the misappropriation/leakage. If needed, take emergency measures to mitigate immediate harms and avoid further violations. A comprehensive and detailed review of the trade secret protection plan will be possible at a later stage.

Obviously, the three steps above could interrelate with each other. For example, preserving the evidence likely implies a first initial understanding of the situation. However, waiting too long before taking action bears the risk that evidence could be lost or altered.

Preserve the trade secret value

After adopting evidence preservation measures, understanding what happened, and taking an initial step to prevent further unlawful acquisition and/or use of the trade secret, the company has to decide how to react to the misappropriation.

The company should not lose its focus on the ultimate goal of trade secret management: the maximization of the benefits of the trade secrets to gain and sustain a competitive advantage. This goal does not change because of the leakage or the misappropriation. What changes, however, may be the way to achieve it.

If the leaked trade secrets have not yet been made public, the holder could consider the following options:

• Amicable resolution: get in contact with the misappropriator to agree on immediate return/destruction of any physical materials carrying the trade secret information, stop using and disseminating the trade secret information and settle any possible dispute. This could satisfy the goal to quickly stop the dissemination or misuse of the information

  Seeking an amicable solution could be a good option to consider for business and commercial reasons. In cases where the parties cannot quickly resolve the dispute, they may be able to agree on a mediator to help them find an amicable solution.

• Litigation: immediately start litigation, also with the purpose of obtaining a preliminary injunction from the competent courts to enjoin and prevent further violations (see Part V of this Guide (Trade secrets in litigation) for court remedies in litigation). Litigation, however, often leads to a settlement of the dispute between the parties.

If the misappropriated trade secrets have already been made public, the trade secret holder has lost legal protection for the information. In this scenario, one option is to start litigation to obtain damages, if the other party is not willing to compensate the harm voluntarily. However, there are other possibilities to settle the dispute, such as establishing an amicable business relationship as a licensing partner, a distributor, a business partner or an external consultant, which can be used as a means to provide compensation. 

Cure the reason for the breach

After the incident, review the trade secret protection plan and its implementation, and identify its potential weaknesses. If needed, amend or improve the protection plan to avoid any similar episode in the future. The reason for the breach can be identified with different means, e.g., internal due diligence, software designed to manage and protect trade secrets, or “stress tests” of the IT system.

Consider whether it is appropriate to start disciplinary actions against employees, or contractual action against third parties, who are responsible for the trade secret leakage or misappropriation. The incident can also be an opportunity to educate and train employees: for example, the lessons learned and areas for improvement to avoid such incident in the future.

Handle the reputational damage and liability

Trade secret misappropriation can give rise to contractual and tort liability. This is the case where, for example, leakage of a trade secret occurred because a licensee of the trade secret under the confidentiality obligation disclosed it. In addition, a misappropriation could give rise to a duty of communication towards clients, suppliers and public authorities. Legal professionals may provide appropriate advice in these situations.

Suffering a misappropriation/leakage of its trade secrets can negatively impact the reputation of the company, its goodwill and public perception. Taking advantage of the situation, competitors may emphasize the inability of the company to protect its trade secrets or those of its partners or customers. Therefore, quickly setting up a communication campaign, targeted to the general public or limited to certain entities, authorities, clients or commercial partners as well as to employees, can be important. A PR communication could be a good way to start to rebuild your reputation, letting the market know that you care about trade secrets, and how significantly you improved the management and protection of confidential information after the incident.

In some countries,insurance productsto mitigate the risks relating to trade secret misappropriation and leakages are available.

2.5 Sample checklist: Trade secret management plan

This section provides an outline of four steps detailed in Sections 2.1 to 2.4 in the form of a sample checklist. It may be used by businesses to help in setting up a trade secret management plan to identify and protect trade secrets against misappropriation and leakage. However, it is neither an exhaustive list nor a boilerplate list that must be implemented by all readers. The sample checklist should be adapted to the specific needs of each business, depending on, for example, their size, resources, business sector and market environment.

3. Situations with a high risk of misappropriation

3.1 Exit of employees and risks of misappropriation⁽⁹⁾The outline of measures that may be taken in situations with a high risk of misappropriation is found in Section 3.3 below.

Leakage of trade secrets can occur through different channels, such as from current employees, former employees and retirees, external contractors, hackers etc., however, it is well known that trade secret leakage by employees changing jobs is one of the high-risk situations that many companies confront.

Usually, employers and departing employees have conflicting interests. Former employers may want to prevent their employees from passing on the knowledge acquired through their former employment to new employers. Employees, however, may want to advance their career at the new employer, or start their own business, based on what they have learned at their former employers. New employers do not want to get into trade secret misappropriation disputes with the former employers due to the recruitment of new employees and also wish to prevent contamination of their own information assets (see Section 5 regarding contamination with former employers’ trade secrets).

Trade secret law, labor law and antitrust law etc. are the legal instruments that aim at balancing these various interests. Confidentiality clauses, non-disclosure, non-compete and non-solicitation agreements are also typical legal tools that may be used to mitigate the risks of disputes stemming from employees’ mobility (see Section 2.3). However, to what extent the former employers can prohibit the employees’ job mobility and the use of their knowledge after the job exit, and to what extent the employees have the freedom to choose a new job and use their knowledge,vary significantly among jurisdictions. Also, this depends on the circumstances of each case.

Therefore, assistance from experts who are familiar with the applicable law is indispensable. Broadly speaking, information that is general knowledge and skill of the employee is not a trade secret that can be claimed by the former employer.

While contractual measures, together with training and educational programs about trade secret protection, may have a deterrent effect for preventing potential disputes over misappropriation of former employers’ trade secrets, there are also additional measures, some of which should be taken before the employee leaves the company, while others should be taken after the employee has left the company.

Measures to take before an employee’s exit

Where an employee submits their resignation, several measures can be taken to mitigate the risks of misappropriation.

First, depending on the circumstances of the case, consider foreclosing the employee’s access to trade secrets and confidential information as soon as the employee communicates his or her resignation. The company should make a risk assessment, considering various issues case by case, such as: (i) the need to continue the projects being managed by the employee; (ii) the costs of keeping the employee on the payroll; and (iii) the risks run by letting the employee have access to the information asset of the company until their last day of work.

In addition, the departing employees should be reminded of their obligation to return or destroy any confidential documents or other materials. Such obligation should be found in the confidentiality clauses of employment contracts.

Exit interviews are also an important action to mitigate the risk related to employees leaving the company. Whether employees resign or they are let go by the employer, schedule exit interviews to remind employees of their legal confidentiality duties and their specific contractual obligations. Information regarding the departing employees’ reasons for resignation and the employees’ new job generally provide the degree of caution required by the company.

Exit interviews can have an important psychological and deterrent effect. The departing employees will perceive and remember that the company cares about its trade secrets and it is ready to react to protect them, if forced to do so. Therefore, the risk of misappropriation or misuse of the employer’s trade secrets likely decreases. Exit interviews are low-cost measures that can help the trade secret holder to demonstrate to a court that it had taken “reasonable steps” to keep the information secret.

To identify any leak as quickly as possible and stop any further dissemination or unauthorized use of the trade secret, companies generally check the IT devices, tools and systems used by employees leaving the company to identify any anomaly in their behavior. Usually, the period between the notice of termination and the last several days of work is critical, as departing employees may download files from their devices and systems, send them to personal email addresses, upload them on personal cloud accounts, or simply print or collect them in hard copies. Since scrutinizing employees’ activities is a delicate operation that must be done in compliance with the applicable labor law, privacy rules and IT forensics best practices, the assistance of (external) experts is recommended.

Reducing turnover of employees is another way of mitigating risk. Establishing a good working environment through, for example, investments in employees’ welfare, promotion of better work–life balance and communication between management and employees, may have a positive effect on the retention of employees.

Measures to take after an employee’s exit

Following the termination of employment, consider possible measures aimed at keeping the departing employees aware of to their obligations.

For instance, depending on the circumstances, if there are high concerns of misappropriation related to the new employment, it may be appropriate for the former employer to send a communication to the departing employee and/or to the new employer. Once such a communication is received, the former employee and the hiring employer will likely adopt a higher level of caution, as they will be unable to claim that they were not aware of the trade secrets. These communications should be sent with great care and drafted with the assistance of a lawyer, because they could be perceived as, or actually amount to, defamation or retaliation under applicable national laws.

Also, in the post-employment period, it is important to be attentive to “signals” that may indicate potential risk of trade secret misappropriation and require further investigation. For example, it is advisable to monitor the activities of the competitor who hired the former employee or the activities of the business that the former employee set up after their resignation. If the competitor releases, shortly after the joining of the new employee, a new product having features that can be achieved only by using the secret process developed by the former employer or files a patent application that claims an invention deriving from the trade secrets, this should reasonably raise serious concerns.

In addition, keep an eye on whether other employees depart in the same period. If they all join the same competitor, particular care is needed. The competitor could have targeted a specific work group inside the trade secret holder’s organization to recreate it within its own company (so called “poaching of employees”), therefore trying to also appropriate the former employer’s know-how.

Reaction to misappropriation carried out by a former employee

If a former employee downloaded a large amount of the company’s confidential documents before moving to a competitor and the competitor releases, shortly thereafter, a new product based on the technology protected by trade secrets, it may justify a strong inference of trade secret misappropriation by the former employee.

In reality, however, whether improper dissemination of trade secret information by the former employee has actually occurred is often ambiguous, and the former employer has a good reason to be concerned about the risk of misappropriation of trade secret information carried in the head of the former employee.

Therefore, determining misappropriation by former employees is a complex question that requires special investigation, assessment of circumstantial evidence and tactical consideration.

Having said this, the general rules concerning reaction to misappropriation (see Section 2.4) can be adapted to the specific exit of employee scenario as well.

• Do not get emotional: the previous co-worker relationship with the former employee usually heightens emotional reactions when a suspicion of trade secret misappropriation arises. Stay calm and stick to your trade secret protection plan.

• Collect and preserve evidence: if possible, freeze the evidence of the misappropriation or the leakage. This usually needs the involvement of technical forensics experts and legal counsel.

• Investigate the situation and collect information: investigation and collection of information should be carried out with great care to avoid destruction of evidence, such as metadata related to specific records. For a better understanding of the situation and/or to limit any negative consequences, one possible course of action is to seek the former employee’s explanation about their behavior and demand their cooperation to limit the damage. However, this might not be the best option, if the strategy of the employer is, for example, to file litigation and seek preliminary injunction and seizure orders against the new employer of the former employee (see Part V: Trade secrets in litigation of this Guide).

• Preserve the trade secret value: consider whether to take any legal action against the former employee, taking into account the seriousness of the violation. Amicable resolution with the former employee and/or their new employer should be an alternative way of settling the case.

After the initial actions, the trade secret protection plan should be critically reviewed to identify any weaknesses that caused the misappropriation. For example, inclusion of stronger confidentiality clauses in employment contracts, introduction of (higher) penalties in case of breach, and improvement of education and awareness of employees or introduction of stricter access restrictions to documents and information.

In general, if an employee or a former employee is involved in trade secret misappropriation, your reaction may have an impact on other employees’ behaviors. You need to send a clear message: the company cares about trade secrets and violations of the company’s rights will not go unpunished.

3.2 Risk of misappropriation when trade secrets are shared with external parties

A critical risk for trade secret holders arises when they share their confidential information with other parties outside the organization. Sharing of trade secrets with others may be necessary when, for example, conducting collaborative research or manufacturing with another organization, or outsource specific activities to another organization.

Since Part VI of this Guide focuses on trade secret-related issues in collaborative innovation, including handling of each party’s trade secrets that are brought into collaborative innovation and trade secrets that are generated through the collaborative activities, this section merely highlights several general issues that trade secret holders should consider when sharing their trade secrets with others.

For trade secret holders, they should be particularly mindful of the following general best practice.

• Carefully choose your partner

  It is important to select properly your potential partners. They have to be trustworthy. Signing a contract does not assure you that the other party will duly perform its obligations. You can certainly file a breach of contract action in court, but compensation for damages could hardly fully restore your loss. This is particularly true if the trade secret has been disclosed to the public, resulting in the loss of legal protection. In addition, obtaining damages generally requires long and expensive litigation. Therefore, the first golden rule is to know well and have trust in your partners before disclosing your trade secret information to them.

• Use NDAs and enter into solid contracts

  Enter into an NDA with potential partners (including customers and suppliers) at the very beginning of the business relationship, i.e., when starting negotiations. For trade secret holders, it is preferable to oblige the recipient to observe confidentiality permanently.

  Once you have chosen a good partner, sign a good contract. Contracts can be a very important tool to regulate collaboration with other parties. See Section 2.3 with respect to confidentiality clauses in contracts with third parties and NDAs.

• Carefully share your information and monitor its use

  Provide the recipient party only with the information that is strictly necessary to perform its tasks. You may also monitor the work of the recipient and its use of the information that has been shared. During the collaboration, mark any document shared as confidential and use wording that identifies the trade secret holder. In addition, secured databases that track accesses to shared documents may be used instead of emails. 

  At the end of the collaboration, the recipient party should be reminded of its confidentiality obligations and the ownership of the respective information. Ask the recipient to return or destroy confidential documents in its hands and to certify such destruction. 

• Require recipients to adopt high standards of protection

  Require the recipient party to adopt at least the same standard of protection you would apply to protect your own trade secrets. Preferably, if there are specific steps that you believe could provide more reliable and predictable protection, require the recipient to follow those steps. 

• Carefully define the rights of each party in any newly created work

  When a trade secret holder shares the confidential information with another party who uses that information for creating something else (e.g., a new invention), it is very important that both parties agree, in advance, who has legal control over the shared trade secret and who has the rights in the newly created work.

  Similarly, a party who receives the information might make improvements or modifications to it. Typically, trade secret holders try to negotiate owning such information as improved or modified by the recipient. 

• Periodical review and update

  Since business relationships can change with time, review the obligations in agreements with third parties, and update them, as necessary.

Turning to the recipient of trade secret information, receiving such information from the trade secret holder comes with the obligation to properly protect, use, and manage it in accordance with the terms and conditions of the contract and the law. This is not a light responsibility, since these contracts usually stipulate the liability of the recipient party if it does not fulfill its obligations contained in the contract or mismanages the trade secrets received. In particular, trade secret holders usually allow recipients to use the trade secret information only for a certain purpose. Therefore, the recipient companies should make sure that their employees who are exposed to that secret information will not use it for other purposes. In addition, the recipient should take reasonable steps to keep the information secret.

Consequently, a comprehensive trade secret management strategy covers proper management of trade secrets that are generated by the company as well as trade secrets of another company that the company is authorized to use.

If you are authorized to use trade secrets of a third party, to reduce the risk of mismanagement of the third party’s trade secrets:

• identify your right and obligation regarding the use of the trade secrets and the standard of protection to maintain the secrecy of the trade secret information

• monitor compliance with the obligation stipulated in the contract

• store confidential documents and information of the third party separately from your company’s trade secrets to avoid contamination (see Section 4, below, on preventing contamination by trade secrets held by others).

3.3 Sample checklist: Departure of employees and sharing trade secrets with other parties

The following sample checklist summarizes the measures that can be helpful for reducing the risk of misappropriation and leakage of trade secrets in two specific situations described in Sections 3.1 and 3.2, namely, departure of employees and sharing trade secrets with external parties. As indicated in Section 2.5, it should be used as a sample that required adaptation to the specific needs of each reader.

4. How to avoid contamination with third parties’ trade secrets

4.1 The paths of contamination

In addition to reducing the outbound risk of leakage and misappropriation of its own trade secrets, the trade secret holder should also address how to avoid the inbound risk of contamination with others’ trade secrets.

Contamination means receiving others’ trade secrets that you did not want, or you did not expect to receive. The previous Section discussed how to protect trade secrets as internal assets of the company from external leakages and misappropriation from external parties. In this Section, we address how to protect the company’s internal information assets from the potential taint of third parties’ trade secrets.

Contamination could occur, for example, when Company A transmits to Company B its trade secrets, willfully or accidentally, while Company B is not interested in receiving this information. Contamination with third parties’ trade secrets could also be the result of a chain of dissemination of trade secrets through more than one party. Once the information finds its way into the company, it can spread very quickly and widely. The information might be used within the company in multiple projects, re-elaborated or incorporated in some new products, transferred to someone else, taken as an inspiration or used as a basis for a new business plan or a marketing campaign.

Third parties’ trade secrets may enter a company through different paths. In particular:

• Through new employees: frequently, contamination occurs because new employees who take information and documents of the former employer use them to perform their duties in the new job, without any knowledge of the new employer.

• Through lawfully acquiring trade secret information of another party: contamination may occur when a company is engaged in a business transaction with another party where the latter’s trade secrets are shared during, for example, licensing or merger negotiation.

• Through competitive intelligence: contamination could occur when a company gathers business information of competitors (competitive intelligence).⁽¹⁰⁾Competitive intelligence is a legal business practice, involving systematic collection and analysis of information from multiple sources. However, if a company acquires trade secret information of competitors through unfair, improper or otherwise considered unlawful means, such investigation constitutes misappropriation of the trade secret.

Frequently, people interact with others in the same business sector, receive marketing proposals, discuss business offers and negotiate agreements, sharing a great deal of information in the process. Thus, the risk of contamination is a real one.

4.2 Risks of contamination and mitigation

Risks and potential harm of contamination

Generally, third parties that receive trade secrets in good faith are not liable for the use of the information in good faith, i.e., the damages caused by the use of others’ trade secrets cannot be claimed. However, depending on national law,⁽¹¹⁾See the overview of trade secret systems in certain countries and regions, available at: https://www.wipo.int/tradesecrets/en/ as soon as the contaminated company is notified or should have been aware that the information is protected as a trade secret, it should stop using the information. Otherwise, liability could arise for the use after the notice.

The consequences of contamination could be very severe. The potential harms for the contaminated company could include:

• Loss of investment if a contaminated company relying on the third party’s trade secret has to suddenly cease its use. 

• The objective difficulties in isolating the third party’s trade secret and cleaning the contamination, once the information has spread over the organization. 

• The risk of the trade secret holder claiming that the contaminated company is accountable also for the use of the trade secret prior to the notice from the trade secret holder, because the company ought, under the circumstances, to have known that the trade secret had been misappropriated. Thus, the trade secret holder might seek injunctions prohibiting sale of the relevant products of the company and/or claim damages.

Mitigation of the contamination risks

The consequence of contamination with third parties’ trade secrets could be very serious for the company, and handling the contamination once occurred is extremely burdensome. Therefore, prevention is key to avoid greater damages.

The following general actions could be considered to mitigate the risks of contamination:

• Invest in the education and training of employees: employees who are well aware of the importance of trade secrets are also able to understand the importance of not letting third parties’ information spread within the company. Thus, education and training should focus not only on protection of the company’s trade secrets, but also on rejecting unwanted third parties’ information.

• Keep track of the origin of valuable information: preserving evidence of the date and the circumstances of the acquisition of trade secrets can help to prove that they were present in the organization before the alleged contamination, or that they have been acquired lawfully.

  For example, the trade secret holder may demonstrate that certain know-how was developed independently by tracking its research and development activities. In addition, the circumstances of the acquisition of a third party’s trade secret may provide indirect evidence for the company to claim that the contamination occurred without its fault.

• Monitor the data management and communication system: monitor the data management and communication system to detect any abnormal operations or data flows to outside and within the organization. Note, however, that monitoring information that enters the organization is much harder, since much information flow into the organization is often made by nonelectronic means.

To mitigate the risk of receiving sensitive information of competitors through competitive intelligence, a code of conduct and ethics that forbid unlawful and unethical practices should be applied vigorously. For example, companies may instruct their employees and business partners not to use false identitiesto gain access to restricted material on websites, at restricted sessions at industry conferences, when ordering a competitor’s product, or when using a competitor’s service.

Additional mitigation measures that may be taken to minimize the risk of contamination by hiring new employees and through receiving information from collaborators and business partners are explained in Section 5.

4.3 Reacting to contamination

Once the company realizes it has been contaminated with third parties’ trade secrets, the company should consider following the general steps outlined below.

• Understand the situation: What is the trade secret that was injected in the company? How was it injected? When did it happen? Carry out an internal investigation to locate third parties’ trade secrets and secure them to ensure that the company does not use them or stops using them.

• Involve a legal expert and understand the possible consequences: the consequences of the contamination will depend to great extents on three factors:

  the relevance and value of the trade secret;

  whether the trade secret has been used by the company, the extent of the use and the extent of its spread within the company; and

  whether the company has innocently received and used the trade secret.

Depending on the above, different scenarios may arise:

• No use of the received information: in the less problematic scenarios, the information has never been used and it has not spread within the company. To avoid any inadvertent use of such contaminating information in future, you may isolate and delete such information, or contact the legitimate holder of the information to arrange for its return.

• Reception in good faith: if the information has been used, but the company received it in good faith, the company is generally not liable for the past use of the trade secret. The company should check whether it acted diligently to prevent the contamination (for example, whether the company carried out entry interviews and collected entry undertakings from new employees, among others).

  However, in many countries, once the company acknowledges that the trade secret information was unlawfully acquired, it should generally stop using the information, otherwise it becomes liable for continuing use.

• Willful or negligent actions: in the case where the company knew, or negligently ignored, the fact that it acquired the information unlawfully, the company could be found fully liable, also for past acts (see more extensively Part V: Trade secrets in litigation of the Guide).

5. Situations with a high risk of contamination

5.1 Hiring a new employee

Hiring new employees from competitors is one of the two major paths of contamination⁽¹²⁾The outline of the measures that may be taken in the situations with a high risk of contamination is found in Sample checklist C, below. with a competitor’s trade secrets. When a company is contaminated with its competitor’s trade secrets, the risk is high that the trade secret holder (competitor) will claim that the contaminated company is accountable, even if it was unaware of the misappropriation. When an employee misappropriates information of his or her former employer, under certain circumstances and depending on the applicable law, the trade secret holder may file action also against the new employer who hired the disloyal employee based on its vicarious liability.⁽¹³⁾Vicarious liability is a form of secondary or indirect liability that is imposed on one party because of its particular relationship with the party who committed a tort. Vicarious liability is frequently asserted against an employer for acts committed by its employees and, according to different national approaches, the employer might be found liable for the employer’s wrongdoing.

To mitigate the risk of contamination through hiring employees, in addition to those described in Section 4.2, several additional measures can be considered.

• When hiring new employees, companies may use an on-boarding checklist, requiring them to confirm that they have complied, and will continue to do so, with the confidentiality obligation toward their former employers, such as the return or destruction of any sensitive document and information that belonged to the former employers.

• At the entry interview with new employees , the company should clearly instruct that they shall not contaminate the company with the trade secret information of their former employers.

These measures are particularly important when hiring high-level employees, who were most likely exposed to highly valuable trade secret information of their former employers.

5.2 Receiving information from collaborators and business partners⁽¹⁴⁾See Part VI: Trade secrets in Collaborative Innovation of this Guide, in particular, Section 2.

In general, knowledge is an essential resource of a company to grow and develop. However, somewhat counterintuitively, receiving trade secret information belonging to others may involve a risk that its future activities will be limited simply because it now “knows” others’ trade secrets.

While many scenarios can be conceived, two concrete examples are described below. The first scenario is a situation where a company receives an unsolicited proposal that is seemingly very attractive for advancing its business. The second scenario is a situation where a company engages in a business transaction with another company.

Scenario 1: unsolicited proposals

Let’s imagine that a company has significantly invested in an R&D project but has been struggling with a specific problem for some time, causing a delay in the project. An external individual contacts the company with an unsolicited proposal, offering a meeting to show, under a non-disclosure agreement (NDA), their idea that allegedly solves the problem. Should the company sign the NDA and receive the information?

Maybe they shouldn’t be too hasty. A proper risk assessmentshould be conducted, particularly if the company has been conducting its own parallel projects on the same or similar subject and is autonomously developing its own trade secrets. Once it receives the trade secret information of others, it may be very difficult for the company to keep that information separate from its own trade secret information.

To avoid this type of inbound risk of contamination, taking into account the risks of receiving the information and its value, one possible mitigation measure is to ask the disclosing party to undertake a non-confidentiality agreement, and refuse to receive any information before thenon-confidentiality agreement is signed.⁽¹⁵⁾See also James Pooley (2024). Secrets – Managing Information Assets in the Age of Cyberespionage (2nd Ed.). Menlo Park: Verus Press, pp. 164–165.In this way, the company will be fully entitled to use the information received in whatever manner it so wishes. If such a non-confidentiality agreement is concluded, the disclosing party will try to convince the receiving company without disclosing any information that needs to be kept confidential. From this first non-confidential conversation, the company will be in a better position to make a thorough risk assessment of possible contamination by another party’s trade secrets and decide whether it is worth taking the risks of signing an NDA and receiving a full set of information, including trade secrets.

Scenario 2: business transactions

Another scenario where there is a very high risk of contamination with others’ trade secrets is business transactions with other parties (such as external consultants, contractors, potential business partners). These transactions typically involve a transfer of trade secret information from one party to another, and thus can inject in the company the unwanted or unexpected trade secrets.

For example, Company A outsourced some research to the research Company B to improve its product. By chance, research Company B had already carried out similar research for Company C, a competitor of Company A. On that occasion, research Company B received from Company C useful information, including trade secret information of Company C. Research Company B wants to impress Company A, so it uses such information and suggests in its report to Company A some improvements of the product that in fact takes advantage of Company C’s trade secrets.

Has Company A misappropriated Company C’s trade secrets? While the answer will depend on the applicable law and the exact circumstances, in general, the decisive point is whether Company A knew or ought to have known that Company B’s suggestions were based on third parties’ trade secrets. However, even if Company A is considered to be an innocent recipient of the information, Company A might still be required to stop the use of the information. This would mean that Company A could potentially not sell its new product, losing its investments and suffering reputational damage.

Company A could have prevented that unfortunate situation, or at least could have reduced the risks, if it had considered the following measures:

• In the contract with the research Company B, Company A should have made clear that the company is not interested in receiving anyone else’s trade secrets.

• For the other party to be held accountable for any damages caused by the contamination, the agreement should include contractual guarantees or indemnification clauses so that the other party will be liable for any damages caused by the contamination. In the example above, the contract should have provided that in case where the information provided by the research Company B belonged to third parties and was illicitly transferred to Company A, research Company B will compensate Company A for any losses or damages that it might incur.

For research Company B, to reduce the risk of being held responsible for contaminating its client with trade secrets of another client, the company should address conflicts of interests in advance, discuss them with its clients, and set up measures to keep information received from different clients separated.

For Company C, as soon as it is aware that Company A acquired its trade secrets through the service of Company B, it should: (i) notify Company A that its trade secrets have been unlawfully transferred; and (ii) take actions against research Company B that breached its confidentiality obligations, asking for an immediate halt to any further dissemination, return and/or destruction of any documents containing the trade secrets, and compensation for the damages suffered, as detailed in Section 2.5.

5.3 Sample checklist: Hiring employees and receiving trade secrets of others

The following sample checklist summarizes the measures that can be helpful for reducing the risk of contamination with third party’s trade secrets in two specific situations described in Section 5.1 and 5.2, namely, hiring new employees and receiving confidential information from external parties.

6. Strategic exploitation of trade secrets

6.1 Exploiting the economic value of trade secrets: modalities

Similar to other intellectual property assets, based on strategic analysis of the value of a trade secret and the competitive advantage that it may bring to the company’s business, the trade secret holder may determine the best way (or ways) of exploiting their trade secrets. There are different ways that trade secret owners can exploit the economic value of trade secrets.

Exclusive exploitation by the trade secret holder

Trade secret holders may use the protected information exclusively by themselves. They may choose to exclusively research, develop, manufacture and sell products and services having features covered by their trade secrets. They choose to do so because the success of their business comes precisely from the fact that a trade secret holder is the only one who possesses that information and thus can use it.

Non-technical trade secret information, such as sensitive business information relating to customers and vendors, pricing, business strategies etc., is often used exclusively by trade secret holders. However, there can be a situation where sharing confidential business or commercial trade secret information with another business partner makes more sense: that is, when sharing such information brings more competitive advantage to the trade secret holder than keeping such information by itself, as illustrated below.

Allowing certain use of trade secrets by others under the control of the trade secret holder

Trade secret holders may allow certain parties to use their trade secrets for certain purposes, during a certain period, within a certain geographical area, and under any other conditions (for example, payment of a licensing fee).⁽¹⁶⁾In practice, trade secrets are licensed in conjunction with other IP rights or in the context of a broad technology agreement. It is rare to license a trade secret on its own.

As already illustrated in some examples described in this Part, there are various situations where trade secret holders choose to share their sensitive information with their business partners, suppliers and customers. Under certain circumstances, sharing of trade secret information may lead to improvement of business efficiency, higher quality of products and services and greater commercial success.

For instance, to generate revenue and/or gain business efficiency, trade secret information may be shared with:

• business partners for collaborative R&D, marketing, and other projects

• local manufacturers of the company’s products in foreign countries

• franchisees pursuant to franchise agreements, and

• external contractors who carry out certain outsourced business processes of the company.

The licensing conditions are agreed between the parties on a case-by-case basis. The degree of authorized scope of use of the trade secrets as well as the terms of payment (e.g., percentage of profits, fixed license fee or lump-sum payment) are essential elements in licensing agreements. To require the licensee to maintain secrecy of the trade secret information, the licensor may:

• seek the right to audit the licensee’s compliance with the terms of the licensing agreement, and/or

• require confidentiality of the licensed trade secret information even after termination of the agreement.

In particular, with respect to franchise agreements, the franchisor may consider the possibility of granting franchisees to access a tangible product that pertains to trade secret information (sauces with special ingredients) rather than disclosing the trade secret information as such (detailed information about the ingredients).

In addition, a company may be inclined to share its trade secret information with external consultants or advisory service providers who need the company’s sensitive information to deliver high quality services to the company.

Due to the fact that secrecy is a prerequisite for trade secret protection, the common challenge for exploiting trade secrets through licensing is to sufficiently define the licensed trade secrets and to manage the risk of breach of non-disclosure or of confidentiality before and during the negotiation of the license and after the conclusion of the license (see Section 2.3 on contractual measures, 3.2 on risk of misappropriation by sharing information with an external party and Section 4 on avoiding contamination with others’ trade secrets).

Assignment of trade secrets

Trade secrets can be assigned, or put differently, the legitimate control over the trade secret information can be transferred to another party.

Oftentimes, the very reason for carrying out certain corporate operations, such as mergers and acquisitions, is the willingness of the investor to acquire know-how and trade secrets held by the target company. Starts-ups are often acquired because of their significant assets in IP rights, including trade secrets.

Fundraising

Depending on the applicable national law, trade secret holders may negotiate, create and perfect security interests in trade secrets. They may serve as an additional means to raise capital from private or public institutions. Unlike other IP assets, maintaining the secrecy of trade secrets is required for their securitization.

Tax and accounting

Under certain conditions and in some jurisdictions, trade secrets may be:

• included in the company’s accounting, thus contributing to the overall corporate value;

• considered for transfer pricing purposes, if used throughout the same group;⁽¹⁷⁾Transfer pricing accounting occurs when one division provides goods or services to another division of the same company and charges the latter division. Using the differences in the tax rates among countries in which the parent company and subsidiaries locate, transfer pricing is utilized to reduce the tax of the parent company. and

• covered by a tax relief measure, such as “innovation box” or “intellectual property box,” which is a special corporate tax regime to incentivize corporate research and development activities.

6.2 Continual alignment of the exploitation strategy with business needs

Dynamic notion of trade secret exploitation

Trade secrets are an integral part of IP assets. Typically, in the technology sector, a small or medium-sized company may own several patents, copyrighted materials that may or may not be public, industrial designs of their products and trademarks that distinguish their products. In addition, it may hold trade secret information surrounding their products and their commercial activities. Therefore, strategic use and exploitation of trade secrets cannot be considered in isolation. Rather, they should be considered in conjunction with other IP rights.

The protected subject matter of registered IP rights is usually “cast in stone” at the time of registration, or in the case of copyright, at the time of creation. However, trade secrets can evolve together with business activities, which constantly generate new valuable information.

At the same time, trade secrets are more vulnerable than other types of IP. Even if it does not have a statutory limited term of protection, a lifespan of a particular trade secret may be short, depending on its nature (such as the next month’s product introduction) or handling of information that can potentially lead to premature disclosure. Once the trade secret information is leaked, its value for the trade secret holder can be significantly reduced or its legal protection is entirely lost if it is widely disclosed. Trade secrets can also be lost when the information no longer has value derived from secrecy.

This means that the information in the company’s trade secret pool is constantly changing within the IP portfolio.

In addition, the strategic use and exploitation of trade secrets should be considered in conjunction with the changing market and company’s business needs, since they also have an influence on the value of a particular trade secret information in the company’s pool.

Consequently, the “strategic” management and exploitation of trade secrets is a dynamic concept, both in terms of its value and its risk of loss of protection.

Therefore, there is aneed to regularly review trade secret assets in the context of the overall IP portfolio, and to align the trade secret management and exploitation strategy with the evolving business needs in an ever-changing market. The review may be conducted broadly in three steps: 

• Assess any changes in the pool of trade secrets and how the changes affect the company’s competitive advantage (i.e., value of the trade secrets) and risk, in the context of other IP assets.

• Review whether the current trade secret protection plan and measures as well as trade secret exploitation strategy are still appropriate. 

• Update the protection plan, measures and exploitation strategy, if necessary.

Exploitation strategy beyond the trade secret system

In reviewing and updating the trade secret exploitation strategy, one possibility is to seek different or additional revenue stream(s) from the exploitation modalities available in the trade secret system. Some questions that may be addressed are:

• Will the trade secret information continue to provide competitive advantages because of its secrecy?Technological trade secret information can become obsolete at some point in time due to the technological development inside the company or elsewhere.New technologies may reduce competitive advantages by offering competitors the means to independently create the same information with much less effort and subsequently duplicate the company’s products or services in a shorter time and with less risk.

• Will the trade secret information continue to remain secret?Reverse engineering and independent creation of the same information are usually not regarded as trade secret misappropriation in many countries. If a technological gap between the trade secret holder and its competitors diminishes, the likelihood of the competitors lawfully obtaining the information through reverse engineering or independent creation of an invention increases. It may lead to the trade secret no longer having value, and even worse, the competitors might obtain patents on the invention and may seek to preclude the company from using the trade secret.⁽¹⁸⁾In many countries, the prior-user exception to patent rights may allow the trade secret holder to continue using the information, although the scope of the exception may be limited.

Another possibility for trade secret holders is that, instead of maintaining trade secret protection, they may seek revenue stream(s) from the exploitation of other IP rights, such as patents or copyright.

Trade secret to patents

Since trade secret information is protected under confidentiality, it is generally not part of prior art under patent law in many countries.⁽¹⁹⁾In the United States of America, in general, a patent applicant’s sale of an invention, more than one year before the effective filing date, to a third party who is obligated to keep the invention confidential destroys the novelty under the patent law (on-sale bar), and thus the applicant cannot first enjoy trade secret protection relating to inventions on sale for many years, and then switch to patent protection for the same invention. Therefore, in those countries, trade secret holders may be able to switch from trade secret protection to patent protection, if it meets their business needs. Part III: Basics of trade secret protection of this Guide provides more information on the differences between patent and trade secret protection. The factors that may be considered in making a choice described in Part III are also applicable in this situation. In essence, bothlegal factors (eligibility of protection, the scope of rights and their duration and geographical coverage) and business factors (costs, resources, market conditions and reputational effect) are relevant.

Trade secret and/or copyright

Copyright protection arises automatically in an original work once it is created and fixed in a medium. As long as the expression of such work is kept confidential and meets the requirements for trade secret protection, it can be protected by both copyright and trade secret law. However, depending on business needs, the trade secret holder may be able to switch from such dual protection to the combination of patents and copyright protection in case of software. It may also considersshifting to copyright protection only, if, for example, open source software is in line with strategic business direction.

Renouncing trade secret protection

Finally, it is also possible that the rational business consideration leads to the conclusion that the company will relax trade secret protection measures and also not seek any alternative protection. Maintaining trade secrets is not an end in itself. They should support a competitive advantage of the business, whether it is for technological competitiveness, monetary rewards, or reputational advantage. If you renounce trade secret protection without seeking patents, you may consider actively publishing that information so that your competitors will not be able to obtain a patent on that subject.

7. Valuation of trade secrets

7.1 Trade secret valuation – what is it for?

To make various business decisions around management and exploitation of IP in diverse circumstances of business transactions, having an idea of the value of your IP assets, including trade secrets, will be helpful. Valuation of trade secrets provides trade secret holders with additional information that may assist them to take informed decisions relating to trade secret management, enforcement, and licensing, or even switching from trade secrets to patent protection. For example:

Cost-benefit analysis for internal IP management

IP valuation may allow trade secret holders to analyze costs and benefits of trade secret protection of certain information, and to maintain their IP portfolio in line with their strategic business goals. This is particularly so if there exists an alternative means of protection (e.g., patents).

Licensing and franchising

Before entering negotiations on licensing of IP assets, including trade secrets, having a thorough understanding of their relative value will help trade secret holders make more informed decisions on the terms and conditions of the licensing agreement, including royalty rates. In franchising, both franchisor and franchisee need a thorough understanding of the value of the relevant IP assets.

Settling disputes

Knowing the value of information assets can have a positive effect on making strategic decisions when those assets are threatened or misappropriated. For example, the trade secret holder may need to decide whether to pursue litigation, to opt for alternative dispute resolution, or to offer a license to the alleged infringing party. Valuation also plays an important role in calculating damages suffered due to the unauthorized acquisition, use or disclosure of the trade secret.

Attracting partners

For business collaboration and transactions, such as a joint venture, strategic alliance, merger or acquisition, valuation can facilitate better understanding about how the assets of all parties contribute to the partnership.

Secure financing

Venture capitalists and other potential investors look for maximum return and minimum risk. Therefore, they need to know the value of the company's IP before investing in it. To use trade secrets as collateral to obtain financing, their valuation separately from the company’s other assets may be necessary.

7.2 Valuation methods

The valuation methods that can be used for trade secrets are the same as those applied to IP assets in general. The principal methods for valuation of IP assets are: (i) cost method; (ii) market method; and (iii) income method.

Cost method

The cost method seeks to establish the value of the asset by calculating the cost of creating or replacing a similar asset.

This method values trade secret information by aggregating the expenditures incurred or that would be incurred in developing or creating the asset or a similar product or service, such as costs relating to labor, materials, equipment, R&D, testing etc. It seeks to determine the value of a trade secret at the time of misappropriation by aggregating the direct expenditures and opportunity costs involved in its development. It also considers technological and economic obsolescence that may affect its value.

Strengths of the cost method

The cost method can be used in situations where the misappropriator is currently not generating any income, such as technology at an early stage of development.

It can also be useful when development costs can be easily calculated and the cost of reproduced is low (e.g., software).

If the income stream or the economic benefits of the IP asset cannot be reasonably or accurately quantified, the cost method may also be helpful.

Weaknesses of the cost method

The cost method focuses on past expenses rather than on future profits, and therefore it does not necessarily reflect the market potential of the asset. This is particularly true for trade secrets created through experimental research and development, where huge investments can produce many failures, while they can also lead to revolutionary inventions with huge commercial success. Accordingly, the cost method does not fit well in certain sectors, such as pharmaceuticals.

A value assessment based on costs could produce misleading results and underestimate or overestimate the value of the trade secrets.

Market method

The market method seeks to determine the value of an asset by comparing it with a comparable asset available in the market. The value is determined by comparing both the assets in similar transactions under comparable circumstances.

The key to such assessment is to find a good comparable in the market, i.e., similar transactions that concern similar products or service, which could be considered as a reference. Once a comparable is identified, adjustments that take into account the differences in the two situations are generally needed.

Strengths of the market method

• Simple method using market-based information

• Can be useful if a good comparable (such as licensing agreements related to the same subject matter) is available.

Weaknesses of the market method

• Difficult to find a good comparable for trade secret value, because:

  every secret is usually unique

  in general, the value of secrets derives from their newness or originality, but they must be not generally known or readily accessible.

Income method

The income method is one of the most commonly used methods for IP valuation. To determine the present value of trade secrets, it focuses on the economic income that the asset is expected to generate in the future.

In determining economic incomes, the following parameters are used:

• Projecting the revenue flow (or cost savings) generated by the trade secret over its remaining useful life;

• Adjusting the revenues/savings against the investments made for the development of the secret (e.g., costs of labor, materials, capital investment etc.)

• Discounting the expected revenues to present day value using a “discount rate.”

Strengths of the income method

• This method is easiest to use for assets with established cash flows, for those whose future cash flows can be estimated with some degree of reliability, and where a proxy for risk that can be used to obtain discount rates is available.

• It captures well the value of trade secrets that generate relatively stable or predictable cash flows.

Weaknesses of the income method

• The discounted cash flow (DCF) method does not consider the total risk of the investment. Instead, it only considers the systematic component of that risk in the form of market determined discount rate.

• The DCF assumes that the investment in the secret is irreversible, irrespective of future circumstances.

• It does not capture the various independent risks associated with trade secrets (e.g., a legal risk of losing protection due to leakage and public disclosure or a risk of independent development of the same information by a competitor). All risks are assumed to be appropriately accounted for in the discount rate and the probability of success.

In summary, regardless of the valuation method used, the valuation process requires gathering varying information about the trade secret as well as an in-depth understanding of the market, industry and specific business, all of which directly affect the utility of the results of the valuation.

In general, valuation of trade secrets is inherently more difficult than other intellectual property due to their confidential nature. More specifically, it is challenging to separate and identify a revenue flow or costs that can be exclusively credited to trade secrets. Each of the three major IP valuation methods has its general strengths and weaknesses. Which valuation method, or a combination of the methods, to be applied should be determined case by case.