Four critical questions for Trade Secrets protection and defense
Updated: Jun 4, 2021
It may seem trivial at first, but it is not entirely obvious to define what is a trade secret. Yes, the people you work with sign NDAs. But do you think Google shows the inner workings of their algorithms to a hundred thousand employees? Of course not. I hear you say: “But there’s only the five of us. Does it even matter?”. The answer is yes, it does.
NDAs are not enough
Let’s take an example — one that may get me in trouble after I publish this article. The best way for me to spread some news is to talk to my mother-in-law. She will repeat it to everyone. However, if I explicitly ask her “don’t tell anyone” she will tell it to one person at a time. My telling a secret to my mother-in-law is not a reasonable measure to keep it secret in the first place.
It is precisely the same thing with NDAs. Signing an NDA is like me telling a secret to my mother-in-law and expecting it to remain a secret. With signed NDAs, you don’t automatically have a trade secret. You can label every sensitive piece of information inside your company as confidential, but this won’t matter. You won’t have a trade secret if you don’t implement practical and reasonable measures to protect its secrecy.
What is the difference between a trade secret and confidential information?
First, let’s clarify what a trade secret is. The definition of a trade secret varies by country. But there are three high-level unifying principles in all jurisdictions:
A trade secret is a piece of information that has value as a result of not being generally known.
The information has value to others who cannot legitimately obtain the information.
The information is subject to reasonable efforts to maintain its secrecy.
The first two points are easy to understand. The last one isn’t that clear. What are “reasonable efforts”? Usually, this is where most companies fail to protect their trade secrets.
Four critical questions
You will need specific methods of protection based on the nature of this information, the value to the business, and the risks of theft involved. The essence to protect and defend your trade secrets lies within the four key questions below.
Where is your confidential information?
Trade secrets are just not reserved for biotech companies. Many high tech companies have massive amounts of valuable yet non-patentable data: petabytes of machine learning data, thousands of lines of codes, parameters for some manufacturing processes, data models used in a SaaS application, and the list goes on. Trade secrets also include non-technical information, such as sales methods, distribution methods, consumer profiles, advertising strategies, listings of suppliers and clients.
By and large, the process of protecting your trade secrets, as James Bondish as it might sound, may have a mind-numbingly boring beginning of collecting and cataloging all your work that is valuable if kept secret.
That document, outlining everything you have, is by its very nature the identification of what a trade secret contains. Now you have to come up with a solution to store it. Printed on edible paper and taped under your desk? Sure.
You won’t formally register your trade secrets with a government agency. Therefore, the burden of documenting and proving their existence is on you.
Who has access to it?
You will need to inform the different stakeholders of the confidential nature of this information to avoid any careless sharing. You also need to be cautious about who will have access to this information, and to monitor who effectively received it. Lawyers and forensic teams call these recipients of trade secrets the “custodians.”
The custodians include outsourced manufacturers, OEM partners, direct suppliers, suppliers of suppliers, technology partners, consultants, employees, or teams. For your sanity, you can maintain a centralized database or a spreadsheet with meta-data to list the trade secrets, along with a list of custodians linked to this meta-data.
The value of the information is an important aspect to determine who should have access to it. If your robot cannot work without a critical piece of firmware, maybe you shouldn’t send it overseas during manufacturing but install it domestically, even if it is more expensive.
How is it accessed?
Next, once you have identified where your information is and who can access it, you will need to keep it safe from theft. There is a practical balance between risks and convenience.
A key consideration is the risk of a security breach, misappropriation, or theft. For instance, it would take days to transfer petabytes of machine learning data. This kind of large-scale amount of data is transported via truck in snowball hard drive containers. Not on thumb drives. So the risks of theft are lower than say, for a specific formulation that would take seconds to copy.
For a piece of information to count as a trade secret, the physical measures to protect it need to be “reasonable” considering the risk and value of this information: do you provide only physical copies? can it be photocopied? can it be accessed at all hours? is it in password-protected electronic files? is it possible to have remote access? is it watermarked or encrypted?
Under what legal terms?
Now that you have measures in place to mitigate the risks of theft, you also need to plan for the worse. What if someone steals your trade secret?
That’s where consulting a lawyer specialized in trade secret damages is helpful. Indeed, it doesn’t help much to successfully win a trade secret court case with no monetary damages. You will need to review the legal terms of the agreements linked to your trade secrets: employment agreements, consulting agreements, NDAs, supply agreements, joint research agreements, internship offers. The crux of the issue is to be in a position to obtain damages in case things go wrong.
Even if you did everything by the book to protect your information, calculating trade secret damages involves legal questions like lost profits or the defendant’s unjust enrichment. If you are a startup, your direct loss may be small because of your (modest) scale. The unjust enrichment may be hard to prove. How could you tie your trade secret to some assessable value? For example, by explicitly licensing them to establish a value based on a licensing history.
Protecting your trade secrets requires more than signing NDAs. Because there is no formal registration, you need to identify them formally and to document your ownership. You also need to take specific measures, setting up processes and an organization, to protect them. Lastly, you need to establish their value and prove how this value is tied to your business. Without proof, you will have nothing if things go wrong.