Patents, Trademarks, Copyright. These are the famous faces of intellectual property, terms which most people have engaged with at some point in their lives. But as important as these may be to a company’s competitive advantage, there is one particular unsung hero of intellectual property (“IP”) which may be equally, if not more, valuable: Trade Secrets. From the widely known (and now debunked) anecdote that only two directors know half of the secret formula for Coca Cola at any given time, to proprietary know-how which forms the basis of an SME’s product offering, trade secrets are incredibly pervasive in the real world. Yet trade secret awareness – from what trade secrets actually entail to what steps should be taken to protect them – remains surprisingly low.
More often than not trade secret misappropriation is a result of carelessness or negligence, not malice. There are stories of purposeful trade secret theft, such as the case of a disgruntled DuPont employee who, after having been demoted, downloaded circa 22,000 abstracts and 16,700 documents – 10% of the total information stored on confidential servers – worth an estimated $400 million.
But the majority of trade secret theft, according to a survey carried out by Symantec, is the result of a lack of appropriate training and awareness of the importance of trade secrets. Attitudes that emerged from the survey suggested that employees are not generally aware that they are putting themselves and their employers at risk. Misappropriation of trade secrets via technological means – by way of employees emailing documents to their personal accounts, downloading them onto personal tablets and smart phones or storing them in cloud-based storage apps such as Google Docs or Dropbox – makes confidential information even more vulnerable as it leaves corporate-owned devices. Add that to the fact that over half of those surveyed did not believe that using competitive data taken from a previous employer is a crime, and you’re left with a particularly worrying IP culture. This mentality not only puts the company whose trade secrets were stolen at a disadvantage, but it also puts the new employer at risk as they may unknowingly be using confidential information.
Some of you may be thinking to yourselves at this point that this doesn’t apply to you, that your employee contracts include a standard non-disclosure clause alerting employees to the consequences of divulging confidential information. But policy itself is not enough, as anecdotal evidence suggests that nearly half of insider theft cases involved an NDA or IP agreement in some form. Illustrative of the fallibility of policy without training is the common misconception held amongst employees that ownership of IP is attributed to the person who created it. When given the scenario of a software developer who re-uses source code that they created for a former employer, 42% saw no problem with it, based on the fact that a person should have an ownership stake in their work and inventions. Without the proper training, an NDA or contract clause is moot; employees need to know that certain actions or understandings – such as who has ownership over innovations created in the course of employment – are wrong before they can correct that behaviour.
Creating a robust trade secret policy is certainly a (big) step in the right direction, but making certain that employees understand what is required of them is the only way to minimise trade secret leakage. Follow these few simple steps, and you might just find secrets stay, well, secret:
Define trade secrets – the flexible scope of trade secrets, based on its broad definition as any information that is secret, derives economic value from that secrecy and is the subject of reasonable measures to maintain its secrecy, is continually expanding. This undoubtedly leads to confusion, and it is important to delineate what falls into the “general know-how” category and what constitutes the “critical know-how” that underpins revenue generation. Explicitly legending highly confidential documents will further clarify this difference. Employees who unambiguously understand which information falls within the ambit of a company trade secret may be more careful about how they treat that information.
Tailor trade secret policies – IP culture plays a significant role in deciding which type of IP policy would best suit your company. If your IP culture revolves around patents, a robust invention disclosure process is a must, as this information has to stay secret until such time as the patent is published. If patents are not an integral part of your company, you may still have particular know-how which qualifies as a trade secret, therefore necessitating a separate and appropriate trade secret policy.
Enforce internal NDAs – it is not merely enough to have a policy; that policy must be enforced. According to the Symantec survey, 64% of employees said that their managers do not view data protection as a business priority and 68% of employees stated that their organisation does not take steps to ensure that employees are not using confidential competitive information from third parties. Employers must stress the importance of NDAs, and make sure that information classified as a trade secret is not being leaked by moving IP outside the company or casually discussing it in JV discussions, presentations at conferences, etc. The same goes for exit interviews, in which employer’s should stress an employee’s continued responsibility to protect confidential information and return all company information wherever it may be stored.
Monitoring access – as the importance of critical IP continues to increase, so too do the tools which can be used to monitor inappropriate access and use of IP. If trade secrets do need to be digitised – and often they do – making sure that only those who absolutely need access to the information may help limit unauthorised downloading of critical IP.
In our last blog on the topic, we talked about the increasing prevalence of trade secrets in the news, highlighting articles predominantly based around high-profile, malevolent and expensive cyber-attacks and trade secret theft. But the fact is that trade secret theft is becoming startlingly commonplace, often without any malicious intent behind it, resulting in employees exposing former and current employers to risk without realising it. The changing landscape of both our social and work lives, embodied primarily in the shift from a physical to an internet-based society, has brought with it new requirements for managing relationships and information. Yet it seems many businesses have failed to adapt to these new requirements, essentially leading them to create a culture of insecurity.
As author Ann Aguirre wrote, “once exposed, a secret loses all its power.” So keep your power, and keep your trade secret exactly that – a secret.