CHECKLIST
Practical steps and best practice: How businesses can ensure they are protecting their trade secrets
DOWNLOAD AS PDF
Download
STEP 2
Create a trade secrets inventory
WHY?
tick
essential for establishing and proving ownership of rights and interests in your trade secrets;
UncheckCheck
list the (types of) trade secrets owned by the company and any third party’s trade secrets which you have access to;
WHAT?
UncheckCheck
identify the jurisdictions where they are stored and used so that it is clear which legal regimes apply to which trade secrets
UncheckCheck
avoid describing the information in too much detail as this may create additional security risks;
UncheckCheck
identify if the trade secret is owned or licensed
tick
helps to ensure that your company’s trade secrets (and any third party’s trade secrets which you have access to) are properly protected;
tick
useful to evidence in disputes or proceedings;
tick
may facilitate the discovery of underutilized trade secrets.
UncheckCheck
identify who has access to which trade secrets;
UncheckCheck
describe measures in place which are used to protect each trade secret (see organizational measures below);
UncheckCheck
identify any potential expiry date (if ever), (for example if it is expected to form the basis of a patent application)
UncheckCheck
consider categories of trade secrets, ranging from low, medium to highest level of importance (assign a monetary value or importance of the trade secret)
UncheckCheck
include regular review dates for accuracy
checklist
The key four steps are:
Trade secrets are not registered rights but are granted special protection based on the nature of the information and the way they are treated by their owners. Therefore owners of trade secrets need to ensure they are pro-actively managing their trade secrets to avoid putting these valuable assets at risk. While global trade secret laws will not be completely harmonized any time soon, businesses can prepare through careful housekeeping and planning.
identify trade secrets;
4
STEP 1
Identify your trade secrets
WHY?
tick
you need to identify the trade secrets and be aware of their value in order to competently protect them.
UncheckCheck
what do you consider the businesses trade secrets to be?
WHAT?
UncheckCheck
do these “secrets” qualify as trade secrets under the relevant law?
to what extent is the information secret (ie, known) (inside and outside the company)?
is it possible to identify the boundary between secret information and employee’s experience/skills
what are the costs that a competitor should sustain to autonomously obtain the information?
what have been the efforts to achieve the information (in terms of time, human and financial resources)?
UncheckCheck
is trade secret protection the right approach (in contrast to patents, copyright or designs, etc.)?
UncheckCheck
identify third-party trade secrets which you have access to and are under a duty to protect and maintain
checklist
tick
trade secrets can include a vast array of information including: ideas, processes, product creation, recipes, methodology, plans, data and software
Identify trade secrets
1
Create and maintain an inventory
2
Implement protective contractual, physical and technical organizational measures
3
Have a misappropriation action plan
4
Up-Arrow
STEP 3
Implement contractual, physical, technical and organizational measures
WHY?
tick
prevents unauthorized access, use, disclosure, loss and modification of your trade secrets.
UncheckCheck
implement risk management protocols and procedures to minimize the unnecessary reproduction/sharing of trade secrets within your organization;
WHAT?
UncheckCheck
such protocols and policies will need to be balanced against the need to foster cooperation and transparency within the organization and partner networks;
UncheckCheck
organizational safeguards include well-designed and enforced policies and protocols, and regular training around confidentiality obligations;
UncheckCheck
ensure there is frequent monitoring to ensure protocols and policies are being complied with;
tick
provides clear protocols and guidance for employees.
tick
avoids breaching duties imposed in relation to third-party trade secrets
tick
ensures compliance with any disclosure, discovery or document production obligations in any litigation or arbitration (businesses which have actively taken steps to protect the secrecy of their information must also be able to demonstrate they did so to benefit from protection in the event of a dispute)
UncheckCheck
restrict access to the information on a need-to-know basis;
UncheckCheck
implement physical barriers, lock-and-key mechanisms and paper shredders;
UncheckCheck
use of non-compete agreements; confidentiality agreements may prove inadequate to protect against improper use or disclosure of a key R&D employee; non-compete agreement provides broader protection by imposing a line on the subsequent activities of the employee to minimize the opportunity to use or disclose trade secret(s)
UncheckCheck
use confidentiality notices; consider marking written materials as “confidential” (eg, by way of watermark or a heading), this is particularly important when dealing with technical drawings and documents containing sensitive information
UncheckCheck
Consider different levels of protection; ensure confidentiality obligations attaches to oral communication or in situations or where one forgot to apply a confidentiality notice or the notice was inadvertently modified or removed;
UncheckCheck
implement technical safeguards including passwords, firewalls, automated intrusion detection systems and authentication measures;
UncheckCheck
review contracts regularly in order to ensure that these are always tailored to the employee’s position and provide appropriate protection;
UncheckCheck
the safeguards you choose to implement should be tailored to the specific activities of your organization;
UncheckCheck
implement necessary contractual provisions, such as non-disclosure or confidentiality agreements, in relation to sharing trade secrets with third parties and follow-up on the execution of the contract in order to maintain control over compliance of the other party’s duties of confidentiality (ideally these agreements should include a penalty and indemnity clauses and provision of specific rights to facilitate enforcement judiciary measures in case of breach of the contract);
UncheckCheck
implement necessary employment provisions to support the protection of the trade secrets including provisions in employment contracts, providing training, monitoring, entry and exit interviews, and undertakings upon termination;
UncheckCheck
review any disclosure, discovery or document production obligations in any litigation or arbitration;
UncheckCheck
ensure there are appropriate and effective dispute resolution clauses in contracts relating to trade secrets.
STEP 4
Devise a misappropriation action plan
WHY?
tick
to prepare for inevitable security breaches ie, situations involving a real and present threat of misappropriation by unlawful acquisition, use or disclosure of a trade secret
UncheckCheck
set out how to rank or categorize the breach so appropriate steps relative to the type of breach can be followed;
WHAT?
UncheckCheck
identify who should be notified in the event of a breach (including internal and external advisors);
UncheckCheck
set out actions to terminate or limit access to your trade secrets (or certain category of trade secrets);
UncheckCheck
identify who and how to investigate and document the details of a breach;
tick
in threat situations you must act quickly to prevent irreparable harm and imminent dissemination;
tick
a delay may impact your ability to qualify for preliminary injunctions and other temporary remedies.
UncheckCheck
set out actions for seeking remedies in response to the breach, including steps to obtain an emergency injunction in any jurisdiction where there is a risk of a breach;
UncheckCheck
identify who is responsible for taking which steps (ideally a multi disciplinary approach involving information technology personnel, directors, lawyers, records managers and public relations staff, as necessary)
UncheckCheck
include special considerations relating to requirements under data privacy laws, since these regimes are different from trade secrets and other IP regimes;
UncheckCheck
be readily accessible to individuals with responsibilities under the misappropriation action plan;
UncheckCheck
be included in training programs to ensure the effective execution of the misappropriation action plan and have dry run exercises;
UncheckCheck
be updated regularly according to all relevant legal and business considerations;
UncheckCheck
nature of the breach (intentional or accidental);
A misappropriation plan should:
The type of (re-)action to a (suspected) misappropriation may depend on:
UncheckCheck
type of data affected (personal data, trade secrets owned by third parties, etc.);
UncheckCheck
identity of actual or potential infringers (business partners under contract, employees, criminals, state actors, etc.);
UncheckCheck
the existence of a contractual relationship with the actual or potential infringers
UncheckCheck
jurisdictions affected;
UncheckCheck
phase of misappropriation (ie, whether the trade secret is only exposed to potential acquisition, or already acquired, used, disseminated, etc.)
UncheckCheck
the ease or difficulty with which information could be properly acquired or duplicated by others (eg, reverse engineering)
UncheckCheck
the evidence you have of the (suspected) misappropriation
checklist2
Up-ArrowUp-Arrow
Up-Arrow
RETURN TO BAKERMCKENZIE.COM
white-banner-arrow-2
SUMMARY
KEY FINDINGS
Red-Menu-Arrow
APPENDIX
ARE YOU PROTECTED?
CONTACTS
LinkedinTwitterEmail
SUMMARY
KEY FINDINGS
Red-Menu-ArrowUp-Red-Menu-Arrow
APPENDIX
ARE YOU PROTECTED?
CONTACTS
hamburgerx-toc
Baker-McKenzie-New-LogosLinkedinTwitterEmail
TRADE SECRET THEFT: A TRILLION DOLLAR PROBLEM?
COUNTING THE COST OF THEFT
RISING TRADE SECRET PROTECTIONS IN THE US, EU AND ASIA
WHAT COMPANIES NEED TO DO
CASE STUDY: SCHOTT AG